Sie sind auf Seite 1von 82

1CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) TABLE OF CONTENT

COMPANY BACKGROUND............................................................................................4 ORGANIZATIONAL CHART...........................................................................................5 CHAPTER SUMMARY......................................................................................................6 ANALYSIS OF BUSINESS INFORMATION...................................................................8 INTERVIEW THE STAFF..................................................................................................9 CHAPTER SUMMARY....................................................................................................13 NETWORK ARCHITECTURE OVERVIEW..................................................................15 INTRODUCTION.............................................................................................................15 Remote Access VPN..................................................................................................16 VPN SECURITY...............................................................................................................18 VPN TECHNOLOGIES ...................................................................................................20 VPN Components..............................................................................................................22 VPN ADVANTAGES AND DISADVANTAGES ..........................................................24 Advantages of VPN.......................................................................................................24 Disadvantages of VPN...................................................................................................25 CHAPTER SUMMARY....................................................................................................26 VPN CONCENTRATOR..................................................................................................28 Technical Specification..............................................................................................29 Model and Price.........................................................................................................32 VPN OPTIMIZED ROUTER............................................................................................33 Advantages ...................................................................................................................34 Security ........................................................................................................................36 Specification..................................................................................................................37 Model and Price.............................................................................................................37 PIX FIREWALL................................................................................................................38 Deploy Comprehensive Network Security....................................................................38 Technical Specification..................................................................................................39 System Requirements.....................................................................................................41 Model and Price.............................................................................................................41 Hazwani binti Ishak Kuala Lumpur Metropolitan University 01-200807-00311

2CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) NETWORK COSTING.....................................................................................................42 CHAPTER SUMMARY....................................................................................................43 EXISTING NETWORK....................................................................................................45 IMPLEMENTATION OF THE NETWORK....................................................................46 CHAPTER SUMMARY....................................................................................................52 HP PROLIANT DL120 G6 SERVER ..............................................................................54 DEBUGGING THE PPPOE SERVER..............................................................................55 CONFIGURATION VPN 1750-RF ROUTER ON HP PROLIANT DL120 G6 SERVER ............................................................................................................................................56 CHAPTER SUMMARY....................................................................................................58 PERFORMING MAINTENANCE...................................................................................60 Preventive......................................................................................................................60 Adaptive.........................................................................................................................60 Corrective.......................................................................................................................60 Protective.......................................................................................................................61 CHAPTER SUMMARY....................................................................................................62 BACKUP AND RECOVERY...........................................................................................64 UNINTERRUPTABLE POWER SUPPLY......................................................................65 IMPLEMENTATION METHOD......................................................................................66 CHAPTER SUMMARY....................................................................................................67 ...........................................................................................................................................67 CONCLUSION OF VPN PROPOSAL.............................................................................69 KAMDAR NETWORK SYSTEM IN FUTURE..............................................................72 Kamdar main headquarter address and branches...............................................................74

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

3CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CHAPTER 1: INTRODUCTION

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

4CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

COMPANY BACKGROUND
Kamdar Group (M) Berhad (Kamdar) store opened in 1950 and in 1972, Kamdar was incorporated as a private limited company. Kamdar is proud to be celebrating its 35th anniversary this year. A humble beginning trading in textile and haberdashery, Kamdar has evolved into a specialized department store, focusing on textile and textile based products for men, women children and apparels together with rugs, accessories and luggage. Textiles Furnishing Fabrics Ladiess Fashion Mens Wear Childrens Clothing Traditional & Modern Wear

The Kamdar brand stands for quality of service, history and value for money. The company is perceived by the public as a trustworthy, value-for-money store with a difference. The Kamdar logo, with its distinctive typeface and green and white corporate colours fostering an environmentally aware, clean, fresh and new image is instantly recognisable throughout Malaysia. Despite the extremely intensive competition in the retail industry, Kamdar has grown turnover and earning impressively at the year 5-year CAGR of 8% and 10% respectively since 1996. compared to other listed retailers, Kamdar has the most superior PBT margin and second highest PBT-level among retailers in Malaysia. A family enterprise, Kamdar today spans 3 generations. With the support of customers, advisers, business associates, employees, professionals and suppliers, Kamdar has grown to twenty one outlets spanning the length and breadth of Peninsular Malaysia. In future, Kamdar plans to open more outlets to explore new growth areas and strategies to further grow the Kamdar brand. Kamdar proceeded to list on the Main Board of Bursa Malaysia on 29 March 2005 and this is the first step to a new more vibrant, transparent and inclusive business enterprise. After more than 50 years of growth, Kamdar has 21 outlets around Malaysia and employs about 1,200 staff. Hazwani binti Ishak Kuala Lumpur Metropolitan University 01-200807-00311

5CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) Mission To be the leading departmental store in Malaysia by offering a wide range of textiles, furnishings and related products through persistent quality, range of products at competitive prices to exceed customers expectations.

Vision To be a premier global fashion and retail enterprise, distinguished by the creativity, variety and quality of our product offerings.

ORGANIZATIONAL CHART

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

6CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CHAPTER SUMMARY
In this chapter 1, the background and information about Kamdar Sdn Bhd has been interpret. The real business structure has been explained according to project requirements. The Kamdar Group (M) Berhad is committed to a corporate culture that emphasises good corporate governance and practices throughout the company and its subsidiaries. As Kamdar started as a family business, it has been running through 3 generations. The succeed of the business goals determined by their strategic planning in business. Kamdar focused on textiles business in Malaysia and it is one of successful textiles business which managed to open 21 chain stores all over Malaysia. Kamdar has been supported Malaysian with varieties of fabrics and fashions that suits Malaysian taste.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

7CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CHAPTER 2: GATHERING INFORMATION

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

8CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

ANALYSIS OF BUSINESS INFORMATION


Location

KAMDAR GROUP (M) BERHAD Locations: Jalan Tuanku Abdul Rahman Address: 113,Jalan Tuanku Abdul Rahman, 50100 Kuala Lumpur. Phone: +603.2698.8488 Fax: +603.2698.8400

Current network Kamdar using internet which is basic ethernet topology and backbone fiber. Traditional Ethernet employs a star topology, meaning that all devices or hosts on the network use the same shared communication line. Each device possesses an Ethernet address, also known as MAC address. Sending devices use Ethernet addresses to specify the intended recipient of messages. Data sent over the Ethernet exists in the forms of frames. Hazwani binti Ishak Kuala Lumpur Metropolitan University 01-200807-00311

9CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) The Ethernet header contains the addresses of both the intended recipient and the sender. In traditional Ethernet, this protocol for broadcasting, listening, and detecting collisions is known as CSMA/CD (Carrier Sense Multiple Access / Collision Detection). Some newer forms of Ethernet do not use CSMA/CD. Instead, they use the so-called full duplex Ethernet protocol, which supports point-to-point simultaneous sends and receives with no listening required.

INTERVIEW THE STAFF


The interview had been held on Thursday,12th November 2009, 10.00 am at Kamdar Jalan Tunku Abdul Rahman, Kuala Lumpur with Miss Jenice Lew. WHAT ARE THE CURRENT NETWORK IMPLEMENTED IN KAMDAR? Currently Kamdar is using basic Ethernet Star topology and backbone fiber and employs star topology. WHEN ITS IMPLEMENTED Kamdar implemented the network on 2004 with the basic infrastructure. The basic infrastructure was implemented is star topology. Twisted Pair (UTP) Ethernet. A star network features a central connection point called a hub. Devices typically connect to the hub with Unshielded

Figure 1: Kamdar star topology network

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

10CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) Compared to the bus topology, a star network generally requires more cable, but a failure in any star network cable will only take down one computer's network access and not the entire LAN WHAT ARE THE EQUIPMENTS ARE USING CURRENTLY? * 3COM SWITHCES AND HP PROLIANT DL120 G6 SERVER 3Com supplied a chassis with six line cards, each with 48 gigabit Ethernet ports that use SFP transceivers for copper or fiber. The company says it has less costly gigabit Ethernet cards with integrated copper transceivers now under development. It already ships larger (10-slot) and smaller (two- and three-slot) versions of the same switch. In 3Com's terminology, the slot counts refer to the number available for line cards each chassis actually has two additional slots for redundant management modules. The HP ProLiant DL120 G6 Server is a new low cost, entry level rack-optimized server. Low on cost, but not short on performance. The DL120 G6 supports Intel Xeon, Pentium, and Core i-3 processors with all the performance advantages of 4 cores and 2 cores. An array of Intel Xeon processors, provide the ability to choose the appropriate processor based on application demands and cost. The single processor, 1U server, is ideal for single-application IT infrastructure, web and edge-of-network applications. The DL120 G6 provides three PCI-Express slots. Additional upgrades, including HP SAS HBAs and Smart Array Controllers, provide support for SAS hard disk drives. The remote management offered by the integrated LO100i, provides the DL120 G6 a low-cost, effective solution for remotely managing servers anywhere, anytime.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

11CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) COST OF THE MAINTAINING THE CURRENT SYSTEM? The total cost for the maintenance of the equipments is RM52,000.00 per year. The major system that Kamdar spent for was the anti-spam and intrusion detection system and intrusion prevent system. Anti-spam: To prevent email spam, both end users and administration of e-mail systems use various anti-spam techniques. Some of these techniques have been embedded in products, services and software to ease the burden on users and administrators. No one technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate e-mail vs. not rejecting all spam, and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by e-mail administrators, those that can be automated by e-mail senders and those employed by researchers and law enforcement officials.

WHAT TYPES OF OPERATING SYSTEM? The operating system that this company is using is Windows Server 2003 and Windows XP. Their feedback about the operating system was fine. Their never face any problem with the Windows Server 2003 operating system.

WHAT ARE THE TYPES OF BANDWIDTH THAT IS BEING USED? * INTERNET BROADBAND STREAMYX : The technology which supports Streamyx service is DSL. It stands for Digital Subscriber Line. DSL is the next generation of Internet access technology. DSL is a direct connection to the Internet that is always on. Technology has basically enhanced the copper pair to enable data communication at rates of up to 4Mbps.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

12CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) VDSL: VDSL (Very high bit-rate Digital Line Subscriber) is next generation DSL at super-accelerated rates of 52 Mbps (megabytes per second) downstream and 12 mbps upstream. Downstream data rates refer to download speeds, or the speed at which data travels to computer, while upstream data rates refer to upload speeds, or the speed at which data travels from computer to the Internet. VDSL architecture is based one of two technologies: QAM (Quadrature amplitude modulation) or DMT (Discrete multitone modulation). These two technologies are not compatible with each other and according to many manufacturers, DMT is more commonly used. VDSL is able to deliver great bandwidth over standard telephone lines because voice communications through the telephone require only a fraction of the wire's capability. For a rough analogy, consider a multilane freeway where only the slow lane is being utilized for traffic traveling at very slow speeds. By opening the other lanes to faster hybrid traffic, the entire freeway can be utilized, or in this case, the entire wire pair. A telephone or fax can also be used simultaneous to VDSL Internet access or other VDSL services.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

13CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CHAPTER SUMMARY
According the interview and research, Kamdar networking system were totally controlled by the HP ProLiant DL120 G6 Server system and using the star topology can be of the advantages for the companys management.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

14CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CHAPTER 3: NETWORK ARCHITECHTURE

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

15CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

NETWORK ARCHITECTURE OVERVIEW


Network architecture is the design of a communications network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In computing, the network architecture is a characteristic of a computer network. The most prominent architecture today is evident in the framework of the Internet, which is based on the Internet Protocol Suite. There are any numbers of specific classifications but all lie on a continuum between the dumb network and the intelligent computer network. Other networks contain various elements of these two classical types to make them suitable for various types of applications. Recently the context aware network, which is a synthesis of the two, has gained much interest with its ability to combine the best elements of both.

INTRODUCTION
Since theres are need of expending business to global scale and logistic, the companys facilities needs to maintain a fast, secure and reliable communication wherever their location is. Recently the most popular alternatives is by using leased lines to maintain WAN (Wide Area Network) connections. Leased lines, ranging from ISDN (integrated services digital network, 128 Kbps) to OC3 (Optical Carrier-3, 155 Mbps) fiber, provided a company with a way to expand its private network beyond its immediate geographic area. A WAN had obvious advantages over a public network like the Internet when it came to reliability, performance and security. But maintaining a WAN, particularly when using leased lines, can become quite expensive and often rises in cost as the distance between the offices increases. Nowadays, company is considering VPN (Virtual Private Network) to accommodate the needs of remote employees and distant offices. VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, such as leased line, a VPN uses "virtual" connections routed through the Internet from the company's private network to the remote site or employee also help distant colleagues work together, much like desktop sharing. Hazwani binti Ishak Kuala Lumpur Metropolitan University 01-200807-00311

16CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) A well-designed VPN can greatly benefit a company. For example, it can: Extend geographic connectivity Improve security Reduce operational costs versus traditional WAN Reduce transit time and transportation costs for remote users Improve productivity Simplify network topology Provide global networking opportunities Provide telecommuter support Provide broadband networking compatibility Provide faster ROI (return on investment) than traditional WAN

Features are needed in a well-designed VPN : Security Reliability Scalability Network management Policy management

Remote Access VPN There are two common types of VPN, Remote-access that also known as virtual private dial-up network (VPDN) is a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations. Typically, a corporation that wishes to set up a large remote-access VPN will outsource to an enterprise service provider (ESP). The ESP sets up a network access server (NAS) and provides the remote users with desktop client software for their computers. The telecommuters can then dial a toll-free number to reach the NAS and use their VPN client software to access the corporate network. Hazwani binti Ishak Kuala Lumpur Metropolitan University 01-200807-00311

17CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) A large firms wil need remote-access VPN with hundreds of sales people in the field. Remote-access VPNs permit secure, encrypted connections between a company's private network and remote users through a third-party service provider.

Site-to-Site VPN Through the use of dedicated equipment and large-scale encryption, a company can connect multiple fixed sites over a public network such as the Internet. Site-to-site VPNs can be one of two types: Intranet-based - If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect LAN to LAN. Extranet-based - When a company has a close relationship with another company (for example, a partner, supplier or customer), they can build an extranet VPN that connects LAN to LAN, and that allows all of the various companies to work in a shared environment.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

18CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

VPN SECURITY
A well-designed VPN uses several methods for keeping companys connection and data secure: Firewalls A firewall provides a strong barrier between private network and the Internet. Firewalls can be set to restrict the number of open ports, what type of packets are passed through and which protocols are allowed through. Some VPN products, such as Cisco's 1700 routers, can be upgraded to include firewall capabilities by running the appropriate Cisco IOS on them. Its important to have a good firewall in place before implementing a VPN, but a firewall can also be used to terminate the VPN sessions. Encryption Encryption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Most computer encryption systems belong in one of two categories: o Symmetric-key encryption o Public-key encryption In symmetric-key encryption, each computer has a secret key (code) that it can use to encrypt a packet of information before it is sent over the network to another computer. Symmetric-key requires knowledge of which computers will be talking to each other so the key can be install on each one. It is essentially the same as a secret code that each of the two computers must know in order to decode the information. The code provides the key to decoding the message. Public-key encryption uses a combination of a private key and a public key. The private key is known only to network admin computer, while the public key is given by network admin computer to any computer that wants to communicate securely with it. To decode an encrypted message, a computer must use the public key, provided by the originating computer, and its own private key. A very popular public-key encryption utility is called Pretty Good Privacy (PGP), which allows you to encrypt almost anything. Hazwani binti Ishak Kuala Lumpur Metropolitan University 01-200807-00311

19CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) IPSec Internet Protocol Security Protocol (IPSec) provides enhanced security features such as better encryption algorithms and more comprehensive authentication.

IPSec has two encryption modes: tunnel and transport. Tunnel encrypts the header and the payload of each packet while transport only encrypts the payload. Only systems that are IPSec compliant can take advantage of this protocol. Also, all devices must use a common key and the firewalls of each network must have very similar security policies set up. IPSec can encrypt data between various devices, such as: o Router to router o Firewall to router o PC to router o PC to server AAA Server AAA (authentication, authorization and accounting) servers are used for more secure access in a remote-access VPN environment. When a request to establish a session c omes in from a dial-up client, the request is proxied to the AAA server. AAA then checks the following: o Authentication o Authorization o Aaccounting The accounting information is especially useful for tracking client use for security auditing, billing or reporting purposes. Hazwani binti Ishak Kuala Lumpur Metropolitan University 01-200807-00311

20CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

VPN TECHNOLOGIES
Depending on the type of VPN (remote-access or site-to-site), certain components needed to build the network are: Desktop software client for each remote user Dedicated hardware such as a VPN concentrator or secure PIX firewall Dedicated VPN server for dial-up services NAS (network access server) used by service provider for remote-user VPN access VPN network and policy-management center Because there is no widely accepted standard for implementing a VPN, many companies have developed turn-key solutions on their own. Tunneling

Most VPNs rely on tunneling to create a private network that reaches across the Internet. It is the process of placing an entire packet within another packet and sending it over a network. The protocol of the outer packet is understood by the network and both points, called tunnel interfaces, where the packet enters and exits the network. Tunneling requires three different protocols: o Carrier protocol - The protocol used by the network that the information is traveling over o Encapsulating protocol - The protocol (GRE, IPSec, L2F, PPTP, L2TP) that is wrapped around the original data o Passenger protocol - The original data (IPX, NetBeui, IP) being carried Tunneling has amazing implications for VPNs. For example, network admin can place a packet that uses a protocol not supported on the Internet (such as NetBeui) inside an IP packet and send it safely over the Internet or put a packet that uses a private (non-routable) IP address inside a packet that uses aglobally unique IP address to extend a private network over the Internet.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

21CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

Tunneling: Site-to-Site

In a site-to-site VPN, GRE (generic routing encapsulation) is normally the encapsulating protocol that provides the framework for how to package the passenger protocol for transport over the carrier protocol, which is typically IPbased. This includes information on what type of packet that encapsulating and information about the connection between the client and server. Instead of GRE, IPSec in tunnel mode is sometimes used as the encapsulating protocol. IPSec works well on both remote-access and site-to-site VPNs. IPSec must be supported at both tunnel interfaces to use. Tunneling: Remote-Access In a remote-access VPN, tunneling normally takes place using PPP. Part of the TCP/IP stack, PPP is the carrier for other IP protocols when communicating over the network between the host computer and a remote system. Remote-access VPN tunneling relies on PPP. Each of the protocols listed below were built using the basic structure of PPP and are used by remote-access VPNs. o L2F (Layer 2 Forwarding) - Developed by Cisco, L2F will use any authentication scheme supported by PPP. o PPTP (Point-to-Point Tunneling Protocol) - PPTP was created by the PPTP Forum, a consortium which includes US Robotics, Microsoft, 3COM, Ascend and ECI Telematics. PPTP supports 40-bit and 128-bit encryption and will use any authentication scheme supported by PPP. o L2TP (Layer 2 Tunneling Protocol) - L2TP is the product of a partnership between the members of the PPTP Forum, Cisco and the IETF (Internet Engineering Task Force). Combining features of both PPTP and L2F, L2TP also fully supports IPSec. L2TP can be used as a tunneling protocol for site-to-site VPNs as well as remoteaccess VPNs. In fact, L2TP can create a tunnel between: o Client and router o NAS and router Hazwani binti Ishak Kuala Lumpur Metropolitan University 01-200807-00311

22CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) o Router and router

VPN Components
VPN Concentrator Incorporating the most advanced encryption and authentication techniques available, Cisco VPN concentrators are built specifically for creating a remoteaccess VPN. Its provide high availability, high performance and scalability and include components, called scalable encryption processing (SEP) modules, that enable users to easily increase capacity and throughput. The concentrators are offered in models suitable for everything from small businesses with up to 100 remote-access users to large organizations with up to 10,000 simultaneous remote users.

Figure 2: Cisco VPN 3000 Concentrator

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

23CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) VPN-Optimized Router Cisco's VPN-optimized routers provide scalability, routing, security and QoS (quality of se rvice). Based on the Cisco IOS (Internet Operating System) software, there is a router suitable for every situation, from small-office/homeoffice (SOHO) access through central-site VPN aggregation, to large-scale enterprise needs.

Figure 3: Cisco 1750 Modular Access Router

Cisco Secure PIX Firewall An amazing piece of technology, the PIX (private Internet exchange)

firewall combines dynamic network address translation, proxy server, packet filtration, firewall and VPN capabilities in a single piece of hardware.

Figure 4: The Cisco PIX Firewall

Instead of using Cisco IOS, this device has a highly streamlined OS that trades the ability to handle a variety of protocols for extreme robustness and performance by focusing on IP.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

24CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

VPN ADVANTAGES AND DISADVANTAGES


Advantages of VPN LOW COST One way a VPN lowers costs is by eliminating the need for expensive long-distance leased lines. With VPNs, an organization needs only a relatively short dedicated connection to the service provider. This connection could be a local leased line or it could be a local broadband connection such as DSL service. A third, more subtle way that VPNs may lower costs is through offloading of the support burden. With VPNs, the service provider rather than the organization must support dial-up access for example. Service providers can in theory charge much less for their support than it costs a company internally because the public provider's cost is shared amongst potentially thousands of customers. SCALABILITY The cost to an organization of traditional leased lines may be reasonable at first but can increase exponentially as the organization grows. A company with two branch offices, for example, can deploy just one dedicated line to connect the two locations. If a third branch office needs to come online, just two additional lines will be required to directly connect that location to the other two. However, as an organization grows and more companies must be added to the network, the number of leased lines required increases dramatically. Four branch offices require six lines for full connectivity, five offices require ten lines, and so on. Mathematicians call this phenomenon a combinatorial explosion, and in a traditional WAN this explosion limits the flexibility for growth. VPNs that utilize the Internet avoid this problem by simply tapping into the geographically-distributed access already available. Hazwani binti Ishak Kuala Lumpur Metropolitan University 01-200807-00311

25CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) Disadvantages of VPN VPNs require an in-depth understanding of public network security issues and proper deployment of precautions. The availability and performance of an organization's wide-area VPN (over the Internet in particular) depends on factors largely outside of their control. VPN technologies from different vendors may not work well together due to immature standards.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

26CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CHAPTER SUMMARY
In chapter 3, the discussion tells about the technology that Kamdar is currently having. Based on the interview session Kamdar says that they would like to try a new implementation of VPN. And as a try out, a Site-to-site Internal VPN will be a great to measure how it will be use by company and the effects of this technology to company environment and profits. Hereby, Kamdar will be using a few VPN devices such as Concentrator, Firewall and most importantly VPN Router after considering the advantages and disadvantages of the technology.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

27CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CHAPTER 4: NETWORK COSTING

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

28CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

VPN CONCENTRATOR
Cisco VPN 3000 Series Concentrators can provide KAMDAR with unprecedented cost savings through flexible, reliable, and high-performance remote-access solutions. The Cisco VPN 3000 Series offers solutions for the most diverse remote-access deployments by offering both IP Security (IPsec) and Secure Sockets Layer (SSL) VPN connectivity on a single platform. New features in Cisco VPN 3000 Series Concentrator Software v4.7 deliver extensive application access, industry-leading endpoint security, data integrity protection, infrastructure access, and network compliance validation controls. Benefits of the Cisco VPN 3000 Series include:

Advanced endpoint security: Cisco Secure Desktop offers preconnection security posture assessment and seeks to minimize the data left behind after an SSL VPN session terminates.

Broad application support for SSL VPN: The Cisco VPN 3000 Series Concentrator platform offers extensive application support through its dynamically downloaded SSL VPN client for WebVPN, enabling network-layer connectivity to virtually any application.

Posture assessment, policy enforcement, and remediation: IPsec-enabled network admission control (NAC) uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources.

Ease

of

deployment

with

zero-touch

remote

endpoint

management: Integrated Web-based management on Cisco VPN 3000 Series Concentrators provides a simple, easy-to-manage interface to configure and monitor all remote-access users. Cisco VPN Client software is provided with all the Cisco VPN 3000 Series models and includes unlimited distribution licensing. Cisco WebVPN, also provided with no additional licensing fees, enables full network access to virtually any application. Hazwani binti Ishak Kuala Lumpur Metropolitan University 01-200807-00311

29CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) Cisco VPN 3000 Series Concentrators are available in both nonredundant and redundant configurations, allowing users to build the most robust, reliable, and costeffective networks possible. Technical Specification Hardware Processor Memory Encryption Motorola PowerPC processor Redundant system images (Flash) Variable memory options (Figure 6) Cisco VPN 3005, 3015: Software Cisco VPN 3020, 3030, 3060, and 3080: Hardware

Embedded LAN Interfaces Cisco VPN 3005: Two autosensing, full-duplex 10/100BASE-TX Fast Ethernet (public/untrusted, private/trusted) Cisco VPN 3015, 3020, 3030, 3060, and 3080: Three autosensing, full-duplex 10/100BASE-TX Fast Ethernet (public/untrusted, private/trusted, and DMZ) Instrumentation Cisco VPN 3005: Unit status indicator (front panel); status LEDs for Ethernet ports (rear panel) Cisco VPN 3015, 3020, 3030, 3060, and 3080: Status LEDs for system, expansion modules, power supplies, Ethernet modules, and fan (front panel); status LEDs for Ethernet modules, expansion modules, and power supplies (rear panel) Cisco VPN 3015, 3020, 3030, 3060, and 3080: Activity monitor displays the number of sessions, aggregate throughput, or CPU utilization, and is push-button selectable

Software Client Software Compatibility Cisco SSL VPN Client for network-layer connectivity using an SSL-capable Web browser on remote system Cisco IPsec VPN Client for Windows 98, ME, NT 4.0, 2000, and XP; Linux (Intel); Solaris (UltraSparc 32- and 64-bit); and Mac OS X 10.2, 10.3, and 10.4, 01-200807-00311

Hazwani binti Ishak Kuala Lumpur Metropolitan University

30CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) including centralized split-tunneling control and data compression Microsoft PPTP, Microsoft Point-to-Point Encryption (MPPE), and Microsoft Point-to-Point Compression (MPPC); Microsoft Challenge Handshake Authentication Protocol (MSCHAP) v1 and v2; and Extensible Authentication Protocol (EAP) and RADIUS passthrough for EAP-Transport Layer Security (EAP-TLS) and EAP-Generic Token Card (EAP-GTC) support Microsoft L2TP and IPsec for Windows 2000 and XP, including Windows XP Dynamic Host Control Protocol (DHCP) option for route population Microsoft L2TP and IPsec for Windows 98, ME, and NT Workstation 4.0 Tunneling Protocols Cisco SSL VPN (HTTPS/SSL-based) IPsec, PPTP, L2TP, L2TP/IPsec, NAT Transparent IPsec, Ratified IPsec/UDP (with autodetection and fragmentation avoidance), IPsec/TCP Support for Cisco EasyVPN (client and network extension mode)

Encryption/Authentication IPsec Encapsulating Security Payload (ESP) using DES/3DES (56/168-bit) or AES (128/192/256-bit) with Message Digest Algorithm 5 (MD5) or Secure Hashing Algorithm (SHA); or MPPE using 40/128bit RC4 Key Management Internet Key Exchange (IKE) Diffie-Hellman (DH) groups 1, 2, 5, and 7 (ECDH) RSA certificates (SSL and IPsec) Routing Initiation Protocol (RIP), RIPv2, Open Shortest Path First (OSPF), Reverse Route Injection (RRI), static routing, automatic endpoint discovery, NAT, and Classless Interdomain Routing (CIDR) IPsec fragmentation policy control, including support for Path Maximum Transmission Unit (MTU) Discovery (PMTUD) Interface MTU control iPass Ready, Funk Steel-Belted RADIUS, Microsoft Internet Explorer, Netscape Communicator, Entrust, Baltimore, and SA Keon 01-200807-00311

Routing

Third-Party Compatibility

Hazwani binti Ishak Kuala Lumpur Metropolitan University

31CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) High Availability Virtual Router Redundancy Protocol (VRRP) for multichassis redundancy and multichassis failover Remote-access load-balancing clusters supporting both SSL and IPsec connections Destination pooling for client-based failover, reestablishment, and connection re-establishment Redundant SEP modules (optional), power supplies, and fans (Cisco VPN 3015, 3020, 3030, 3060, and 3080 models)

Management Configuration Embedded management interface is accessible through console port, Telnet, SSHv1, and HTTPS Administrator access is configurable for five levels of authorization; authentication can be performed externally through TACACS+ Role-based management policy separates functions for service provider and end-user management Monitoring Event logging and notification through e-mail (SMTP) Automatic FTP backup of event logs Simple Network Management Protocol (SNMP) MIB-II support Configurable SNMP traps Syslog output System status Session data (including client assign IP, encryption type connection duration, client OS, and client version) General statistics

Security Authentication and Accounting Servers Support for redundant external authentication servers, including: - RADIUS - Kerberos/Active Directory authentication - Microsoft NT Domain authentication - Microsoft NT Domain authentication with password expiration (MSCHAPv2); IPsec only User authorization through Lightweight Directory Access Protocol (LDAP) or RADIUS 01-200807-00311

RSA Security Dynamics (SecurID Ready), Hazwani binti Ishak

Kuala Lumpur Metropolitan University

32CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) Including Native Support for RSA 5 (Load Balancing, Resiliency) Internal authentication server for up to 100 users X.509v3 digital certificates, including certificate revocation list (CRL)/LDAP and CRL/HTTP, CRL caching, and backup CRL distribution point support RADIUS accounting TACACS+ administrative user authentication Source and destination IP address Port and protocol type Fragment protection FTP session filtering Site-to-site filters and NAT (for overlapping address space) By individual user or group - Filter profiles (defined internally or externally) - Idle and maximum session timeouts - Time and day access control - Tunneling protocol and security authorization profiles - IP pool and servers - Authentication pool and servers Federal Information Processing Standards (FIPS) 140-2 Level 2 (3.6), FIPS 140-1 Level 2 (3.1), and VPNC

Internet-Based Packet Filtering

Policy Management

Certification

Model and Price CISCO CVPN 3005-E/FE VPN 3000 Concentrator 64Mb v4.7 Key Features Type: Concentrator Data Transfer Rate: 100 Mbps Connectivity: Cable Platform: PC Price: RM 291.60

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

33CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

Figure 5: CISCO CVPN 3005-E/FE VPN 3000 Concentrator 64Mb v4.7

VPN OPTIMIZED ROUTER


VPN Router that suggested to Kamdar will be Cisco 1750 Access Router. The Cisco 1750 access router delivers these capabilities with the power of Cisco IOS software in a modular integrated access solution. The Cisco 1750 provides a costeffective solution to support applications, including: Secure Internet, intranet, and extranet access with optional firewall Multiservice voice/fax/data integration VPN access Broadband DSL and cable connectivity The Cisco 1750 features a modular architecture that enables users to costeffectively upgrade or add WAN and voice interfaces to accommodate changing requirements and growth. Integrated network services and functions, including an optional firewall, CSU/DSU, and VPN features, reduce the complexity of deploying and managing branch office solutions. Most important, the Cisco 1750 offers investment protection with a RISC architecture and features to support new technologies and applications, including voice/fax/data integration and VPNs, when users are ready to deploy them. The Cisco 1750 is available in three models that enable users to easily tailor an access solution to suit their branch office requirements today and in the future: Cisco 1750The most basic model available, this unit provides everything a small branch office needs for data networking now, with a simple upgrade path to support integrated voice/fax/data applications when needed. A convenient voice upgrade kit is available to provide voice/fax/data support as needed. Hazwani binti Ishak Kuala Lumpur Metropolitan University 01-200807-00311

34CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) Cisco 1750-2V Multiservice modelThis model includes all the features, memory, and DSP needed for immediate support of integrated voice/fax/data applications with up to two analog voice ports. Voice and WAN interface cards are available separately.

Cisco 1750-4V Multiservice modelThis model includes all the features, memory, and DSPs needed to support integrated multiservice voice/fax/data applications immediately with up to four analog voice ports. Voice and WAN interface cards are available separately. Since all Cisco 1750 models offer three modular slots for voice and data interface

cards, an autosensing 10/100BaseT Ethernet LAN port, a console port, and an auxiliary port. The Cisco 1750 supports the same WAN interface cards as the Cisco 1600, 1720, 2600, and 3600 routers, and the same analog voice interface cards and voice-over-IP technology as the Cisco 2600 and 3600 routers, simplifying spanning support requirements. The WAN interface cards support a wide range of services, including synchronous and asynchronous serial, Integrated Services Digital Network Basic Rate Interface (ISDN BRI), and serial with DSU/CSU options for primary and backup WAN connectivity. The voice interface cards include support for Foreign Exchange Office (FXO), Foreign Exchange Station (FXS), and Ear & Mouth (E&M). Combined, these interfaces support a comprehensive set of applications, including multiservice voice/fax/data integration, Frame Relay, ISDN BRI, SMDS, X.25, broadband DSL and cable services, VPNs, and more. Advantages The Cisco 1700 series supports the value of end-to-end Cisco network solutions with the following benefits:

FlexibilityThe modular Cisco 1750 adapts easily to fit the needs of businesses. Interchangeable WAN interface cards enable easy additions or changes in WAN technologies without requiring a forklift upgrade of the

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

35CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) entire platform. Modular data and voice slots enable users to tailor data and voice services as needed. With the ability to use the same field-upgradable WAN and voice interface cards across multiple Cisco access router platforms, the Cisco 1750 reduces requirements for spare parts inventory and support training. In addition, the autosensing 10/100BaseT Fast Ethernet port enables easy migration to high-speed local networks.

Multiservice AccessFor businesses that have data networking needs today and want to integrate multiservice data/voice/video/fax capabilities now or in the future, the Cisco 1750 offers a flexible, cost-effective answer. The Cisco 1750 enables network managers to save on long-distance interoffice billing costs and interoperates with next-generation voice-enabled applications such as integrated messaging and Web-based call centers. The Cisco 1750 works with the existing telephone infrastructurephones, fax machines, key telephone systems (KTS) units, and PBXminimizing capital costs.

Lower Cost of OwnershipThe Cisco 1750 router provides a complete solution for integrated voice and data access in a single product, eliminating the need to install and maintain a large number of separate devices. You can combine optional functions, including a voice gateway, dynamic firewall, VPN tunnel server, DSU/CSU, ISDN network termination-1 (NT1) device, and more to reduce deployment and management costs. This solution can be managed remotely using network management applications such as CiscoWorks and CiscoView or any SNMP-based management tool.

Investment ProtectionThe Cisco 1750 RISC architecture, Cisco IOS software, and modular slots provide solid investment protection to companies that want a platform that offers data connectivity today and an easy migration path to implement services such as multiservice data/voice/video integration, VPNs, and broadband DSL and cable communications in the near future. A slot on the 1700 series motherboard offers the ability to support future hardware-assisted data encryption at T1/E1 speeds.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

36CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) Security Cisco IOS software supports an extensive set of basic and advanced network security features, including access control lists (ACLs), user authentication, authorization, and accounting (such as PAP/CHAP, TACACS+, and RADIUS), and data encryption. To increase security, the integrated Cisco IOS Firewall Feature Set protects internal LANs from attacks with context-based access control (CBAC), while IPSec tunneling with data encryption standard (DES) and triple DES encryption provide standards-based data privacy, integrity, and authenticity as data travels through a public network. For remote access VPNs, Layer 2 Forwarding (L2F) and Layer 2 Tunneling Protocol (L2TP) combine with IPSec encryption to provide a secure multiprotocol solution (for IP, IPX, and AppleTalk traffic, and more). Mobile users can dial in to a service provider's local point of presence (POP) and data is "tunneled" (or encapsulated inside a second protocol such as IPSec or L2TP) back to the Cisco 1750 router to securely access the corporate network via the Internet.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

37CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) Specification

Model and Price CISCO 1750-RF Router Price: RM 179.80

Figure 6: CISCO 1750-RF Router

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

38CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

PIX FIREWALL
Cisco PIX Security Appliance customers are encouraged to migrate to Cisco ASA 5500 Series Adaptive Security Appliances. Built on the same software foundation as Cisco PIX Security Appliances, the Cisco ASA 5500 Series offers more robust firewall and IPsec VPN capabilities, as well as many additional benefits, including: Significantly better performance and scalability Secure Sockets Layer (SSL) VPN support (including clientless, portal-based remote access) Advanced Unified Communications (voice/video) security A modular design that allows you to add features such as intrusion prevention (IPS), anti-virus, anti-spam, anti-phishing, and URL filtering. Migration to the Cisco ASA 5500 Series is straightforward. Customers can take advantage of their knowledge and investment in Cisco PIX Security Appliances, because there are essentially no changes in user interface, operations, or training. Get additional information about the Cisco PIX Security Appliances end-of-sale announcement.

Deploy Comprehensive Network Security Cisco adaptive security appliances integrate industry-leading

firewalls, unified communications security , VPN technology,intrusion prevention, and content security in a unified platform to: Stop attacks before they penetrate the network perimeter Protect resources and data, as well as voice, video, and multimedia traffic Control network and application activity Reduce deployment and operational costs

Cisco ASA 5500 Series Adaptive Security Appliances also provide: Adaptable architecture for rapid and customized security services deployment Hazwani binti Ishak Kuala Lumpur Metropolitan University 01-200807-00311

39CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) Advanced intrusion prevention services that defend against a broad range of threats Highly secure remote access and unified communications to enhance mobility, collaboration, and productivity

Technical Specification VPN Client Compatibility Cisco PIX Firewalls support a wide variety of software- and hardwarebased VPN clients, which include the following: Software IPSec VPN clients Hardware clients IPSec VPN Cisco Secure VPN Client, Version 1.1 Cisco VPN 3000 Concentrator Client, Version 2.5 and later Cisco VPN Client for Windows, Version 3.0 and later Cisco VPN Client for Linux, Version 3.5 and later Cisco VPN Client for Solaris, Version 3.5 and later Cisco VPN Client for Mac OS X, Version 3.5 and later Cisco VPN 3002 Hardware Client, Version 3.0 and higher Cisco IOS Software Easy VPN Remote, Release 12.2(8)YJ Cisco PIX Firewall, Version 6.2 and higher

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

40CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

Layer 2 Tunneling Protocol (L2TP)/IPSec VPN clients Point-to-Point Tunneling Protocol (PPTP) VPN clients

Microsoft Windows 2000

Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows NT 4.0 Microsoft Windows 2000

Easy VPN Server Compatibility Cisco PIX Firewalls can now act as hardware-based VPN clients, taking advantage of the new Cisco Easy VPN Remote capabilities in Cisco PIX Firewall Software. The following Cisco Easy VPN Server platforms are supported for this deployment scenario:

Cisco Site-to-Site VPN Compatibility In addition to providing interoperability for many third-party VPN products, Cisco PIX Firewalls interoperate with the following Cisco VPN products for siteto-site VPN connectivity:

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

41CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) System Requirements

Model and Price CISCO PIX 506E (PIX-506E) Firewall Key Features Connectivity: Wired Firewall Features: Stateful Packet Inspection (SPI) DoS Prevention Intrusion Prevention Content Filtering URL Filtering NAT Support: Static Dynamic Policy based PAT Price: RM 647.80

Figure 7: PIX-506E Firewall

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

42CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

NETWORK COSTING
To sum all up of the three additional VPN devices into Kamdar network system: Device E/FE v4.7 VPN 3000 64Mb Cost Available at http://cgi.ebay.com.my/ws/eBayISAPI.dll? ViewItem&item=390152358154

CISCO CVPN 3005- RM 291.60 Concentrator

CISCO Router CISCO TOTAL: PIX

1750-RF RM 179.80

http://www.shopping.com/xPO-Cisco-1750CISCO1750-RF

506E RM 647.80 RM 1119.20

http://www3.shopping.com/xPO-Cisco-PIXFirewall-506E-PIX-506E

(PIX-506E) Firewall

So the total cost of developing new VPN connection for Kamdar will be RM 1119.20.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

43CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CHAPTER SUMMARY
Chapter 4 discussed about the proposed devices that important to realize VPN networking for Kamdar. As the usage of Cisco VPN 3005-E/FE concentrator proposed because it offers best-in-class remote-access VPN devices that provide businesses with unprecedented cost savings through flexible, reliable, and high-performance remote-access solutions. The Cisco VPN 3015 offers solutions for the most diverse remote-access deployments by offering both IP Security (IPSec) and Secure Sockets Layer (SSL)-based VPN connectivity on a single platform. The Cisco 1750 modular access router is the single solution for giving small/medium-sized businesses and enterprise small branch offices robust WAN data connections today. Most important, the Cisco 1750 offers investment protection with a RISC architecture and features to support new technologies and applications, including data/voice/fax integration, and VPNs, when Kamdar are ready to deploy them. The Cisco 1750 delivers routing capabilities with the power of Cisco IOS software in a modular integrated access solution. The Cisco 1750 provides a cost-effective solution to support applications, including: secure Internet, intranet, and extranet access with optional firewall; multiservice data/voice/fax integration; VPN access; broadband access. The Cisco 1750 features a modular architecture that enables users to cost-effectively upgrade or add WAN and voice interfaces to accommodate changing requirements and growth. While to secure this VPN connection, the Cisco PIX 506E Firewall are proposed. It is an enhanced version of the widely popular Cisco PIX 506 Firewall, delivers enterprise-class security for remote office/branch office environments in a robust, reliable appliance. Ideal for securing Internet connections for remote/branch offices, the Cisco PIX 506E Firewall, provides a wide range of rich security capabilities and powerful remote management capabilities in a cost-effective, high-performance solution. The PIX 506E also delivers improved 3DES VPN performance, with up to 70% more performance than the PIX 506, when using certain applications. Kamdar can take advantage of their knowledge and investment in Cisco PIX Security Appliances, because there are essentially no changes in user interface, operations, or training. Hazwani binti Ishak Kuala Lumpur Metropolitan University 01-200807-00311

44CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CHAPTER 5: TESTING AND IMPLEMENTATION

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

45CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

EXISTING NETWORK

Figure 8: Existing Kamdar Network

Figure 8 above shows the existing implementation of the Kamdar which is with switch, HP ProLiant DL120 G6, VDSL, PANEAGLE, and Internet. The switch with 5 Mbps is the main connection to the current server while the switch with 1 Mbps is just the backup for the switch of 5 Mbps. Now the focus is the Fortigate-310B. As proposed to the network, VPN connection will be added to this network system.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

46CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

IMPLEMENTATION OF THE NETWORK


To implement the new network by using the proposed design, several new devices are needed.

Figure 9: Proposed new network for Kamdar

CISCO CVPN 3005-E/FE Concentrator Before You Begin Save the current VPN 3005 configuration file and copy it to a remote system before you proceed. See the Administration | File Management | TFTP Transfer screen in the VPN Concentrator Manager.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

47CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) Caution! The VPN Concentrator and the battery contain electronic components that are sensitive to electrostatic discharge (ESD). Improper handling could damage components. Leave the battery in its protective ESD-shielded envelope until instructed to remove it, and handle it only as instructed. If you have reservations about installing the battery, ask for assistance from a qualified technician.

Parts Cisco Supplies The battery upgrade kit includes these parts: New batteryM4T28 part number prefix. Disposable wrist strap ESD protection kit. Documentation.

Tools You Need No. 2 Phillips screwdriver. Shutting Down and Powering Off Shut down and power off the VPN 3005 Concentrator or VPN 3002 Hardware Client before you install the module. Step 1 Using the VPN Concentrator Manager, shut down the VPN 3005/3002 (see the Administration | System Reboot screen). Step 2 Turn power off: press O on the power switch on the rear of the chassis. Step 3 Disconnect power cord from the system and the power outlet. Step 4 Disconnect all network cables and the console cable.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

48CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

Warning! Hazardous voltages and the risk of electrical shock may be present inside the VPN Concentrator chassis. Always disconnect the power cord before removing the chassis cover. Never operate the VPN Concentrator with the cover removed.

CISCO 1750-RF Router To configure a Cisco 1700 using the Ethernet WAN Interface Card (WIC1ENET) to act as a Point-to-Point Protocol over Ethernet (PPPoE) client with Network Address Translation (NAT).
Components Used

The information in this document is based on these software and hardware versions: Cisco IOS Software Release 12.1(3) XT1 or later to support the Cisco 1700 WIC-1ENET. For this sample configuration, the Cisco 6400 Universal Access Concentrator-Node Route Processor (UAC-NRP) was running Cisco IOS Software Release 12.1(3)DC1. To support PPPoE, you must have the ADSL+PLUS feature set. The ADSL-only feature set does not support PPPoE on the Cisco 1700. The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

49CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) Background Theory The WIC-1ENET is a 10BASE-T card developed for the Cisco 1700 series routers. The WIC-1ENET provides a second Ethernet interface for the Cisco 1700, which helps to use the rich functionality of Cisco IOS Software with any Digital Subscriber Line (DSL) or Cable modem. The PPPoE client feature allows the PPPoE functionality to be moved to the router. Multiple PCs can be installed behind the Cisco 1700 Fast Ethernet interface and, before their traffic is sent to the PPPoE session, it can be encrypted, filtered, and so on, and NAT can run. Running PPPoE on the router removes the need of using PPPoE client software on the PCs.
Processor Requirements

Revision B5 of the MPC 860 Microprocessor is required. This processor is used in all Cisco 1700 series routers shipped after November 21, 1999. Cisco 1700 serial numbers starting with JAB0347XXXX have been manufactured with the Model MPC860 revision B5 microprocessor. The date code is built into the serial number. The format is LLLYYWWSSSS, where: LLL is the location at which the unit was built. YY is the year that the unit was built (1997=01, 1998=02, 1999=03, 2000=04). WW is the work week of the year that the unit was built. SSSS is the serial number.

The processor version information is displayed at bootup. You can also verify the processor revision by issuing the show version command at the Router# prompt.
Memory Requirements

To run Cisco 1700 IOS images that support the Cisco WIC-1ENET, the router must have a minimum amount of Flash memory and DRAM.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

50CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)
WIC-1ENET Restrictions and Unsupported Features

WIC-1ENET is not supported in platforms other than the Cisco 1700. Only a twisted pair RJ-45 connection is supported; there is no attachment unit interface (AUI) or BNC interface support. There is no Auto Negotiation (Auto Sensing) between half-duplex and full-duplex modes. WIC-1ENET cannot be used for TFTP file downloading while the host is in ROMMON. WIC-1ENET is not recognized by the Cisco 1700 when it is in ROMMON mode. Current Cisco IOS Software supports the WIC-1ENET only in Slot 0 of a Cisco 1700.

Configure

In this section, you are presented with the information to configure the features described in this document. The PPPoE client is configured on the Cisco 1700 with the virtual private dial-up network (VPDN) commands. (VPDN commands are not needed for Cisco IOS Software Release 12.2(13)T or later.) Make sure that you configure these commands first. CISCO PIX 506E Firewall The following sections in the Installation Guide for Cisco Secure PIX Firewall Version 5.2 are supported on a certified PIX Firewall and should be followed when installing the certified PIX Firewall: Introduction, including safety recommendations, maintaining safety with electricity, and general site requirements in Chapter 1, "Introduction" Installation Overview and Installing a PIX 515, PIX 520, and PIX 525 models and Hardware and Software requirements for version 5.2 in Chapter 2, "Installing a PIX Firewall" Installing the PIX Firewall Syslog Server (PFSS) in Chapter 4, "Installing the PIX Firewall Syslog Server (PFSS)" Hazwani binti Ishak Kuala Lumpur Metropolitan University 01-200807-00311

51CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) Opening a PIX Firewall Chassis for PIX 515, PIX 520, and PIX 525 models in Chapter 5, "Opening a PIX Firewall Chassis" Installing a Memory Upgrade for PIX 515, PIX 520, and PIX 525 models in Chapter 6, "Installing a Memory Upgrade" Installing a Circuit Board for PIX 515, PIX 520, and PIX 525 models in Chapter 7, "Installing a Circuit Board" Installing a DC Voltage PIX 515 and PIX 520 in Chapter 8, "Installing a DC Voltage PIX 515 or PIX 520" The following sections in the Installation Guide for Cisco Secure PIX Firewall Version 5.2 are not supported on the certified configuration of the PIX Firewall. The features covered by these sections are outside the scope of the evaluated PIX Firewall and should not be installed: Installing Failover in Chapter 3, "Installing Failover" Installing a Private Link VPN board in Chapter 7, "Installing a Circuit Board" Installing the PIX Firewall Setup Wizard in Chapter 9, "Installing the PIX Firewall Setup Wizard"

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

52CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CHAPTER SUMMARY
As summary of the chapter, the implementation of VPN connection to company is not costly and can bring many benefits to company. The additional VPN will not interrupt the existing Kamdar network system but it will improve the companys network efficiency. After company decided to implement an appliance-based dedicated VPN solution with a low-end VPN concentrator, a Cisco 3005 VPN concentrator. The Cisco VPN Concentrator collects all the traffic, from different centers over the Internet to the central Kamdar operating center. The partners' users are bound by a stringent enterprise-wide security policy implemented by Kamdar which pre-defines the level of access and services available to users on Kamdars network. The VPN concentrator is at Kamdar corporate office where the company's SAP servers are also hosted. The 2 Mbps pipe at the corporate office has 80 percent utilization at present. No QoS tools are in use on the VPN setup. There is some in-built redundancy in the VPN concentrator. At the client end, many locations have more than one phone connection or Internet account. At places where wired telephone links are not stable, Wireless in Local Loop (WLL) links are used to connect to the local ISP. These links have been deployed by Kamdar and provide 9.6 or 14.4 Kbps bandwidth.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

53CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CHAPTER 6: NETWORKING GUIDELINES

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

54CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

HP PROLIANT DL120 G6 SERVER

Figure 10: HP Proliant DL120 G6 Server

Right Sized, Right Priced Solution An array of 4 core Intel Xeon processors and dual core Pentium and Core i-3 processors, enable you to pick the right processor based on workload requirements Support for large form factor SATA and SAS hard disk drives provides both low-cost, high-capacity drives and high performance, high reliability drives Integrated SATA RAID 0/1 and an array of SAS HBAs and Smart Array Controllers Affordable performance for scale-out applications Provides essential features for computing needs Easy-To-Own and Manage Easy-access, rack-optimized 1U chassis for fast deployment and efficient maintenance Offers the control to respond quickly to server issues wherever they occur Browser and command line interface access Essential, integrated entry-level remote management at an affordable price Service and Support Upholds HP's reputation of dependability, by conducting some of the most rigorous and thorough testing in the industry Full range of service and support for every budget including startup, installation, extended warranty, network planning, software updates and others Access to HP helpdesks and service professionals for around the clock support

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

55CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

Table 1: Technical Specification of HP PROLIANT DL120 G6 SERVER

DEBUGGING THE PPPOE SERVER


Configuration on server are stressed on PPPOE server configuration for VPN at: Layer 4 - PPP layer Layer 3 - Ethernet layer Layer 2 - ATM layer Layer 1 - DSL physical layer

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

56CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CONFIGURATION
! vpdn enable no vpdn logging ! vpdn-group pppoe request-dialin !--!--!--!---

VPN

1750-RF

ROUTER

ON

HP

PROLIANT DL120 G6 SERVER

The PPPoE client requests to establish a session with the aggregation unit (6400 NRP). These VPDN commands are not needed with Cisco IOS Software Release 12.2(13)T or later.

protocol pppoe ! int Dialer1 ip address negotiated encapsulation ppp ip mtu 1492 !--- The Ethernet MTU is 1500 by default !--- (1492 + PPPoE headers = 1500). ip nat outside dialer pool 1 !--- This ties to interface Ethernet0. dialer-group 1 ppp authentication chap callin ppp chap hostname <username> ppp chap password <password> ! !--- The ISP instructs you regarding !--- the type of authentication to use. !--- To change from PPP Challenge Handshake Authentication !--- Protocol(CHAP) to PPP Password Authentication Protocol (PAP), !--- replace these three lines: !--- ppp authentication chap callin !--- ppp chap hostname !--- ppp chap password !--- with these two lines: Hazwani binti Ishak Kuala Lumpur Metropolitan University 01-200807-00311

57CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) !--- ppp authentication pap callin. ppp pap sent-username <username> password <password> ! dialer-list 1 protocol ip permit ! !--- This is the internal Ethernet network. interface FastEthernet0 ip address 10.0.0.1 255.255.255.0 ip nat inside ! interface Ethernet0 pppoe enable pppoe-client dial-pool-number 1 !--- The PPPoE client code ties into a dialer !--- interface upon which a virtual-access !--- interface is cloned. ! !--!--!--!--For NAT, you overload on the Dialer1 interface and add a default route out of the Dialer1 interface because the IP address can change.

ip nat inside source list 1 interface Dialer1 overload ip classless ip route 0.0.0.0 0.0.0.0 dialer1 no ip http server ! dialer-list 1 protocol ip permit access-list 1 permit 10.0.0.0 0.0.0.255 !--- This is for NAT.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

58CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CHAPTER SUMMARY
To install VPN for Kamdar, the server used by company need basic configuration that suitable with the server specification. It is because HP Proliant DL120 G6 server s a usual and easy configured server that widely used so it is suitable to install VPN for Kamdar. Since Configuration VPN 1750-RF router on HP Proliant DL120 G6 server stressed on PPPOE configuration for VPN connection, this chapter only state the coding that suitable to be configure at HP Proliant DL120 G6 server.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

59CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CHAPTER 7: MAINTENANCE

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

60CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

PERFORMING MAINTENANCE
Some maintenance activities may consume a significant portion of the facility expenses and manpower. Facility maintenance activities generally fall into four categories: preventive, adaptive, corrective and protective. Each category has particular costs associated and specific benefits. Preventive Preventive maintenance plans designed to keep business running efficiently. Preventive allows monitoring computers and network hardware and software to help prevent problems or errors that may cause loss of important data or loss of business.

Adaptive As users more and more on the network, they become coupled to logical services and decoupled from physical services. This decoupling means that users do not care where servers are located, as long as they can get the services they need.

Corrective Some data changes by the minute while other data can be archived once a year. Corrective maintenance is probably the most commonly used maintenance approach, but it is easy to see its limitations. When equipment fails, it often leads to downtime in production. In most cases this is costly business. Also, if the equipment needs to be replaced, the cost of replacing it alone can be substantial. It is also important to consider health, safety and environment (HSE) issues related to malfunctioning equipment.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

61CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) Protective UNINTERRUPTIBLE POWER SUPPLY

A UPS differs from an auxiliary or emergency power system or standby generator in that it will provide instantaneous or near-instantaneous protection from input power interruptions by means of one or more attached batteries and associated electronic circuitry for low power users, and or by means of diesel generators and flywheels for high power users. With this type of UPS, a user's equipment is normally connected directly to incoming utility power with the same voltage transient clamping devices used in a common surge protected plug strip connected across the power line. BACKUP AND RECOVERY

Media failure can also cause data loss or damage. Media failure can happen when the media the data files or transaction logs are stored on fail. Most databases will be stored on computer hard drives or across groups of hard drives on designated servers. Hard drives are mechanical devices, just like automobiles, and are made up of parts and pieces that work together HDD backup may also mean a backup of all data files or just all files from a hard disk or creating a hard disk image. HDD backup is rather an inefficient method of a backup, as usually a backup of the whole drive is not required.

5S IMPLEMENTATION METHOD

5S implementation methodology is a system to reduce workplace waste and optimize productivity by maintaining an orderly workplace. The use of visual reminders helps to achieve consistent improvements as well. 5S Implementation "cleans up" and organizes the workplace, without changing its existing configuration, and it is typically the first lean method which an organization puts into effect.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

62CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CHAPTER SUMMARY
For the maintenance method the four methods should be concern all over the system. Each method produces their specific tasks. Preventive is essential to keep computers, servers and networking equipment running smoothly and reliably. Adaptive is the ability of the system to support users changing needs. Some data changes by the minute while other data can be archived once a year. Corrective maintenance is probably the most commonly used maintenance approach, but it is easy to see its limitations.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

63CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CHAPTER 8: REVIEW AND EVALUATION

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

64CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

BACKUP AND RECOVERY


Backups are useful primarily for two purposes. The first is to restore a state following a disaster (called disaster recovery). The second is to restore small numbers of files after they have been accidentally deleted or corrupted. Data loss is also very common. 66% of internet users have suffered from serious data loss. Advantages

Improved data security Reduced data entry, storage, and retrieval costs Facilitated development of new applications program

Disadvantages

Damage to database affects virtually all applications programs Extensive conversion costs in moving form a file-based system to a database system

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

65CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

UNINTERRUPTABLE POWER SUPPLY

An uninterruptible

power

supply,

also uninterruptible

power

source, UPS or battery/flywheel backup, is an electrical apparatus that provides emergency power to a load when the input power source, typically the utility mains, fails. A UPS differs from an auxiliary or emergency power system or standby generator in that it will provide instantaneous or near-instantaneous protection from input power interruptions by means of one or more attached batteries and associated electronic circuitry for low power users, and or by means of diesel generators and flywheels for high power users. The on-battery runtime of most uninterruptible power sources is relatively short515 minutes being typical for smaller unitsbut sufficient to allow time to bring an auxiliary power source on line, or to properly shut down the protected equipment. The general categories of modern UPS systems are on-line, lineinteractive or standby. An on-line UPS uses a "double conversion" method of accepting AC input, rectifying to DC for passing through the battery (or battery strings), then inverting back to 120V/240V AC for powering the protected equipment. A lineinteractive UPS maintains the inverter in line and redirects the battery's DC current path from the normal charging mode to supplying current when power is lost. In a standby ("off-line") system the load is powered directly by the input power and the backup power circuitry is only invoked when the utility power fails. Most UPS below 1 kVA are of the line-interactive or standby variety which are usually less expensive. For large power units, dynamic uninterruptible power supplies are sometimes used. A synchronous motor/alternator is connected on the mains via a choke. Energy is stored in a flywheel. When the mains power fails, an Eddy-current regulation maintains the power on the load. DUPS are sometimes combined or integrated with a diesel-generator[clarification
needed]

, forming a diesel rotary uninterruptible power supply, or DRUPS. Hazwani binti Ishak 01-200807-00311 Kuala Lumpur Metropolitan University

66CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

Figure 11: Offline/ Standby UPS

IMPLEMENTATION METHOD
Implementation methodology is a system to reduce workplace waste and optimize productivity by maintaining an orderly workplace. The use of visual reminders helps to achieve consistent improvements as well.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

67CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CHAPTER SUMMARY
Based on the review and evaluation, the topic that has been discussed in chapter 7 Maintenance Method was repeated. It is for review once again the product or the implementation works with error or not. Upon on the review each of the implementations having their own advantages and disadvantages. Since a backup system contains at least one copy of all data worth saving, the data storage requirements are considerable. Organizing this storage space and managing the backup process is a complicated undertaking.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

68CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CHAPTER 9: CONCLUSION

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

69CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CONCLUSION OF VPN PROPOSAL


As a conclusion VPN can save an organization money in several situations: eliminating the need for expensive long-distance leased lines reducing long-distance telephone charges offloading support costs

VPNs vs leased lines - Organizations historically needed to rent network capacity such as T1 lines to achieve full, secured connectivity between their office locations. With a VPN, you use public network infrastructure including the Internet to make these connections and tap into that virtual network through much cheaper local leased lines or even just broadband connections to a nearby Internet Service Provider (ISP). Long distance phone charges - A VPN also can replace remote access servers and longdistance dialup network connections commonly used in the past by business travelers needing to access to their company intranet. For example, with an Internet VPN, clients need only connect to the nearest service provider's access point that is usually local. Support costs - With VPNs, the cost of maintaining servers tends to be less than other approaches because organizations can outsource the needed support from professional third-party service providers. These provides enjoy a much lower cost structure through economy of scale by servicing many business clients. Using VPN To use a VPN, each client must possess the appropriate networking software or hardware support on their local network and computers. When set up properly, VPN solutions are easy to use and sometimes can be made to work automatically as part of network sign on. VPN technology also works well with WiFi local area networking. Some organizations use VPNs to secure wireless connections to their local access points when working inside the office. These solutions provide strong protection without affecting performance excessively. Hazwani binti Ishak Kuala Lumpur Metropolitan University 01-200807-00311

70CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) Limitations of a VPN Despite their popularity, VPNs are not perfect and limitations exist as is true for any technology. Organizations should consider issues like the below when deploying and using virtual private networks in their operations: VPNs require detailed understanding of network security issues and careful installation / configuration to ensure sufficient protection on a public network like the Internet. The reliability and performance of an Internet-based VPN is not under an organization's direct control. Instead, the solution relies on an ISP and their quality of service. Historically, VPN products and solutions from different vendors have not always been compatible due to issues with VPN technology standards. Attempting to mix and match equipment may cause technical problems, and using equipment from one provider may not give as great a cost savings.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

71CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

CHAPTER 10: FUTURE PLANNING

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

72CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

KAMDAR NETWORK SYSTEM IN FUTURE


Kamdar plans to extend the VPN to other Kamdar locations which are part of the Kamdar WAN and have ISDN/VSAT/leased lines as primary connectivity. This will act as a fallback option. It also plans to extend VPN access to more mobile users. Since the new site-to-site Intranet VPN implementation will be a try out for Kamdar to see the success and efficiency of new network, if the result of using the new network is success, this network will be implement to all Kamdar branch all over Malaysia to be site-to-site Extranet VPN. Then its not only Kamdars staffs can enter Kamdar system, maybe it ca be extend to customers of Kamdar. Almost identical to Intranets, except they are meant for external business partners. As such, firewall access restrictions are used in conjunction with VPN tunnels, so that business partners are only able to gain secure access to specific data / resources, while not gaining access to private corporate information. Benefit : Businesses enjoy the same policies as a private network, including security, QoS, manageability, and reliability.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

73CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

APPENDIXES

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

74CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

Kamdar main headquarter address and branches


Kamdar can be reached by this address: KAMDAR GROUP (M) BERHAD 113, JALAN TUANKU ABDUL RAHMAN, 50100 KUALA LUMPUR Phone +603.2693.8988 (Hunting Line) Fax +603.2698.8400 Email enquiries@kamdar.com.my Contact Person Ms Helen Office Hour Monday - Friday 8:30am - 5:30pm Outlets Hour Monday - Sunday 10am - 10pm As Kamdar have reached over 20 outlet crossover Malaysia, they are at: KUALA LUMPUR
1. Locations: Jalan Tuanku Abdul Rahman Address: 113,Jalan Tuanku Abdul Rahman, 50100 Kuala Lumpur. Phone: +603.2698.8488 Fax:+603.2698.8400 2. Locations: Jalan Tuanku Abdul Rahman

Address: 171,Jalan Tuanku Abdul Rahman, 50100 Kuala Lumpur. Phone: +603.2691.5708 / +603.2692.6896 Fax: +603.2691.5371

3.

Locations: Jalan Tuanku Abdul Rahman

Address: 429-435,Jln Tuanku Abdul Rahman, 50100 Kuala Lumpur. Phone: +603.2693.9513/12/15 Fax: +603.2691.1054

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

75CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

4. Lama,

Locations: Mid Valley Mega Mall

Address: FJA-2(B),1st Floor,Mid Valley Mega Mall, Batu 2 1/2, Jalan Klang 58000 Kuala Lumpur. Phone: +603.2938.3052 Fax: +603.2284.6739

SELANGOR
1. Locations: SS2, Petaling Jaya Address: 61,Jalan SS2/64,Petaling Jaya, 47300 Selangor. Phone: +603.7877.2870 Fax: +603.7875.8895 2. Locations: Kajang Address: E23-GA,Jalan Prima Saujana 2/D, Sec 2,Taman Prima Saujana, 43000 Kajang,Selangor. Phone: +603.8734.3390/84/71 Fax:+603.8734.3357 3. Locations: Klang Address: 1st Floor,Complex Mais.Lot 336, Sec 23, Simpang Jalan Kapar, Jalan Meru, 41050 Klang,Selangor. Phone: +603.3341.0715/749 Fax:+603.3341.1016 4. Locations: IOI Mall, Puchong Address: Lot ES 8 & ES 9,2nd,Floor,IOI Mall, Batu 9,Jln Puchong,Bdr Puchong Jaya, 47170 Puchong,Selangor. Phone: +603.8071.1866 Fax:+603.8070.9366

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

76CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

THE PROPOSAL

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

77CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

1.0

INDUSTRY
1.0.1 Textiles and Clothing The first actual textile, as opposed to skins sewn together, was probably felt. Surviving examples of Nale binding, another early textile method, date from 6500 BCE. Our knowledge of ancient textiles and clothing has expanded in the recent past thanks to modern technological developments. Our knowledge of cultures varies greatly with the climatic conditions to which archeological deposits are exposed; the Middle East and the arid fringes of China have provided many very early samples in good condition, but the early development of textiles in the Indian Subcontinent, sub-Saharan African and other moist parts of the world remains unclear. In northern Eurasia can also preserve textiles very well. Textiles is a felt or spun fibers made into yarn and subsequently netted, looped, knit or woven to make fabrics. Its appeared first at Middle east during the late stone age. From ancient times until this present day, the methods of textile production have continually evolved, and the choices of textiles available have influenced on how people carried their possession, clothed themselves and decorated their surroundings. Textiles history studies can be discovered via archeology representation of textiles and their manufacture in art; and documents concerning the manufacture, acquisition, use, and trade of fabrics, tools, and finished garments. Early woven clothing was often made of full loom widths draped, tied, or pinned in place such as: Ancient Near East

The earliest known woven textiles of the Near East may be fabrics used to wrap the dead excavated at a Neolithic site at Airiel in Anatolia, carbonized in a fire and radiocarbon dated to c. 6000 BC. Flax cultivation is evidenced from c. 8000 BC in the Near East, but the breeding of sheep with a wooly fleece rather than hair occurs much later, c. 3000 BC. Hazwani binti Ishak Kuala Lumpur Metropolitan University 01-200807-00311

78CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN)

Ancient India

Cotton has been spun, woven, and dyed since prehistoric times. It clothed the people of ancient India, Egypt, and China. Hundreds of years before the Christian era cotton textiles were woven in India with matchless skill, and their use spread to the Mediterranean countries. In the 1st century, Arab traders brought fine muslin and calico to Italy and Spain. Ancient Egypt

Evidence exists for production of linen cloth in Ancient Egypt in the Neolithic period, c. 5500 BC. Cultivation of domesticated wild flax, probably an import from the Levant, is documented as early as c. 6000 BC. Other bast fibers including rush, reed, palm and papyrus were used alone or with linen to make rope and other textiles. Ancient China

The earliest evidence of silk production in China was found at the sites of Yangshao culture in Xia, Shanxi, where a cocoon of bombyx mori, the domesticated silkworm, cut in half by a sharp knife is dated to between 5000 and 3000 BC. Scraps of silk were found in a Liangzhu culture site at Qianshanyang in Huzhou, Zhejiang, dating back to 2700 BC.[16][17] Other fragments have been recovered from royal tombs in the Shang Dynasty (ca. 1600 BC - c. 1046 BC).

1.0.2

Textiles and Apparel in Malaysia The growth of Malaysia's textiles and apparel industry accelerated in the

early 1970s when the country embarked on export-oriented industrialization. With exports valued at RM 10.49 while imports amounted to RM 5.46 billion thus making Malaysia a net exporter of textiles and textile products. There are 662 licensed companies in production with investments of RM8.3 billion. The industry employs more than 68,264 workers. Hazwani binti Ishak Kuala Lumpur Metropolitan University 01-200807-00311

79CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) The industry currently encompasses a broad range of integrated activities ranging from polymerisation and man-made fibre production, spinning, texturizing, weaving, knitting, dyeing, printing and finishing of yarn and fabrics; manufacture of made-up garments and other made-up textile goods such as carpets, bed and table linen and ropes. The industry also covers the manufacture of non-woven fabrics for personal care products, made-up garments, furniture and bedding as well as construction and engineering applications.

2.0

WORLD TREND
2.0.1 Company Introduction Levi Strauss & Co. is a worldwide corporation organized into three geographic divisions: Levi Strauss Americas (LSA), based in San Francisco; Levi Strauss Europe, Middle East and Africa (LSEMA), based in Brussels; and Asia Pacific Division (APD), based in Singapore. The company employs a staff of approximately 10,500 people worldwide, and owns and develops a few brands. Levi's, the main brand, was founded in 1873 in San Francisco, specializing in riveted denim jeans and different lines of casual and street fashion. 2004 saw a sharp decline of selling while facing of global outsourcing, so the company was closed and the Edmonton manufacturing plant shut down. Dockers (Levis clothing line) that was launched in 1986 has sold largely through department store chains. It helped the company grow through the mid1990s, as denim sales began to fade. Levi Strauss attempted to sell the brand in 2004 to relieve part of the company's $2 billion outstanding debt. Launched in 2003, Levi Strauss Signature features jeanswear and casualwear. In November 2007, Levi's released a mobile phone in co-operation with ModeLabs. Many of the phone's cosmetic attributes are customisable at the point of purchase. George P. Simpkins Sr, the Levis CEO is credited with the company's record paced expansion of its manufacturing capacity from fewer than 16 plants to more than 63 plants nationwide from 1964 through 1974. Perhaps most

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

80CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) impressive, however, was that Levi's expansion under Simpkins was accomplished without a single unionized employee as a result of Levi's' and the Hass families' strong stance on human rights and Simpkins' use of "pay for performance" manufacturing at the sewing machine operator level up. As a result, Levi's' plants were perhaps the highest performing, best organized and cleanest textile facilities of their time. Levi's even piped in massive amounts of air conditioning into its press plants, which were known in the industry to be notoriously hot, for the comfort of Levi's workers.

3.0

LOCAL
3.0.1 Textile and Apparel in Malaysia The growth of Malaysia's textiles and apparel industry accelerated in the early 1970s when the country embarked on export-oriented industrialization. With exports valued at RM 10.49 while imports amounted to RM 5.46 billion thus making Malaysia a net exporter of textiles and textile products. There are 662 licensed companies in production with investments of RM8.3 billion. The industry employs more than 68,264 workers. The industry currently encompasses a broad range of integrated activities ranging from polymerisation and man-made fibre production, spinning, texturizing, weaving, knitting, dyeing, printing and finishing of yarn and fabrics; manufacture of made-up garments and other made-up textile goods such as carpets, bed and table linen and ropes. The industry also covers the manufacture of non-woven fabrics for personal care products, made-up garments, furniture and bedding as well as construction and engineering applications.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

81CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) 3.0.2 Kamdar Group (M) Berhad Kamdar Group (M) Berhad was established in Malaysia since 1972, and has since achieved a dominant position in the garment and textile departmental store industry. The Kamdar brand name has been well known for several generations. It has become part of Malaysian history, a fact of which Kamdar is very proud. Kamdar is well known for its extensive range and quality of garment and textile products. Kamdar stores specialize in textile fabric, furnishing fabric, in-house designed garments for ladies, men and childrens clothes, Indian clothing and school uniforms.

4.0

AREA OF FOCUS
4.0.1 NETWORKING - VPN VPN (Virtual Private Network) is a networking types which some of the links between nodes carried by open connections or virtual circuits in larger network area e.g.: Internet, as opposed running on single private network. As the world of business is changing to be more sophisticated with technology nowadays, many businesses have to consider on global markets and logistics. As to achieve this goals, there are needs of way to maintain fast, secure and reliable communications within network system (branches, customers, suppliers). The use of leased lines to maintain WAN (Wide Area Network) provide a company with a way to expand its private network beyond its immediate geographic area. However maintaining a WAN, particularly when using leased lines, can become quite expensive and often rises in cost as the distance between the offices increases. As the popularity of the Internet grew, businesses turned to it as a means of extending their own networks. First came intranets, which are passwordprotected sites designed for use only by company employees. Now, many companies are creating their own VPN (virtual private network) to accommodate the needs of remote employees and distant offices.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311

82CCNS Final Project Kamdar Sdn Bhd Virtual Private Network (VPN) Basically a VPN is a private network that use public network e.g.: Internet; to connect to remote sites or users of company. Instead of using leased-line, VPN use virtual connection routed through Internet from companys private network to remote sites or employee. Its mostly about help distant colleagues work together, much like desktop sharing. For Kamdar, it is proposed to develop a new Site-to-Site Internal VPN. With Intranet VPN, gateways at various physical locations within the same business negotiate a securecommunication channel across the Internet known as a VPN tunnel. An example would be a network that exists in several buildings connected to a data center or mainframe that has secure access through private lines. Users from the networks on either side of the tunnel can communicate with one another as if it were a single network. These may need strong encryption and strict performance and bandwidth requirements. The advantage of Site-to-Site Internal VPN is the substantial cost savings over traditional leased-line or frame relay technologies through the use of Internet to bridge potentially long distances between sites. With VPN, Kamdar employee can keep sharing information and companys data with secure and reliable way. Its important as to keep and maintain business data integrity for companys future use.

Hazwani binti Ishak Kuala Lumpur Metropolitan University

01-200807-00311