Terminals (Computers, to include all peripherals)Monitors,

Servers Cabling Radio Repeaters Locking cabinets Secure Doors Personal

Identification devices Mobile Device Integration (** Note this will include the
fusion of software and hardware systems, as most mobile devices come paired
with specific software solutions)Training of Personnel Operating Systems
Browser Software Anti-Virus Software Audit Software Third Party Device Specific
Applications.
This network will have at minimum 16 computers attached to
it (and two either WiMax or other radio connected computers), an email client,
and no internet access (i.e. an internal network). The documentation for this network will be no
shorter than 8 pages, with no more than two pages of diagrams/images. With specific IP's,
Computer Names, Ect.


Create a second Network that addresses all of the
aforementioned devices (the first network but with security improvements), but
is secure. This network will also allow internet access. Explain what security
measures were implemented and why. Be as
specific as possible. The security
improvements will be holistic, and specific.
Explain the rationale for each improvement. This report will be no shorter than 8 pages
with no more than two pages of diagrams/images.
Total report will be no less than 16 pages, include specific
details/diagrams, a network map of both networks, specific and detailed explanations, verbose
explanations, and rational for improvements from the
fictitious first network to the fictitious second network.
Basically, 8 pages of a fake first network (16 computers, + 2 wireless networked), then 8 pages of a
fake second network (the first network with security improvenents).

Sol:-
Given that the network must consist of 16 nodes so that we need sixteen ip address for the network.
So that the calculations will go as
16 given in binary form as 1111
And we are using ipv4 addressing scheme, so that we have 32 bits to use as the address bits.
From the 32 bits we use the 27 bit to give the subnet of the network.
So we have the 5 bits for the computers using 5 bits we can give the address to 2^5 that is 32 address.
From that first and last are reserved for the broadcast and multicast.
So we have 30 address available with us from which we will be providing 16 address.
Considering a class C network and the IP address network as 211.1.2.0/27

So that the ip addresses for the network will go as for computers we have the ip address from the range
211.1.2.1 to 211.1.2.16
Ahead for the mobile device we have the different ip available to the range of .17 to .31
.0 and .32 are reseved for communication purpose.
Regarding the cabling we would use the cross cables for the communication as cross cables have their
advantages.
Fibre Channel is a standards-based networking architecture. The standards provide definitions for
physical-layer attributes, transport controls, and upper-level support of TCP/IP, SCSI-3, High
Performance Parallel Interface (HiPPI), and other protocols. Fibre Channel is a gigabit transport, with
current implementations at 1Gbps and 2Gbps. The governing body for Fibre Channel standards is the
NCITS/ANSI T11X3 committee.
Gigabit Ethernet switches provide 1Gbps full duplex links to end devices and may support 10Gbps
interswitch links to build a high-performance core infrastructure
1Gbps ports attach directly to file servers or to departmental Ethernet switches for fan-out of 100Mbps
(Fast Ethernet) links to end-user workstations.
Operating systems installed are the inux system for the subordinate servers and solaris operating system
for the main gateway server.
The solaris is mainly used because of the advantages of the felxibilty in order to have the control over
the complete system.
Whenever the user want to access the sub ordinate server he has to go through the gateway server and
then to the subordinate server.
For the browser software we use the Mozilla firefox as it is open source and is available and can be
installed on any platform.
As the servers contain the linux and solaris as the operating system so there is no need to install the anti
virus software for the servers while the desktop computers are the one containing the operating system
as windows. So there is a need of the anti virus programs installed.
So we again use a open source anti virus software which is avira antivirus software. In this software the
application scan the file and then matches the signature of the file with the suspicious signature
available in the database of virus also called as virus sign database.

In order to access the server from the desktop we will install the soft wares also called as tool at the
desktop. Few tools we are going to install as xterm which enables you to aces the linux and solaris
servers from the windows desktop. For downloading the file from server to desktop we will be using the
winSCP software which enables you to download the files from the server to the local desktop system.
For uploading the document we can use the same software WinSCP but for optimization of task we use
the software called as Xftp which initiates the session using FTP(file transfer protocol).
This enables us to upload the documents to the server at a great speed.
In order to monitor the transfer fo data we use a tool called as wireshark .
This software provides us the flexibility to trace a packet flowing from one node to another or server to
one node.
An email server is maintained on the linux server by making an intranet mail facility application.
For accessing the mails of intranet we use various clients like thunderbird on the desktop computer.

Diagrams for the network
Here there are two diagrams one page each
One diagram will give u the details of network and the other will provide the communication details.













For the second Secure network:-
Again for this network we have the requirements that the network must consist of 16 nodes so that we
need sixteen ip address for the network.
So that the calculations will go as
16 given in binary form as 1111
And we are using ipv4 addressing scheme, so that we have 32 bits to use as the address bits.
From the 32 bits we use the 27 bit to give the subnet of the network.
So we have the 5 bits for the computers using 5 bits we can give the address to 2^5 that is 32 address.
From that first and last are reserved for the broadcast and multicast.
So we have 30 address available with us from which we will be providing 16 address.
Considering a class C network and the IP address network as 211.1.2.0/27

So that the ip addresses for the network will go as for computers we have the ip address from the range
211.1.2.1 to 211.1.2.16
Ahead for the mobile device we have the different ip available to the range of .17 to .31
.0 and .32 are reseved for communication purpose.
Now as the network is planning to use the internet facility so in order to make the network secure from
eavesdropping we have implemented the firewall strategy.
The basics of firewallis that it will allow the data only which is destined for the particular network.
We can set the parameters in the firewall such that we can block certain data so that there are no
attacks because of the viruses.
Also that we need the DNS (domain name server)
This is basically used in order to map the ip address to the web site address. Thai is every web site is
associated with an IP address so the main job of the DNS is to map the Ip address to the site and grant
them the access accordingly.
The most important this to be taken into consideration is to determine whether a packet is allowed to
enter or exit the network by comparing some basic identifying pieces of information located in the
packet's header. Packet-filtering technology can be found in operating systems, software and hardware
firewalls, and as a security feature of most routers.
Now in our network we use the ingress filtering . In this we filter the traffic thst crosses the router which
is not destined for the network. For this type of filtering we need the ACL(access control list).
We have a format of the access list
Ip addr access-list-name type name
In this ip addr is the ip addr is the address of the computers , access-list-name is the name of the access
list name. type stands for the standard or extended.
We also implement the network intrusion detection system .
The main job of this system is that to sniff the packets flowing through the network and find for any
suspicious activity or attack taking place in the network.
If we dont implement the intrusion detection system then we might not know where the attack is
taking place and what data is being captured and corrupted.
The most important aspects to securing a wireless network are the way it is designed and the way it
interfaces to your wired network. No matter what features you use to secure your wireless
infrastructure, there will always be ways to defeat them. By utilizing a solid network design strategy, you
can make it harder for attackers to reach your wireless network. This can also add more controls to your
wireless segments and protect your wired network from its wireless counterparts.
We have also implemented the functionality of honey pots in order to avoid attacks. A honeypot is a
"dummy" target machine set up to observe hacker attacks. A honeynet is a network built around such
dummy machines in order to lure and track hackers as they step through the attack process.

Whois and fwhois are extremely simple but useful tools that query particular whois databases
for information about a domain name or an IP address.
Whois servers are databases that are maintained by domain name authorities around the world. A
whois database can contain a plethora of information, but typically it contains such information
as location, contact information, and IP address ranges for every domain name under its
authority.
Nmap is by far the most popular port scanner available. Since all the virus use a specific port number for
infecting the computers so that it is better to use a port scanner so that it is easily identified that the
system is getting infected.

As a network administrator, you not only need to know which hosts are on your network and the
services they are running, but also if those services are vulnerable to exploits. While Nmap can only
show you what machines and ports are reachable on your network.
It is always better to use a browser with no support for storing od passwords so that when u type the
password , it should not be saved else anyone can access your personal information.
About the anti virus softwares to be used , it is better to use a software which is having a huge amount
of virus definations in the database.
So we use the AVG anti virus for scanning virus in the desktops.
In order to access the server information we can use the secure shell tool. This tool is considered to be
the most secure tool in order to access the server information.

Diagrams of two page more I dint get the digrams from my office will mail them to you separately
First u review this doc.