Proposed ANB Multi Domain Solution

Proposed ANB multi domain
solution
Report
11/14/2017
Contents
1. Introduction
1.1 Background of the organization
1.2 Scope of the project
2. Requirements and Constraints

2.1 Functional Requirements
User needs, LAN, WAN connectivity, Website needs
Any specialized needs
Specifications
3. Design
3.1 Network design
3.2 Proposed Machine layout
3.3 Connecting of the network together
3.4 Plan for deployment of workstations
3.5 DNS records
3.6 Plan for updates and patches
3.7 DFS replication
3.8 Intranet
3.9 Encryption
3.10 Testing check list
3.11 Performance standards and quality expectations
3.12 Threat model
3.13 Threat management Plan
3.14 Develop security policies
3.15 Project plan
3.16 Design auditing and incident response procedure
3.17 Switch hierarchy
3.18 VLANs
4. Implementation
4.1 Installation plan
4.2 System maintenance
5. Maintenance
5.1 Backup plan
5.3 Disaster recovery
Harry McCourt ANB 14/11/17

1. Introduction
1.1 Background of the organization
Scenario
Aussie Nuts and Bolts (ANB) is a leading distributor of stainless steel nuts and bolts. We
operate from Welshpool in Western Australia. We have grown significantly in the last two
years and now wish to open another site in Adelaide and Melbourne John Jones, the
companys new IT manager, recently replaced the companys infrastructure at Welshpool and
we now have a streamlined Server environment.
1.2 Scope of the project
To set up a network and give recommendations on equipment to use in replacement for the
out of date equipment that is currently being used at Aussie Nuts and Bolts (ANB) . Training
may need to be planned for the staff to learn how to use the programs and how to operate the
programs to pass this knowledge on to their clients.
Organisational guidelines will need to be drawn up for the user of

-Internet, personal emails
-Downloads
-Avoiding viruses
-Communication methods
-Document procedures and templates
What this project includes

-Installation of devices
-Testing of the devices
-Creating accounts for employees
-We will purchase the electronic devices
-Migration of data
-We will monitor the System for 2 weeks after installation; we can make an agreement to
monitor/fix up issues outside of this time for a monthly fee.
-We will find a solution to rewiring the buildings cabling
What this project doesnt include

-We will not alter the building
-We will not provide internet we can recommend an internet provider
-We will not provide a merchant bank account for sales
-We will not provide the internet however we can recommend plans from internet service
providers that could be used for the business.

Allowing users to continue working efficiently in intermittently connected or disconnected
scenarios by enabling uninterrupted access to user and configuration data under these
conditions.
-Delivering a consistent computing environment to users from any computer when their
desktop or laptop computer is unavailable or in scenarios where users are not assigned a
specific computer.
-Minimize data loss by enabling centralized backup of user data and configuration files by the
organization.
-Eliminate the need to manually configure user settings, install applications, or transfer user
files to provide users access to their computing environments on any computer.
Design a solution where users dont have an assigned computer but log on to any available
computer in a pool of computers. This helps reduce hardware and administration costs.
Easing the IT task of implementing centralized backup of user files while satisfying need for
these ANB states that is imperative that all new technology is sustainable and scalable. Allow
for data to be shared at the various sites and to allow for redundancy
We wish to have a system that is resilient and will not fail on a single point of failure.
Allowing users to continue working efficiently in intermittently connected or disconnected
scenarios by enabling uninterrupted access to user and configuration data under these
conditions.
We will monitor the System for 2 weeks after installation; we can make an agreement to
monitor/fix up issues outside of this time for a monthly fee. What this project doesnt include
We will not alter the building We will not provide internet we can recommend an internet
provider
Firewall will need to be purchased to connect to the backbone switch which will then connect
to the servers in addition to anti-virus software located on the server itself to ensure the
system is resistant to threats outside of the network.
Domain will need to be set up on the switches to limit additional access to the network other
then those authorized.
The switches will need to be locked in lockable rooms and in racks to ensure an air is able to
access and cool down the equipment preferably in a lockable rack to add additional security
to unauthorized access to devices. Telnet connection can be used to connect and to talk to
headless devices with in the network.

Due to ANBs great success in recent years ANB is looking to expand to a multi domain Ault
and child tree. These sites include Perth, Adelaide and Melbourne the expansion will include
an additional site at London and Singapore.
Some of the issues that need to be addressed are;

-Autotomized server update schedules

-Security of the network internal and external
-Transportation of data
-Shared access to files across all locations on networks
-DHCP implementation
-Audits on files
-Scalable network
-Server optimisation
-Server availability
There will need to be software installed on the Server to scan for viruses, optimise
performance, updating schedule will need to be set up so that the updates are done on the
server and then the updates are then branched out to its client computers so there will need to
be access to the internet so that the server can receive its updates. The updates can be set up
outside of staff hours and done autonomously requiring less administration costs and wont
affect the workers working at Aussie Nuts and Bolts (ANB).
Its going to be important to connect to the server from more than the one location this will
make the server more accessible from Aussie Nuts and Bolts (ANB). The computers will
need to be able to log in on any computer and have access to the network, have access to the
internet, emails and complete other functions that are a requirement for the works to complete
their job.
2.2 Non-functional Requirements

Aussie Nuts and Bolts (ANB) has limited amount of resources which limits of what can be
purchased as well as the amount of time that can be spent on upgrading the current hardware
the creating a system to store data and train the people in how to access and use a computer
as efficiently as possible. Aussie Nuts and Bolts (ANB) is currently working in the location
and to the migration of information will need to be ready by this deadline. The users
operating the new systems will need to be taught and this will take some time to master the
software supplied. Some of the issues that need to be addressed are; file replication of the
servers at multiple locations. Improved experience for the mobile work force
Disaster recovery data availability and plan Improved stability and availability Enforce health
policy Delegate control Back-ups Efficient use of bandwidth plan will need to be come with
to ensure the sharing of the data between the servers is acceptable due to the replication of the
files these files will need bandwidth A solution will need to be come up with to resolve the
issues in relation with additional security measures. Measures will need to cover files for
managerial files financial department and the design department to ensure the security of the
designs that are being manufactured.
There will need to be a virtual connection to the server so that it can be accessible off-site so
that the server can be fixed by a third party that isnt working at Aussie Nuts and Bolts
(ANB) if Aussie Nuts and Bolts (ANB) contracts someone else to maintain the network they
will be able to access the server easily and make the changes that are needed.
Budget
The budget is limited to 300,000 dollars for the new servers and for equipment upgrade in
each of the 5. The timeline for this project is 3 at each location months which is when the
clients want to start operation the upgraded network.

3. Design
3.1 Network design
The internal and external users within the network will have to log into the hypervisor
which is being hosted on the IIS server this server will be located at each site Perth
Melbourne, Perth and Adelaide which will require a log in external users will require a access
licence. The users within ANB will share the resources located within the ANB network
The bare mental servers will have access to both the external and internal network that is
created for the client computers that is used to set group policies for the computers within the
network used to enforce rules within the network. The bare metal servers will have two NIC
network interface cards.
This will give access to the servers for the network administrator the other machines that the
server is hosting will be on a different network and will not be able to see this machine to
ensure that the server is secure from the employees with in the network.

3.2 Proposed Machine layout
Below is proposed machine layout for Perth

Location Physical machine Name of server VM machine Roles Comment
number
Perth 1 PER-BM-1 PER-VM-1 -Domain controller Primary DC

Hyper-V (Primary)
IP address -Active Directory
IP address 192.168.8.200 -DNS
192.168.1.250 -Windows backup
services
-WSUS
PER-VM-2 -Remote desktop

services
IP address -WSUS
192.168.8.201
PER-VM-3 -SQL services
-DHCP
IP address -Windows backup
192.168.8.202 services
-WSUS
2 PER-BM-2 PER-VM-1 -Domain controller

Hyper-V (Secondary)
192.168.1.251 -WSUS
PER-VM-2 -Remote desktop

services
IP address -IIS
services
-WSUS
3 PER-BM-3 PER-VM-1 -Files and storage

Hyper-V services
IP address 192.168.8.205 services
192.168.1.252 -WSUS
-DFS
PER-BM-4 Hosting website

ANB Website
Hyper-V
4
IP address
IP address
192.168.8.206
192.168.1.253
Below is the IP reservation for devices within the network at the location of: Perth
Devices Start End

Workstation DHCP pool 192.168.6.1 192.168.8.200
Multifunction device 192.168.8.220 192.168.8.245
Below is the IP plans for the physical and virtual servers located in: Perth
Machine Network IP Subnet Network class

Gateway 192.168.1.0/192.168.8.0 192.168.1.254/192.168.8.254 255.255.255.0 C
Router
PER-BM-1 192.168.1.0 192.168.1.201 255.255.255.0 C
PER-VM-1 192.168.8.0 192.168.8.200 255.255.255.0 C
PER-VM-2 192.168.8.0 192.168.8.201 255.255.255.0 C

PER-VM-3 192.168.8.0 192.168.8.202 255.255.255.0 C
PER-BM-2 192.168.1.0 192.168.1.202 255.255.255.0 C
PER-VM-1 192.168.8.0 192.168.8.203 255.255.255.0 C
PER-VM-2 192.168.8.0 192.168.8.204 255.255.255.0 C
PER-VM-3 192.168.8.0 192.168.8.205 255.255.255.0 C
PER-BM-3 192.168.1.0 192.168.1.203 255.255.255.0 C
PER-VM-1 192.168.8.0 192.168.8.206 255.255.255.0 C
PER-BM-4 192.168.1.0 192.168.1.204 255.255.255.0 C
Hosting Website 192.168.8.0 192.168.8.252/192.168.100.252 255.255.255.0 C

See below for tables on proposed disk partitioning for Perth
DC-1
PER-BM-1 Reserved Storage
Operating systems on the server and programs to be saved here 150GB
Company data 250GB
User storage 500GB
DC-2
PER -BM-2 Reserved Storage
Company data 250GB
User storage 500GB
File server
PER-BM-3 Reserved Storage
Company data 250GB
User storage 6x 1T drives 6T

Below is proposed machine layout for Melbourne

number
MEL 1 MEL-BM-1 MEL -VM-1 -Domain controller Primary DC

Hyper-V (Primary)
services
-WSUS
MEL -VM-2 -Remote desktop

services
IP address -WSUS
192.168.10.201
MEL -VM-3 -SQL services
-DHCP
192.168.10.202 services
-WSUS
2 MEL -BM-2 MEL-VM-1 -Domain controller

Hyper-V (Secondary)
192.168.100.251 -WSUS

services
IP address -IIS
services
-WSUS
3 MEL-BM-3 MEL -VM-1 -Files and storage

Hyper-V services
192.168.100.252 -WSUS
-DFS

Below is the IP plans for DHCP pool and network device located in: Melbourne
Devices Start End

Below is the IP plans for the physical and virtual servers located in: Melbourne
Gateway 192.168.100.0/192.168.10.0 192.168.100.254/192.168.10.254 255.255.255.0 C
Router
MEL-BM-1 192.168.100.0 192.168.100.201 255.255.255.0 C
MEL -VM-1 192.168.10.0 192.168.10.200 255.255.255.0 C
MEL -VM-2 192.168.10.0 192.168.10.201 255.255.255.0 C
MEL -VM-3 192.168.10.0 192.168.10.202 255.255.255.0 C
MEL -BM-2 192.168.100.0 192.168.100.202 255.255.255.0 C
MEL -VM-1 192.168.10.0 192.168.10.203 255.255.255.0 C
MEL -VM-2 192.168.10.0 192.168.10.204 255.255.255.0 C
MEL -VM-3 192.168.10.0 192.168.10.205 255.255.255.0 C
MEL -BM-3 192.168.100.0 192.168.100.203 255.255.255.0 C
MEL -VM-1 192.168.10.0 192.168.10.206 255.255.255.0 C
Melbourne departments see below
Personnel Managers Their staff Comment
Site Manager 1
Sales 1 6
HR 0 2
ICT 0 1
Marketing 0 1
Design 0 0
Finance 1 2
Production 0 0
Other staff 10

See image below for network topology at location: Melbourne

See below for tables on proposed disk partitioning for Melbourne
DC-1
MEL-BM-1 Reserved Storage
Company data 250GB
User storage 500GB
DC-2
Company data 250GB
User storage 500GB
File server
Company data 250GB

Below is proposed machine layout for Adelaide

number
Adelaide 1 ADE-BM-1 ADE -VM-1 -Domain controller Primary DC

Hyper-V (Primary)
services
-WSUS

services
IP address -WSUS
192.168.12.201
ADE -VM-3 -SQL services
-DHCP
192.168.12.202 services
-WSUS
2 ADE -BM-2 ADE -VM-1 -Domain controller

Hyper-V (Secondary)
192.168.150.251 -WSUS
ADE -VM-2 -Remote desktop

services
IP address -IIS
services
-WSUS
3 ADE -BM-3 ADE -VM-1 -Files and storage

Hyper-V services
192.168.150.252 -WSUS
-DFS
Below is the IP plans for DHCP pool and network device located in Adelaide
Devices Start End


Below is the IP plans for the physical and virtual servers located in: Adelaide

Gateway 192.168. 192.168. 255.255.255.0 C
Router 150.0/192.168.12.0 150.254/192.168.12.254
ADE-BM-1 192.168.150.0 192.168.150.201 255.255.255.0 C
ADE -VM-1 192.168.12.0 192.168.12.200 255.255.255.0 C
ADE -VM-2 192.168.12.0 192.168.12.201 255.255.255.0 C
ADE -VM-3 192.168.12.0 192.168.12.202 255.255.255.0 C
ADE -BM-2 192.168.150.0 192.168.150.202 255.255.255.0 C
ADE -VM-1 192.168.12.0 192.168.12.203 255.255.255.0 C
ADE -VM-2 192.168.12.0 192.168.12.204 255.255.255.0 C
ADE -VM-3 192.168.12.0 192.168.12.205 255.255.255.0 C
ADE -BM-3 192.168.150.0 192.168.150.203 255.255.255.0 C
ADE -VM-1 192.168.12.0 192.168.12.206 255.255.255.0 C
Adelaides departments see below

See image below for network topology at location: Adelaide

See below for tables on proposed disk partitioning for Adelaide
DC-1
ADE -BM-1 Reserved Storage
Company data 250GB
User storage 500GB
DC-2
ADE-BM-2 Reserved Storage
Company data 250GB
User storage 500GB
File server
ADE-BM-3 Reserved Storage
Company data 250GB

Below is proposed machine layout for London

number
London 1 LON-BM-1 LON -VM-1 -Domain controller Primary DC

Hyper-V (Primary)
services
-WSUS

services
IP address -WSUS
192.168.14.201
LON -VM-3 -SQL services
-DHCP
192.168.14.202 services
-WSUS
2 LON -BM-2 LON -VM-1 -Domain controller

Hyper-V (Secondary)
192.168.200.251 -WSUS
LON -VM-2 -Remote desktop

services
IP address -IIS
services
-WSUS
3 LON-BM-3 LON -VM-1 -Files and storage

Hyper-V services
192.168.200.252 -WSUS
-DFS
Below is the IP plans for DHCP pool and network device located in London
Devices Start End

Below is the IP plans for the physical and virtual servers located in: London

Gateway 192.168. 192.168. 255.255.255.0 C
Router 150.0/192.168.14.0 150.254/192.168.14.254
LON-BM-1 192.168.150.0 192.168.150.201 255.255.255.0 C
LON -VM-1 192.168.14.0 192.168.14.200 255.255.255.0 C
LON -VM-2 192.168.14.0 192.168.14.201 255.255.255.0 C
LON -VM-3 192.168.14.0 192.168.14.202 255.255.255.0 C
LON -BM-2 192.168.150.0 192.168.150.202 255.255.255.0 C
LON -VM-1 192.168.14.0 192.168.14.203 255.255.255.0 C
LON -VM-2 192.168.14.0 192.168.14.204 255.255.255.0 C
LON -VM-3 192.168.14.0 192.168.14.205 255.255.255.0 C
LON -BM-3 192.168.150.0 192.168.150.203 255.255.255.0 C
LON -VM-1 192.168.14.0 192.168.14.206 255.255.255.0 C

See image below for network topology at location: London

See below for tables on proposed disk partitioning for London
DC-1
LON -BM-1 Reserved Storage
Company data 250GB
User storage 500GB
DC-2
LON-BM-2 Reserved Storage
Company data 250GB
User storage 500GB
File server
LON-BM-3 Reserved Storage
Company data 250GB

Below is proposed machine layout for Singapore

number
Singapore 1 SIN-BM-1 SIN -VM-1 -Domain controller Primary DC

Hyper-V (Primary)
services
-WSUS
SIN -VM-2 -Remote desktop

services
IP address -WSUS
192.168.16.201
SIN -VM-3 -SQL services
-DHCP
192.168.16.202 services
-WSUS
2 SIN -BM-2 SIN -VM-1 -Domain controller

Hyper-V (Secondary)
192.168.251.251 -WSUS
SIN -VM-2 -Remote desktop

services
IP address -IIS
services
-WSUS
3 SIN -BM-3 SIN -VM-1 -Files and storage

Hyper-V services
192.168.252.252 -WSUS
-DFS
Below is the IP plans for DHCP pool and network device located in Singapore
Devices Start End

Below is the IP plans for the physical and virtual servers located in: Singapore

Gateway 192.168. 192.168. 255.255.255.0 C
Router 250.0/192.168.16.0 150.254/192.168.16.254
LON-BM-1 192.168.250.0 192.168.250.201 255.255.255.0 C
LON -VM-1 192.168.16.0 192.168.16.200 255.255.255.0 C
LON -VM-2 192.168.16.0 192.168.16.201 255.255.255.0 C
LON -VM-3 192.168.16.0 192.168.16.202 255.255.255.0 C
LON -BM-2 192.168.250.0 192.168.250.202 255.255.255.0 C
LON -VM-1 192.168.16.0 192.168.16.203 255.255.255.0 C
LON -VM-2 192.168.16.0 192.168.16.204 255.255.255.0 C
LON -VM-3 192.168.16.0 192.168.16.205 255.255.255.0 C
LON -BM-3 192.168.250.0 192.168.250.203 255.255.255.0 C
LON -VM-1 192.168.16.0 192.168.16.206 255.255.255.0 C

See image below for network topology at location: Singapore

See below for tables on proposed disk partitioning for Singapore
DC-1
SIN-BM-1 Reserved Storage
Company data 250GB
User storage 500GB
DC-2
Company data 250GB
User storage 500GB
File server
Company data 250GB

3.3 Connecting of the network together
At each location there will be multiple domain controllers in the event of an outage for
maximum uptime the servers will be connected through a WAN, LAN and VPN connection.
WAN connection requires a specific plan through an internet service provider and the use of
a virtual private network. Rules will need to be put in place to limit access to the servers on
the routers.
There will be connections made between

EU and ASIA arms of ANB made through
virtual private network. UTMs will be used
to filter out potential threats that may
threaten the network in addition to the
image below there is a server based in Perth
being used to host the ANB website, See
below for details.
The network users at each location will have limited access to the network, the users will
need to log into the network through the intranet. Located on the intranet there will be
eligible programs that can be accessed on the network. The server will require multiple NICs
this will allow multiple connections to multiple networks ensuring security of the server and
assets in addition of offering a platform in which allows the sharing of information on the
network. In addition to the use of layer 3 switches enforcing VLANs within each location
will ensure the security and confidentiality of potentially sensitive/critical information that
may be related to business services.
See below for example

3.4 Plan for deployment of workstations
One of the computers from Perth will be captured acronis snap deploy can be used for the
rolling out the default image ISO. After the ISO is created it can be used through Windows
Deployment Services. PXE boot will be used to then distribute the updates to the client
computers.
3.5 DNS records

Computers in each department will be named by the first 3 letters of their names such, their
department and the number of the PC each computer will be numbered and given a unique
device number for remote desktop for support. The advantage of this is easier to keep track
of the computers/devices connected in the DNS managers snap in.
Below is an example of the DNS records seen by the DNS manager snap in
Location Department PC number DNS name

Perth I.T. 1 PER-PC-I.T.-1
Adelaide I.T. 1 ADE-PC-I.T -1
Melbourne I.T. 1 MEL-PC-I.T -1
London I.T. 1 LON-PC-I.T -1
Singapore I.T. 1 SIN-PC-I.T -1
Perth HR 1 PER-PC-HR-1
Adelaide HR 1 ADE-PC-HR-1
Melbourne HR 1 MEL-PC-HR-1
London HR 1 LON-PC-HR-1
Singapore HR 1 SIN-PC-HR-1
3.6 Plan for updates and patches

WSUS can be installed on the server the updates can be then checked to limit the effect of a
dud update to ensure that it doesnt have an effect on the server in this case it will then be
applied to sever and then mirrored to the additional servers the advantage of this is to
minimize the download of the business that can affect the migration of data and network
performance. Computers can be automatically updated this can be downloaded from the
Server at each location Perth, Melbourne, Adelaide and then shared with the work stations at
each location.
3.7 Intranet
Intranet will be hosted at each location Perth, Adelaide, Melbourne, London and Singapore
this will be located on bare metal server number two virtual machine number two at each
location. With fail over clustering enabled at each location this will allow the constant uptime
of the Intranet in the event of a server is brought down for maintenance or outage it will be
replace by an alternative server at the closest location. A forward lookup zone will need to be
created in the DNS manager to covert the web-address to an I.P. address. Reserve look-up
can be configured to look up the users connecting to the network.

3.8 Website
ANBs website is located in Perth on Bare metal server number four, this server is dedicated
for the use of hosted the server. The server will have two different NICs to connect to the
outside world in addition to its UTM, firewall and router. This will give users around the
world access to ANBs website with the addition of switches and VLANs this creates a one
way access to the hosting server by the network administrator.
The reason for this is in the event someone tries to hack into the network the hacker is stuck
in the hosting server creating a container in which the user is unable to penetrate further into
the network the server will be locked on the VLAN 99 this is the VLAN set for
administration of the network.
Below is an image that displays the demilitarization zone

3.9 DFS replication
Name space plan: Corp-data
Location CEO Design Directors Finance HR I.T. Marketing Production Sales
Perth \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\PE-FS-1\Production \\Corp-data\PE-
Acme.local 1\CEO 1\Design 1\Directors 1\Finance 1\HR 1\I.T. 1\Marketing FS-1\Sales
Adelaide \\Corp-data\ADE- \\Corp-data\ADE- \\Corp-data\ADE-FS- \\Corp-data\ADE-FS- \\Corp-data\ADE- \\Corp-data\ADE- \\Corp-data\ADE-FS- \\ADE-FS-1\Production \\Corp-data\ADE-
Acme.local FS-1\CEO FS-1\Design 1\Directors 1\Finance FS-1\HR FS-1\I.T. 1\Marketing FS-1\Sales
Melbourne \\Corp-data\MEL- \\Corp-data\MEL- \\Corp-data\MEL-FS- \\Corp-data\MEL-FS- \\Corp-data\MEL- \\Corp-data\MEL- \\Corp-data\MEL-FS- \\Corp-data\MEL-FS- \\Corp-data\MEL-
Acme.local FS-1\CEO FS-1\Design 1\Directors 1\Finance FS-1\HR FS-1\I.T. 1\Marketing 1\Production FS-1\Sales
London \\Corp-data\LON- \\Corp-data\LON- \\Corp-data\LON-FS- \\Corp-data\LON-FS- \\Corp-data\LON- \\Corp-data\LON- \\Corp-data\LON-FS- \\Corp-data\LON-FS- \\Corp-data\LON-
UK.ANB.local FS-1\CEO FS-1\Design 1\Directors 1\Finance FS-1\HR FS-1\I.T. 1\Marketing 1\Production FS-1\Sales
Singapore \\Corp-data\SIN- \\Corp-data\SIN-FS- \\Corp-data\SIN-FS- \\Corp-data\SIN-FS-1\ \\Corp-data\SIN-FS- \\Corp-data\SIN-FS- \\Corp-data\SIN-FS- \\Corp-data\SIN-FS- \\Corp-data\SIN-
SIN.ANB.local FS-1\ CEO 1\Design 1\Directors Finance 1\HR 1\I.T. 1\Marketing 1\Production FS-1\Sales
3.10 Encryption
Encryption can be used to secure data prevent the information being stolen its impossible to
make a plan that is completely bullet proof but trying find a balance between the security of
intellectual data without hindering the use of the computers ability for ease of use. Windows
provides an encryption feature this will give you a key which can be then exported to a server
a virtual server which can be turned off to avoid the keys from being stolen.
Encryption can be used to secure data on USBs and on laptops the certificates can be
exported to a server that stores the keys to the encryption for a later date and shut down to
limit the access to these keys. The designs the financial documents and managerial
documents. To encrypt whole drives can seriously affect the use of the performance of the
device.
Kerberos encryption
Creates and certificate that is used to authenticate the client/server can be transferred and
installed by user, users with certificate can gain access to the documentation Kerberos has
disadvantages however ideally should be paired with other encryption methods.
These disadvantages include:

-Ability to be intercepted
-Not time stamped
-Requires only one certificate of authentication.
IPsec encryption
Encrypts the data/packets in transit within the network and outside the network for secure
communications. IPsec tunnel mode transport adds additional encryption to the packet this is
done within the router without the encryption key on the router on the other side it will not be
able read the packets being received. When being sent back the packet will receive an
additional layer of encryption.
This provides an automated solution for

-Authentication
-Integrity
-Confidentially
Update patch plan

Continuous updates are essential to a secure network, updates should be checked before being
rolled out across an organisation such as ANB to limit the potential damage being done. Its
recommended that a short period of time is allowed to pass before the installation of the latest
patch to read the feedback given by others who have installed it. ANB should consider waiter
for a month to pass before applying the previous update, when applying this update it is
recommended that the update is applied to a non-critical department such as test bench,
followed by marketing and if everything goes to plan rolled out across the network.

3.11 Testing check list
See below for checklist
Phase Device Virtual machine number Install the following Progression

Complete/Incomplete
Server PER-BM-1 0 -Windows server 2012r2
installation -Install Hyper-V
-Anti-virus software
1 -Promote to domain controller
-Active directory
-DNS
- Anti-virus software
2 -Remote desktop
3 -Windows back-up services
-SQL services
-DHCP
PER -BM-2 0 -Windows server 2012r2
-Install Hyper-V
-Active directory
2 -Remote desktop
-Windows back-up
PER -BM-3 0 -Windows server 2012r2
-Install Hyper-V
-IIS
1 -Files and storage services
-Remote desktop services
-Windows backup services
Configuration settings Commands
DNS Ipconfig /flushdns

Ping ping
Route tracert
ARP ARP -A
ARP ARP D *
IP Ipconfig /all

Complete/Incomplete
Server PER -BM-1 0 -WSUS
Configuration -Anti-virus scheduling
1 -WSUS
-Create look-up zones for -
DNS
-Sites and services
-Create a back-up schedule
-Anti-virus scheduling
2 -WSUS
3 -WSUS
-Create DHCP pool
PER -BM-2 0 -WSUS
1 -WSUS
2 -WSUS
-Intranet fail over clustering
PER -BM-3 0 -WSUS
1 -WSUS
-DFS (Distributed file server)
-DFS replication
-File server roles
-WDS (PXE) boot
Phase Device Item Progression

Complete/Incomplete
Testing Cat6 Cables
PER -I.T-1 Ping
PER -BM-1,2,3
PER -BM-3 -PXE boot images
-Check DNS for devices

Complete/Incomplete
Server ADE-BM-1 0 -Windows server 2012r2
-Active directory
-DNS
2 -Remote desktop
-SQL services
-DHCP
ADE -BM-2 0 -Windows server 2012r2
-Install Hyper-V
-Active directory
2 -Remote desktop
-Windows back-up
ADE -BM-3 0 -Windows server 2012r2
-Install Hyper-V
-IIS

Ping ping
Route tracert
ARP ARP -A
ARP ARP D *
IP Ipconfig /all

Complete/Incomplete
Server ADE -BM-1 0 -WSUS
1 -Create look-up zones for
DNS
-Sites and services
-WSUS
2 -Create a back-up schedule
-WSUS
-Create DHCP pool
-WSUS
ADE -BM-2 0 -WSUS
-WSUS
-WSUS
ADE -BM-3 0 -Create a back-up schedule
-WSUS
1 -DFS (Distributed file server)
-DFS replication
-File server roles
-WDS (PXE) boot
-WSUS

Complete/Incomplete
Testing Cat6 Cables
ADE -I.T-1 Ping
ADE -BM-1,2,3
ADE -BM-3 -PXE boot images
Phase Device Install the following Progression

Complete/Incomplete
Administration ADE -BM-3 -PXE boot image
-Encryption of documentation
-Account creation
-Server monitoring software
-Permissions
-Group policy
ADE -Mob-1 -Mass roll out of windows operating system
-Software
-Take an image of device
ADE -Tab-1 Mass roll out of windows operating system
-Software

Complete/Incomplete
Server MEL-BM-1 0 -Windows server 2012r2
-Active directory
-DNS
2 -Remote desktop
-SQL services
-DHCP
MEL -BM-2 0 -Windows server 2012r2
-Install Hyper-V
-Active directory
2 -Remote desktop
-Windows back-up
MEL-BM-3 0 -Windows server 2012r2
-Install Hyper-V
-IIS

Ping ping
Route tracert
ARP ARP -A
ARP ARP D *
IP Ipconfig /all

Complete/Incomplete
Server MEL -BM-1 0 -WSUS
DNS
-Sites and services
-WSUS
-WSUS
-Create DHCP pool
-WSUS
MEL -BM-2 0 -WSUS
-WSUS
-WSUS
MEL -BM-3 0 -Create a back-up schedule
-WSUS
-DFS replication
-File server roles
-WDS (PXE) boot
-WSUS

Complete/Incomplete
Testing Cat6 Cables
MEL -I.T-1 Ping
MEL -BM-1,2,3
MEL -BM-3 -PXE boot images

Complete/Incomplete
Administration MEL -BM-3 -PXE boot image
-Account creation
-Permissions
-Group policy
MEL -Mob-1 -Mass roll out of windows operating system
-Software
MEL -Tab-1 Mass roll out of windows operating system
-Software

Complete/Incomplete
Server LON-BM-1 0 -Windows server 2012r2
-Active directory
-DNS
2 -Remote desktop
-SQL services
-DHCP
LON -BM-2 0 -Windows server 2012r2
-Install Hyper-V
-Active directory
2 -Remote desktop
-Windows back-up
LON -BM-3 0 -Windows server 2012r2
-Install Hyper-V
-IIS

Ping ping
Route tracert
ARP ARP -A
ARP ARP D *
IP Ipconfig /all

Complete/Incomplete
Server LON -BM-1 0 -WSUS
DNS
-Sites and services
-WSUS
-WSUS
-Create DHCP pool
-WSUS
LON -BM-2 0 -WSUS
-WSUS
-WSUS
LON -BM-3 0 -Create a back-up schedule
-WSUS
-DFS replication
-File server roles
-WDS (PXE) boot
-WSUS

Complete/Incomplete
Testing Cat6 Cables
LON -I.T-1 Ping
LON -BM-1,2,3
LON -BM-3 -PXE boot images

Complete/Incomplete
Administration LON -BM-3 -PXE boot image
-Account creation
-Permissions
-Group policy
LON -Mob-1 -Mass roll out of windows operating system
-Software
LON -Tab-1 Mass roll out of windows operating system
-Software

Complete/Incomplete
Server SIN-BM-1 0 -Windows server 2012r2
-Active directory
-DNS
2 -Remote desktop
-SQL services
-DHCP
SIN -BM-2 0 -Windows server 2012r2
-Install Hyper-V
-Active directory
2 -Remote desktop
-Windows back-up
SIN -BM-3 0 -Windows server 2012r2
-Install Hyper-V
-IIS

Ping ping
Route tracert
ARP ARP -A
ARP ARP D *
IP Ipconfig /all

Complete/Incomplete
Server SIN -BM-1 0 -WSUS
DNS
-Sites and services
-WSUS
-WSUS
-Create DHCP pool
-WSUS
SIN -BM-2 0 -WSUS
-WSUS
-WSUS
SIN -BM-3 0 -Create a back-up schedule
-WSUS
-DFS replication
-File server roles
-WDS (PXE) boot
-WSUS

Complete/Incomplete
Testing Cat6 Cables
SIN -I.T-1 Ping
SIN -BM-1,2,3
SIN -BM-3 -PXE boot images

Complete/Incomplete
Administration SIN -BM-3 -PXE boot image
-Account creation
-Permissions
-Group policy
SIN -Mob-1 -Mass roll out of windows operating system
-Software
SIN -Tab-1 Mass roll out of windows operating system
-Software

3.12 Performance standards and quality expectations
Performance of the network can be done in many ways there are many tools and programs on
the market for monitoring certain things on the network counters can be added to the program
performance monitor to performance usage of the resources. This can be used to maximize
the usage of the resources. Popular counters are CPU usage, errors per second, Idle time of
the physical disk.
Software/tools for monitoring performance

-Microsoft network monitor 3.4
-Resource monitor
-Task manager
-Event viewer
-Wireshark
Network baseline is used to measure and rate the performance of a network. To have a
baseline the server needs to go undergo testing and reporting of physical connectivity,
network utilization, protocol usage, peak network usage and averages throughput of the
networks usage.
Once this information is collected this can be used to help identify problems with speed,
accessibility and vulnerabilities within the network. With this information future needs and
upgrades will be highlighted to assist in ensuring that the system is working at peak
performance.
Performance should be regularly reviewed on an ongoing basis reports created to ensure that
the network is working as designed. The network can be continuously tweaked to ensure that
the system is getting the most out of the physical machines this creates a benchmark cycle.
See below for a performance check list to get the most out of ANBs network

3.13 Threat model
A network needs to be able to withstand potential threats external and internally below is an
image that highlights some of the possible threats can be expected to be seen.

3.14 Threat management Plan
See below for some threats that may appear in a production environment
Risks Controls Comments
DDoS UTM Creating additional
Phishing emails Education offered to staff Not much can be done technically other
then inform the users of the networks of
what to look for and threats to the network.
Keylogging/Trojans UTM/firewalls/Switches Creating additional granularity maximizing
the likelihood of countering the threat.
Back-doors Firewall Will restrict access unless access is given as
a rule inside router.
Theft/ unauthorised sharing of information Encryption/Auditing Computers/devices without the encryption
certificate installed will not have access to
the document if encrypted with Kerberos.
Auditing can be used to track the access of
certain files located on the network.
Network outage Backup supply of power/UPS
uninterruptable power supply/surge
protectors

Below is some tip on better cyber security

3.15 Design security measures for network components
The solution for the ANBs network has been designed with security in mind these
components include:
-Segmentation of the network
-UTM
-Switches and the use of VLANs
-Firewalls
-Strong passwords
-VPN
-Encryption
-Updated software such as operating systems and anti-virus systems
3.16 Develop security policies

Group policies
Group policies can be used to limit the access of individual in groups within the domain to
create limitations of the access of resources within the network. These limits can be limiting
the use of USBs within the network and the loss of use of the control panel to members
within that groups Organizational unit. Departments will be given privileges to reset the
passwords or unfreeze accounts the users will need to go to an allocated member of staff with
in this department to seek help and if more assistance needed that person will get in contact
with the networks administrator.
Group policies can be used to ensure that the passwords are changed regularly and lock-out
policy this can be donthrough organization units. These can be changed to restrict access to
parts of the computer such as control panel.
Auditing policy
Audit policies can be used to record the uses accessing potentially sensitive material such as
the financial documents of a business or logging into the server. Auditing files can be used so
that the user accessing sensitive files and shared with unauthorized users can be caught.
Auditing can be used in scenarios listed below:

-Account management
-Directory service access
-Object access
-Policy change
-Privilege use
-Process tracking
-Account log-on events
-System events
-System events
-Account log-on events
The security log records when users perform certain actions, this enables administrators the
ability of monitoring of the network. This can be used through event viewer this tool can be
used to monitor the login to the server as well as the users accessing certain files. This leaves
a trail of who accessed what file when and in the event of a malware attack it is documented
when and where.

In the event of a user miss using his or her privileges the users privileges can be revoked or
account being frozen pending an investigation into the user of concern. The administrator
would simply have to go back through the logs and read who accessed which file in the event
3.16 Design auditing and incident response procedure
Why audit files in a network?

Auditing of a network is done in an attempt to analyze and gather information about a
network. Audit logs can be created on limited files with specific importance such as finance,
management departments.
Network audits are done for:

-Security
-Implementation of control
-Availability
-Management
-Performance
A member in the ANBs I.T. department will be given the responsibility of being in charge of
the auditing on a rotating basis. It isnt enough to set up Auditing it must also be checked on
an ongoing basis to ensure that the resources being supplied by the company ANB is being
used as per plan.

See table below for proposed auditing files
Departments Goal of securing /auditing Folder path if applicable Domain
ALL -Unsuccessful log in attempts -ANB.local

and successful -UK.ANB.local
-SING.ANB.local
I.T. -Login attempts to servers \\Corp-data\PER-FS-1\Finance\Backups -ANB.local

-Backup of data \\Corp-data\MEL-FS-1\Finance\Backup -UK.ANB.local
-Licence numbers for \\Corp-data\ADE-FS-1\Finance\Backups -SING.ANB.local
software/computers \\Corp-data\LON-FS-1\Finance\Backups
\\Corp-data\SIN-FS-1\Finance\Backups
\\Corp-data\PER-FS-1\Finance\Software
\\Corp-data\MEL-FS-1\Finance\Software
\\Corp-data\ADE-FS-1\Finance\Software
\\Corp-data\LON-FS-1\Finance\Software
\\Corp-data\SIN-FS-1\Finance\Software
Administration -Archives \\Corp-data\PER-FS-1\Finance\Archives -ANB.local

\\Corp-data\MEL-FS-1\Finance\Archives -UK.ANB.local
\\Corp-data\ADE-FS-1\Finance\Archives -SING.ANB.local
\\Corp-data\LON-FS-1\Finance\Archives
\\Corp-data\SIN-FS-1\Finance\Archives
Finance -Annual report \\Corp-data\PER-FS-1\Finance\Annual_report -ANB.local
\\Corp-data\MEL-FS-1\Finance\Annual_report -UK.ANB.local
\\Corp-data\ADE-FS-1\Finance\Annual_report -SING.ANB.local
\\Corp-data\LON-FS-1\Finance\Annual_report
\\Corp-data\SIN-FS-1\Finance\Annual_report
HR -Access to employee \\Corp-data\PER-FS-1\HR \database -ANB.local
databases \\Corp-data\MEL-FS-1\HR\database -UK.ANB.local
\\Corp-data\ADE-FS-1\HR\database -SING.ANB.local
\\Corp-data\LON-FS-1\HR\database
\\Corp-data\SIN-FS-1\HR\database
-Drawings file \\Corp-data\PER-FS-1\Design\drawings ANB.local
Design -Prototypes \\Corp-data\MEL-FS-1\Design\drawings UK.ANB.local
\\Corp-data\ADE-FS-1\Design\drawings SING.ANB.local
\\Corp-data\LON-FS-1\Design\drawings
\\Corp-data\SIN-FS-1\ Design\drawings
Production -Drawings file \\Corp-data\PER-FS-1\Production\drawings -ANB.local
-Machinery output \\Corp-data\MEL-FS-1\Production\drawings -UK.ANB.local
-Inventory \\Corp-data\ADE-FS-1\ Production\drawings -SING.ANB.local
\\Corp-data\LON-FS-1\ Production\drawings -ANB.local
\\Corp-data\SIN-FS-1\Production\drawings -UK.ANB.local
\\Corp-data\PER-FS-1\Production\Machinery_output -SING.ANB.local
\\Corp-data\MEL-FS-1\Production\Machinery_output -ANB.local
\\Corp-data\ADE-FS-1\Production\Machinery_output -UK.ANB.local
\\Corp-data\LON-FS-1\Production\Machinery_output -SING.ANB.local
\\Corp-data\SIN-FS-1\Production\Machinery_output
\\Corp-data\PER-FS-1\Production\Inventory
\\Corp-data\MEL-FS-1\Production\Inventory
\\Corp-data\ADE-FS-1\Production\Inventory
\\Corp-data\LON-FS-1\Production\Inventory
\\Corp-data\SIN-FS-1\Production\Inventory

3.17 VLANs
The use of VLANs creates segmentation and creates granulation of the network making the
network more secure. VLANs limit the chances of packets within the business being
intercepted through different programs. MAC addresses can be used to create restrictions of
the use of ports limiting the access of ports to unauthorized users within the network.
Each department will be allocated a VLAN number to this will isolate the packets within the
network, On each switch there will be areas in which users can access VLANs belonging to
other departments this will require the knowledge of the MAC address allocated to that
specific VLAN number without it, it will not authenticate and will not grant access to the
network.

3.18 VLANs
Perth
Table below shows reserved VLANS for departments within ANB

VLAN # Reserved uses
5
10 HR Management
15 Design departments
20 Administration
25 Information Services
30 Purchasing
35 Sales
40 Production
50 Production/Service Delivery
55
60
65
70
75
80
85
90
99 I.T./ Administrative
100 Testing

Below is a table with IPs for each switch located at each location
Switch VLAN 99 HR Design Administration Purchasing Sales Production I.T./
number Administrative Management department Administrative
1 back 192.168.99.1 192.168.10.1 192.168.15.1 192.168.20.1 192.168.30.1 192.168.35.1 192.168.40.1 192.168.45.1
bone
2 192.168.99.2 192.168.10.2 192.168.15.2 192.168.20.2 192.168.30.2 192.168.35.2 192.168.40.2 192.168.45.2
3 192.168.99.3 192.168.10.3 192.168.15.3 192.168.20.3 192.168.30.3 192.168.35.3 192.168.40.3 192.168.45.3
4 192.168.99.4 192.168.10.4 192.168.15.4 192.168.20.4 192.168.30.4 192.168.35.4 192.168.40.4 192.168.45.4
5 192.168.99.5 192.168.10.5 192.168.15.5 192.168.20.5 192.168.30.5 192.168.35.5 192.168.40.5 192.168.45.5
6 192.168.99.6 192.168.10.6 192.168.15.6 192.168.20.6 192.168.30.6 192.168.35.6 192.168.40.6 192.168.45.6
7 192.168.99.7 192.168.10.7 192.168.15.7 192.168.20.7 192.168.30.7 192.168.35.7 192.168.40.7 192.168.45.7
8 192.168.99.8 192.168.10.8 192.168.15.8 192.168.20.8 192.168.30.8 192.168.35.8 192.168.40.8 192.168.45.8
9 192.168.99.9 192.168.10.9 192.168.15.9 192.168.20.9 192.168.30.9 192.168.35.9 192.168.40.9 192.168.45.9
10 192.168.99.10 192.168.10.10 192.168.15.10 192.168.20.10 192.168.30.10 192.168.35.10 192.168.40.10 192.168.45.10
11 192.168.99.11 192.168.10.11 192.168.15.11 192.168.20.11 192.168.30.11 192.168.35.11 192.168.40.11 192.168.45.11
12 192.168.99.12 192.168.10.12 192.168.15.12 192.168.20.12 192.168.30.12 192.168.35.12 192.168.40.12 192.168.45.12
13 192.168.99.13 192.168.10.13 192.168.15.13 192.168.20.13 192.168.30.13 192.168.35.13 192.168.40.13 192.168.45.13
Below is a table with reserved ports to VLAN
Switch number VLAN 99 HR Management Design department Administration Purchasing Sales Production I.T./ Administrative
Administrative
1 back bone Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 25 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
2 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40

Melbourne VLAN table

5
10 HR Management
20 Administration
30 Purchasing
35 Sales
40 Production
55
60
65
70
75
80
85
90
100 Testing


1 back 192.168.99.1 192.168.10.1 192.168.15.1 192.168.20.1 192.168.30.1 192.168.35.1 192.168.40.1 192.168.45.1
bone
2 192.168.99.2 192.168.10.2 192.168.15.2 192.168.20.2 192.168.30.2 192.168.35.2 192.168.40.2 192.168.45.2
3 192.168.99.3 192.168.10.3 192.168.15.3 192.168.20.3 192.168.30.3 192.168.35.3 192.168.40.3 192.168.45.3
4 192.168.99.4 192.168.10.4 192.168.15.4 192.168.20.4 192.168.30.4 192.168.35.4 192.168.40.4 192.168.45.4
5 192.168.99.5 192.168.10.5 192.168.15.5 192.168.20.5 192.168.30.5 192.168.35.5 192.168.40.5 192.168.45.5
6 192.168.99.6 192.168.10.6 192.168.15.6 192.168.20.6 192.168.30.6 192.168.35.6 192.168.40.6 192.168.45.6
7 192.168.99.7 192.168.10.7 192.168.15.7 192.168.20.7 192.168.30.7 192.168.35.7 192.168.40.7 192.168.45.7
8 192.168.99.8 192.168.10.8 192.168.15.8 192.168.20.8 192.168.30.8 192.168.35.8 192.168.40.8 192.168.45.8
9 192.168.99.9 192.168.10.9 192.168.15.9 192.168.20.9 192.168.30.9 192.168.35.9 192.168.40.9 192.168.45.9
10 192.168.99.10 192.168.10.10 192.168.15.10 192.168.20.10 192.168.30.10 192.168.35.10 192.168.40.10 192.168.45.10
11 192.168.99.11 192.168.10.11 192.168.15.11 192.168.20.11 192.168.30.11 192.168.35.11 192.168.40.11 192.168.45.11
12 192.168.99.12 192.168.10.12 192.168.15.12 192.168.20.12 192.168.30.12 192.168.35.12 192.168.40.12 192.168.45.12
13 192.168.99.13 192.168.10.13 192.168.15.13 192.168.20.13 192.168.30.13 192.168.35.13 192.168.40.13 192.168.45.13
Administrative

Adelaide VLAN table
Reserved uses
VLAN #
5
10 HR Management
20 Administration
30 Purchasing
35 Sales
40 Production
55
60
65
70
75
80
85
90
100 Testing

1 back 192.168.99.1 192.168.10.1 192.168.15.1 192.168.20.1 192.168.30.1 192.168.35.1 192.168.40.1 192.168.45.1
bone
2 192.168.99.2 192.168.10.2 192.168.15.2 192.168.20.2 192.168.30.2 192.168.35.2 192.168.40.2 192.168.45.2
3 192.168.99.3 192.168.10.3 192.168.15.3 192.168.20.3 192.168.30.3 192.168.35.3 192.168.40.3 192.168.45.3
4 192.168.99.4 192.168.10.4 192.168.15.4 192.168.20.4 192.168.30.4 192.168.35.4 192.168.40.4 192.168.45.4
5 192.168.99.5 192.168.10.5 192.168.15.5 192.168.20.5 192.168.30.5 192.168.35.5 192.168.40.5 192.168.45.5
6 192.168.99.6 192.168.10.6 192.168.15.6 192.168.20.6 192.168.30.6 192.168.35.6 192.168.40.6 192.168.45.6
7 192.168.99.7 192.168.10.7 192.168.15.7 192.168.20.7 192.168.30.7 192.168.35.7 192.168.40.7 192.168.45.7
8 192.168.99.8 192.168.10.8 192.168.15.8 192.168.20.8 192.168.30.8 192.168.35.8 192.168.40.8 192.168.45.8
9 192.168.99.9 192.168.10.9 192.168.15.9 192.168.20.9 192.168.30.9 192.168.35.9 192.168.40.9 192.168.45.9
10 192.168.99.10 192.168.10.10 192.168.15.10 192.168.20.10 192.168.30.10 192.168.35.10 192.168.40.10 192.168.45.10
11 192.168.99.11 192.168.10.11 192.168.15.11 192.168.20.11 192.168.30.11 192.168.35.11 192.168.40.11 192.168.45.11
12 192.168.99.12 192.168.10.12 192.168.15.12 192.168.20.12 192.168.30.12 192.168.35.12 192.168.40.12 192.168.45.12
13 192.168.99.13 192.168.10.13 192.168.15.13 192.168.20.13 192.168.30.13 192.168.35.13 192.168.40.13 192.168.45.13
Administrative

Singapore VLAN table
Reserved uses
VLAN #
5
10 HR Management
20 Administration
30 Purchasing
35 Sales
40 Production
55
60
65
70
75
80
85
90
100 Testing

1 back 192.168.99.1 192.168.10.1 192.168.15.1 192.168.20.1 192.168.30.1 192.168.35.1 192.168.40.1 192.168.45.1
bone
2 192.168.99.2 192.168.10.2 192.168.15.2 192.168.20.2 192.168.30.2 192.168.35.2 192.168.40.2 192.168.45.2
3 192.168.99.3 192.168.10.3 192.168.15.3 192.168.20.3 192.168.30.3 192.168.35.3 192.168.40.3 192.168.45.3
4 192.168.99.4 192.168.10.4 192.168.15.4 192.168.20.4 192.168.30.4 192.168.35.4 192.168.40.4 192.168.45.4
5 192.168.99.5 192.168.10.5 192.168.15.5 192.168.20.5 192.168.30.5 192.168.35.5 192.168.40.5 192.168.45.5
6 192.168.99.6 192.168.10.6 192.168.15.6 192.168.20.6 192.168.30.6 192.168.35.6 192.168.40.6 192.168.45.6
7 192.168.99.7 192.168.10.7 192.168.15.7 192.168.20.7 192.168.30.7 192.168.35.7 192.168.40.7 192.168.45.7
8 192.168.99.8 192.168.10.8 192.168.15.8 192.168.20.8 192.168.30.8 192.168.35.8 192.168.40.8 192.168.45.8
9 192.168.99.9 192.168.10.9 192.168.15.9 192.168.20.9 192.168.30.9 192.168.35.9 192.168.40.9 192.168.45.9
10 192.168.99.10 192.168.10.10 192.168.15.10 192.168.20.10 192.168.30.10 192.168.35.10 192.168.40.10 192.168.45.10
11 192.168.99.11 192.168.10.11 192.168.15.11 192.168.20.11 192.168.30.11 192.168.35.11 192.168.40.11 192.168.45.11
12 192.168.99.12 192.168.10.12 192.168.15.12 192.168.20.12 192.168.30.12 192.168.35.12 192.168.40.12 192.168.45.12
13 192.168.99.13 192.168.10.13 192.168.15.13 192.168.20.13 192.168.30.13 192.168.35.13 192.168.40.13 192.168.45.13
Administrative

London VLAN table

5
10 HR Management
20 Administration
30 Purchasing
35 Sales
40 Production
55
60
65
70
75
80
85
90
100 Testing


1 back 192.168.99.1 192.168.10.1 192.168.15.1 192.168.20.1 192.168.30.1 192.168.35.1 192.168.40.1 192.168.45.1
bone
2 192.168.99.2 192.168.10.2 192.168.15.2 192.168.20.2 192.168.30.2 192.168.35.2 192.168.40.2 192.168.45.2
3 192.168.99.3 192.168.10.3 192.168.15.3 192.168.20.3 192.168.30.3 192.168.35.3 192.168.40.3 192.168.45.3
4 192.168.99.4 192.168.10.4 192.168.15.4 192.168.20.4 192.168.30.4 192.168.35.4 192.168.40.4 192.168.45.4
5 192.168.99.5 192.168.10.5 192.168.15.5 192.168.20.5 192.168.30.5 192.168.35.5 192.168.40.5 192.168.45.5
6 192.168.99.6 192.168.10.6 192.168.15.6 192.168.20.6 192.168.30.6 192.168.35.6 192.168.40.6 192.168.45.6
7 192.168.99.7 192.168.10.7 192.168.15.7 192.168.20.7 192.168.30.7 192.168.35.7 192.168.40.7 192.168.45.7
8 192.168.99.8 192.168.10.8 192.168.15.8 192.168.20.8 192.168.30.8 192.168.35.8 192.168.40.8 192.168.45.8
9 192.168.99.9 192.168.10.9 192.168.15.9 192.168.20.9 192.168.30.9 192.168.35.9 192.168.40.9 192.168.45.9
10 192.168.99.10 192.168.10.10 192.168.15.10 192.168.20.10 192.168.30.10 192.168.35.10 192.168.40.10 192.168.45.10
11 192.168.99.11 192.168.10.11 192.168.15.11 192.168.20.11 192.168.30.11 192.168.35.11 192.168.40.11 192.168.45.11
12 192.168.99.12 192.168.10.12 192.168.15.12 192.168.20.12 192.168.30.12 192.168.35.12 192.168.40.12 192.168.45.12
13 192.168.99.13 192.168.10.13 192.168.15.13 192.168.20.13 192.168.30.13 192.168.35.13 192.168.40.13 192.168.45.13
Administrative

Singapore VLAN table
5
10 HR Management
20 Administration
30 Purchasing
35 Sales
40 Production
55
60
65
70
75
80
85
90
100 Testing


1 back 192.168.99.1 192.168.10.1 192.168.15.1 192.168.20.1 192.168.30.1 192.168.35.1 192.168.40.1 192.168.45.1
bone
2 192.168.99.2 192.168.10.2 192.168.15.2 192.168.20.2 192.168.30.2 192.168.35.2 192.168.40.2 192.168.45.2
3 192.168.99.3 192.168.10.3 192.168.15.3 192.168.20.3 192.168.30.3 192.168.35.3 192.168.40.3 192.168.45.3
4 192.168.99.4 192.168.10.4 192.168.15.4 192.168.20.4 192.168.30.4 192.168.35.4 192.168.40.4 192.168.45.4
5 192.168.99.5 192.168.10.5 192.168.15.5 192.168.20.5 192.168.30.5 192.168.35.5 192.168.40.5 192.168.45.5
6 192.168.99.6 192.168.10.6 192.168.15.6 192.168.20.6 192.168.30.6 192.168.35.6 192.168.40.6 192.168.45.6
7 192.168.99.7 192.168.10.7 192.168.15.7 192.168.20.7 192.168.30.7 192.168.35.7 192.168.40.7 192.168.45.7
8 192.168.99.8 192.168.10.8 192.168.15.8 192.168.20.8 192.168.30.8 192.168.35.8 192.168.40.8 192.168.45.8
9 192.168.99.9 192.168.10.9 192.168.15.9 192.168.20.9 192.168.30.9 192.168.35.9 192.168.40.9 192.168.45.9
10 192.168.99.10 192.168.10.10 192.168.15.10 192.168.20.10 192.168.30.10 192.168.35.10 192.168.40.10 192.168.45.10
11 192.168.99.11 192.168.10.11 192.168.15.11 192.168.20.11 192.168.30.11 192.168.35.11 192.168.40.11 192.168.45.11
12 192.168.99.12 192.168.10.12 192.168.15.12 192.168.20.12 192.168.30.12 192.168.35.12 192.168.40.12 192.168.45.12
13 192.168.99.13 192.168.10.13 192.168.15.13 192.168.20.13 192.168.30.13 192.168.35.13 192.168.40.13 192.168.45.13
Administrative

4.1 Project plan for each location
See below is a table that lists what is required this table includes the delivery time of the
Talk to customer about TO DO Duration in day(s)
Consult with customer 0.5
Research 5
hardware/software
Create report 14
Consult with customer 0.5
Makes changes where needed 7
Test equipment including cabling 14
Configure servers 7
Create shares, templates, accounts, migrate data 21
make changes where 7
needed
Sign off 1
Total 84

The installation will be done in 3 phases these phases include the
Comments
Phase 1
Below is a table with a few tests used to test the
Testing After the purchasing of the electronic devices they are tested individually before being brought together network
offsite
Connecting the network Combining of the devices/equipment together the creation of shares and permissions testing prior to
together installation then brought down New cables will need to be tested before setting
Final set-up Bringing everything onsite after the tests are ran and passed to ensure minimal hiccups in the installation of up the network to ensure they are working
the equipment
making it easier than going back after
everything is plugged in to find the issue.
Tests to run Comments The data and emails will need to be transferred
Cabling Use cable tester to test for damage to the wire prior to installing
onto the new email addresses that will be set up
for ANB, as well as the migration of data
Test connection Ping NIC, domain, DNS already on the server which will needed on the
Trace route on routers
new server this may take some time if not
Wireshark Test the internal traffic weeks if its done slowly the migration and the
phasing out of the older server and the eventual
Test permissions After creating shares try to access shares without permissions turning off of the old server can be done with
minimal effect on the workers working at ANB.
Programs will need to be installed on the client computers, there will need to be a data base done to record all the computers softwares and
which software key is on which computer. The period that the licences end should also be recorded to make sure that you are not using a product
that is out of licence and violating the licencing agreement of using the software.
Environmental conditions are an important part of the Installation of equipment to make sure the environment doesnt damage the expensive
equipment and to protect the equipment from dust and moisture. Another important part of the Installation plan is to ensure the safety of the
equipment once delivered and installed.
Use the network design plan with the equipment and start placing equipment in the places where is plotted on the visual map. By using trolleys
and correct manual handling technique to minimise the chances of damaging the workers back.

The best time to install and set up the hardware/install updates is over the weekend or at a time where the building is not being used. After
purchasing the equipment the items will be sent in the mail or purchased in a brick and mortar shop after being received the software will be
installed with its settings set up so it isnt being set up on the site. Tests will be run on the new network to make sure the hardware is set up
correctly and all the components of the network work before moving it to the desire location. After driving to the site, inspecting the site the
items are moved around the location according to the physical diagram. The wires are then plugged into the devices together and then connected
to the switch then connected to the router then to the internet.
The wires are strapped together to stop the wires from clumping up and the wires crossing over each other and creating a mess. The wires would
run through pipes in the wall so that the wires arent being tripped over by people that pass by. After setting up the computer network the servers
settings should be checked so that the programs will automatically update minimising the need for it to managed as much as if it wasnt already
set up.
Start the migration of data slowly migrating the data and the setting up of the server so not to affect the current network.
4.2 Backup plan

I would recommend backing up the data by using a portable hard drive these are very portable devices and are very cheap. There should be at
least 3-4 devices 2-3 copies of the data of the. A portable hard drive is very portable and is also very cheap as well as being able to hold a large
amount of data.
Its important to have a security/back-up policy detailing of things of what to do in case of a disaster and information needs to be recovered.
After each full back up notes/descriptions are made on form to be filled out by authorised personnel. The anti-virus software should be updated
as regular as possible
and scanned regularly each day scanning the areas most likely to be at risk. Partial virus scans should be done at lunch every day in the areas
that are most used there should be scanned there should be a full scan every night when no one is using the server as this could affect more
people and making the server slower. There should also be a firewall located on the server to not only protect the server from the outside risks of
viruses but the risks that pose from other people having access to internal computers.
A backup schedule will need to be made and the data should be backed up to more than the one copy in the event of losing the device there are
other places where the data is stored. The data should be stored in a secure location as data can be really important for a business. The devices
should be kept in a well-ventilated room away from any electronic or magnetic signals, away from excessive heat or humidity this will protect
the device from damage. There should also be copies offsite in case of an event of a fire.

Keep electrical devices such as computers, hard drives, servers out of direct sunlight. There should be enough light so that there is enough light
to use the computer without seeing a reflection on the computer screen. The assets should be appropriately labelled with dates times and have the
appropriate documentation attached to it. The backup devices should be used with always a backup available from the previous week in case of a
server crash.
Electrical equipment should be absent from moisture as much as possible limiting the chances of water getting into power boards and other
electronic circuits. The whole computer network shouldnt be based on the one circuit multiple circuit boards should be used limiting the
downtime and potential losses from computers not monitoring production.
Portable hard drives should be separated and stored away from high voltage items/ magnets/large tapes as these creates a magnetic field which
can disrupt the data stored on the devices which can result in the loss of data. Electrical equipment should have ventilation and stored in a cool
environment to stop the build-up of hazardous substances. I would also recommend having a backup USB internet dongle/modem that can be
used in the event that the internet goes out this can be used to back up information a temporary fix until the internet is put back in place.
Weekly full backup form
Sunday Monday Tuesday Wednesday Thursday Friday Saturday

Week 1
Jobs(s) 20:00 20:00 20:00 20:00 20:00 20:00 20:00
scheduled Incremental Incremental Incremental Full backup Incremental Incremental Incremental
Operator on
duty
Week 2
Jobs(s) 20:00 20:00 20:00 20:00 20:00 20:00 20:00
Operator on
duty
Week 3
Jobs(s) 20:00 20:00 20:00 20:00 20:00 20:00 20:00
Operator on
duty
Week 4
Jobs(s) 20:00 20:00 20:00 20:00 20:00 20:00 20:00
Operator on
duty

Weekly backups should be done to save the data done once a week once this is done the other disks used during the week are reset for the next
week. The Removable hard disks can be plugged into any Management should be informed where required to make sure the data needed for
everyday running of the business is able to be accessed first in case of the server shuts down or to minimize the effect of a crisis on a business.
There should be a schedule made for checking the computer every day when not being used either before work or after work to completely scan
the computer for viruses which take because you want the antivirus scanner to go through the computer/server. You should also set the antivirus
system to update when there are available updates to make sure youre as safe as you can possibly be by keeping your system as up to date as
possible.

The storage of the sensitive data/backups should be stored off site where its less likely to get damaged in case of a fire. Important to make sure
the devices are kept away from the heat and shouldnt be left in a damp environment where it could damage the disks. Once a month the data
should also be saved to the cloud to make save the data and give it another layer of protection. There should be more than the one copy of
backups which should be locked away as the data may be sensitive and important to keep this safe.
Software should be monitored within a database to ensure that the business complies with the conditions of use of the software provided.
Databases should include which computer has which software and licence number. The details of the software should be kept in this database
including the expiry and which computer has which licence making sure that the software isnt installed more than the allocated amount.
Reminders can be set to pop up when a software licence key has been expired to remind the operator of business to renew or replace the software
used in that circumstance.
Once the server is set up with windows server update service (WSUS) which is a computer program used to update the Microsoft computers
regularly once new updates come available to the public. The server will have a virus scanner to protect it from attackers from the outside world
who may wish to steal the data or just to damage the computer system itself.
The server would download updates for the anti-virus and other essential software needed for the operation of a business/organisation such as the
ANB on which the computers that it had control over would then be sent the software updates and then installed rather than each computer doing
it individually. By doing this it limits the chances of mistakes its all automatic. This is set up along with while the server is being set up to get it
beyond the period of purchasing the network to make sure the server and network doesnt just break down as the system has stopped being
worked on.

The best way to look after your assets is to do preventative maintenance and clean the computers/parts components to stop the build-up of dust
which can make the computers/servers over heat its. I would recommend doing these activities to get the most out of your devices/assets.

Proposed ANB multi
domain solution
ANB

Document Acceptance and Release Notice
This document is Version 1.1 of the Disaster Recovery Plan
The Disaster Recovery Plan is a managed document. For identification of amendments each page contains a release number and a page number. Changes will
only be issued as complete replacement. Recipients should remove superseded versions from circulation. This document is authorised for release once all
signatures have been obtained.
PREPARED: Date: - -
(for acceptance) I.T. Manager
ANB
ACCEPTED: Date: - -
(for release) Disaster Recovery Report

Contents page
1.0 A risk management process involves

1.1 What is a risk?
1.3 The result of a risk management scheme implemented
1.4 Critical functions of ANB
1.5 Critical data and software
2.0 Physical security measures

2.1 Lock server room
2.2 Set up surveillance of server room
2.3 Usage of rack mounted servers
2.4 Protect back-ups
2.5 Disable drives
2.6 Regular Audits
3.0 Natural Disasters

4.0 Network
4.1 External threats
4.2 Types of firewalls
4.3 Intrusion detection alarm
4.4 VLANS
4.5 Demilitarized zone
5.0 Risk analysis

5.1 Risk tables
5.0 Internal
5.1 Account security
5.2 Password
5.3 Encryption

6.0 Data protection
6.1 Back-up strategies
A. Auto-mated back-ups
B. Media back-ups
C. Cloud
6.2 Hardware failure
6.3 RAID
7.0 Requirements
7.1 Statutory requirements/ Commercial constraints
8.0 Disaster recovery sign off

1.1 What is a risk?
A risk is the probability of an event and its consequences, risk management is the practice of using processes/ methods/ tool in engineering
solutions to these risks.
Risk management focuses on what can go wrong and implementing strategies that can deal with the future risks that are possible or likely to
happen during the life of the project roll-out/production environment.

- Methodically identifying the risks attached to your business however they may appear, these risks could appear in different in different
scenarios such as OHS the moving of heavy equipment such as servers and racks.
- Using a risk matrix assess the likelihood of an event happening
- Understanding which protocols to follow when responding to events occurring
- Putting contingency plans in place to deal with consequences of possible future events.
1.3 The result of a risk management scheme implemented

- Improvement of decision making planning and prioritisation
- Anticipation of potential risks to business
- Helps to highlight areas in high capital needs to be allocated to
- Greatly improves the probability of your business plan and budget will be delivered on time
1.4 Critical functions of ANB

ANB is a business that relies strongly on its computer network for sharing and accessing information in real time, creating an environment that
maximises the productivity of the workers with in the company. By creating a peer to peer network there are limitations on accessing of the
information by the speed of the internet and the devices being used to send and receive packets over the internet.

Some of critical functions in operation are:
Depatment Function
HR Management -Hiring
-Firing
-Awards & enterprise bargaining
-Pay rates and conditions
-Maintenance of employee records
Design departments Drawings/designs of the current parts in production along with the future prototypes of ANB.
Administration Clerical and record keeping tasks reception, filing and retrieval, mail
Information Services Maintenance of IT infrastructure and associated processes Acquisition of new equipment, backup
of data, maintenance of network, help desk, security measures in place for network.
Purchasing -Acquiring assets, the purchasing of additional servers, computers UTMs etc
-Disposing of assets such as aged computers
-Licence numbers for software/computers
-Practical asset management (in association with accounting)
-Buying goods/services required by the organisation to deliver its services or make its product/s
Sales -Supply of the product to the customer, banking information and potential confidential details.
Production -Marketing, designs and work related emails
Production/Service Delivery -Making ANB products and delivering the services the organisation is concerned with

1.5 Critical data and software
ANB is a business that relies strongly on its computer network for sharing and accessing information in real time, creating an environment that
maximizes the productivity of the workers with in the company. By creating a peer to peer network there are limitations on accessing of the
information by the speed of the internet and the devices being used to send and receive packets over the internet.
Some of critical data and software in operation are:
Depatment Function
HR Management -Privacy obligations/government regulation
Design departments -Drawings/designs of the current parts in production along with the future prototypes of ANB.
-work related emails
Administration -Record keeping

-Work related emails
-Plans for expansion
Information Services -Backup of data

-Maintenance of network
-Security measures in place for network
-Keeping track of paper certificates of the internal components of devices on network
- Licence numbers for software/computers
-Schedules of backups and scans
-Encryption keys
Purchasing -Practical asset management (in association with accounting)

-Buying goods/services required by the organisation to deliver its services or make its product/s
-Delivery times and location of new parts/devices
Sales -Banking information

-Potential confidential details.

Production -Designs
Production/Service Delivery -Making ANB products and delivering the services the organisation is concerned with
-Delivery of units
What is a back-up?
A backup refers to copying of a physical or virtual file to a secondary device or site for preservation in the event of a equipment failure, fire or
other unforeseen catastrophes. Back-ups can be executed in different ways depending on the goal and the disaster recovery plan. Back-ups can
be done remotely and automatically.
2.0 Physical security measures

2.1 Lock server room
ANB faces issues of information being accessed by someone who is unauthorized to use it for potential financial gain/sharing information with
third party such as a competitor or insider trading. This can be addressed through adding compartmentalisation within the business to limit
access on a strictly need to know basis giving people enough information privileges required to do their job nothing more.
2.2 Set up surveillance of server room

The server rooms in the ANB network needs to be locked up to limit the access of the server room, this should have strict access control
methods potentially with security cards to keep track of who has been in the server room this comes into use for auditing purposes. The server
room could potentially have cameras and security guards the security is limited only by the budget of ANB.
2.3 Usage of rack mounted servers

Usage of rack servers are ideal because not only do they take up less space they are also secure, they can be locked away in racks and bolted to
the floor making the rack extremely difficult to move.
2.4 Protect back-ups

Backing up data is an essential part of network recovery but its important to remember that these media devices storing the data/information can
be stolen and used by an unauthorized individual outside of the company. The media devices should be stored in multiple locations under lock

and key to ensure security of the data ideally offsite.
2.5 Disable drives

USB, floppy disk and other means of external drives can be used to access company information and can be disabled through group policy.
Some organisations go as far as inserting glue in the external drives to permanently prevent its use.
2.6 Regular Audits

In the event of a user miss using his or her privileges the users privileges can be revoked or account being frozen pending an investigation into
the user of concern. The administrator would simply have to go back through the logs and read who accessed which file in the event of files
being leaked out of the company.
Auditing can be used in scenarios listed below:

-Account logon events
-Account management
-Directory service access
-Object access
-Policy change
-Privilege use
-Process tracking
-System events
The security log records when users perform certain actions, this enables administrators the ability of monitoring of the network. This can be
used through event viewer this tool can be used to monitor the login to the server as well as the users accessing certain files. This leaves a trail of
who accessed what file when and in the event of a malware attack it is documented when and where.
Hardware auditing
Software such as (Spiceworks) can be used to do audits of devices this ensures that each device has the right licences allocated to that device,
these licences are not being used on multiple devices simultaneously using the plans/paperwork is a good way to keep track of the components
and software within each device.

3.0 Natural Disasters
As we live in the real world the real world there are risks attached to operating a business, as ANB is a business. The following tables show
some of these risks and they include:
Disasters/Threats Effects of disaster Solution

Natural disasters Fire Ventilated floors with good circulations that can pass the smoke/heat from the
Risks/threats to the network/electronic devices such as the melting of the rooms in which the servers are located in. This is used to pass the smoke to the
devices and the complete destruction of the building. Smoke can be a problem exterior of the building and to maximize flow of air acts in a way to cool the
not only is it hazardous and lethal to people it can damage electronic servers in the addition of the usage of an air conditioning unit.
componence such as fittings and filters attached to the electronic devices.
Flood Floors raised to allow water from a leak or a flood to drain out of the server
Risks/threats to the network/electronic devices such as room
From a large amount of rain falling in a short time, overwhelming the storm
water system, causing inundation.
Earth quakes Ensure regular inspections and maintenance of buildings to ensure the structure
Risks/threats to the network/electronic devices such as buildings are destroyed, of the building
rendered unsafe or partially damaged power is cut other services such as
telecommunications, water and gas are disrupted
Electronic -Hackers can use different methods to disrupt or take a business to ransom With the use of UTM (Universal threat management) device along with a
these methods include; denial of services, Malicious code/viruses. firewall/ router.
-Malicious code can be used to gain unauthorized access to a computer and
access data or potential confidential information attached to the company. Filtering options
-Denial of service is a method in which ANBs website can be brought down System protection alternative include
through the flooding of requests wanting to access the same page. This can Stateless this is achieved through the filtering of traffic using set filters others
cause damage to servers and hard ware in addition to affecting productivity of that are not wanted or required are discarded. Allowing access from certain
the workers within ANB. ports denying access from others.
Stateful filtering
Looks inside every packet more expensive option, more thorough option
Hardware failure Computers can fail at any time at ANB and can have a significant effect on the Uninterruptable power supply (UPS) / RAID/ MIRROR/ hyper-V replica/ fast
productivity of ANB to function its important that each department at each replacement of parts/ Power generator
location to be able to talk to each other as the products are being produced at
multiple locations simultaneously.
Telecommunications and Power Outages ANB need to have contingency plans in the event of power outages such as Uninterruptable power supply (UPS) / Power generator /VOIP phone
back-up power generators and uninterruptable power supply. The effect for a
business not prepared for an event like this can put production to a halt and the
loss of serious money potentially lives of workers working in the production
line at ANB.

4.0 Network
4.1 External threats
DDoS/hack attacks
This is a real potential issue for ANB as it can do potential damage to hardware within the business can be used as sabotage or a way to extract
money from the business. The likely of this happening can be dramatically decreased through using UTM (Universal Threat Management)
devices paired with routers that can filter the packets looking for patterns that may be a potential threat to the network. Through the continuous
updating of the equipment and subscriptions of devices such as virus scanners and keeping the operating system up to date with patches that
address previous flaws are an essential part of the security.
As part of a package to some virus/scanners Administrators can be emailed in real time when threats appear such as suspicious activity to give
the Administrator time as much possible to breach the potential security breach. The server would download updates for the anti-virus and other
essential software needed for the operation of a business/organisation such as the ANB on which the computers that it had control over would
then be sent the software updates and then installed rather than each computer doing it individually. By doing this it limits the chances of
mistakes its all automatic. This is set up along with while the server is being set up to get it beyond the period of purchasing the network to
make sure the server and network doesnt just break down as the system has stopped being worked on.
ANB faces issues of information being accessed by someone who is unauthorized to use it for potential financial gain/sharing information with
third party such as a competitor or insider trading. This can be addressed through adding compartmentalisation within the business to limit
access on a strictly need to know basis giving people enough information privileges required to do their job nothing more.
Security vulnerabilities of wireless and the internet

With todays every expanding knowledge of technology and innovation there are many tools available to use to improve productivity in a
workplace or in the everyday internet users home. With these leaps in technology has created unexpected consequences for the everyday user or
business.

Malicious software can be delivered in many different ways from a simple USB, through email which people are deceived into clicking on a link
that is purposely deceitful in the attempt of getting the computer user to run the executable software/code that can have disastrous effects on a
network.
One of the technological advancements is wireless access to the internet this requires a log in username and a password can be set to clamp down
on access to the network from unauthorised users of the network. People can use their own devices to take advantage of the wireless network and
can be used to connect to the network; this is harder to enforce security/policies.
Wireless frequencies as much as this can be a significant advantage in accessing information around the workplace of sharing information and
accessing of files this information needs to be secured. This information can be accessed through accessed through different frequencies the
main issue with this is simply having an insecure password that can be easily guessed through a password that lacks complexity
See below for available frequencies that can be connected through to electronic devices.
The main factors that affect wireless signal strength.

-Local environment/Physical objects/obstructions
-Wireless Network Interference
-Signal Sharing
-Distance between devices.
-Network usage
-Poorly set up antennas
-Spectrum channel limitations
-Wireless signal restrictions
4.2 Types of firewalls

What is a firewall?
A firewall is a network device that can be both software and hardware that is used to monitor in and out going traffic and decides what traffic to
allow or deny depending n pre-set rules within the device.
In a networking environment there are many types of firewalls these firewalls include
Types of firewalls Description
Application/Proxy firewalls Proxy service is a method in which information on the internet is retrieved by the firewall and sen to
the desired location and vice versa.
Stateless/Packet filtering Stateless this is achieved through the filtering of traffic using set filters others that are not wanted or
4.3 Intrusion detection alarm
required are discarded. Allowing access from certain ports denying access from others.
Stateful filtering Looks inside every packet more expensive option, more thorough option Some antivirus systems such as Trends
Hardware firewalls These devices are built for the primary reason for the protection of a network these devices are called
business solution can send out emails to inform
UTM (Universal Threat Management) devices they have great granularity and can do many things
simultaneously they range in cost from hundreds to tens of thousands. the systems administrator in the event data is
Software being transferred, or any suspicious activity that
These Firewalls are included in routers and on your computer these Firewalls are less powerful and
can do significantly much less then a UTM (Universal Threat Management) device.
may being done on the network. This gives the
administrator notification in real time so the Administrator has more time to deal with a potential internal or external threat to ANBs system.
4.4 VLANs
Usage of VLANS (Virtual LANS) in addition to increased use of switches are a good security measure to ensure the compartmentalisation and limiting the
access of programs such as packet sniffing or Wireshark that attempt to intercept traffic within the network of the business.
4.5 Demilitarized zone

What is the Demilitarized zone?
The Demilitarized zone in a location in which its hosted on neutral ground where can be accessed both internally and externally from the network. As the
server can be accessed by so many people the general public it is given its own network and subnet mask this creates a one-way access by the systems

administrator the the webserver. The server hosting the ANB site will have 2 NICs and will be a stand-alone server in the event of the server being hacked
limiting access to the network through the use of firewalls/routers.

5.0 Risk Analysis
5.1 Risk tables
Key to Risk Rating Symbols used see table below
Rating for Likelihood and Seriousness for each risk

L Rated as Low E Rated as Extreme (Used for Seriousness only)
M Rated as Medium NA Not Assessed
H Rated as High
Grade: Combined effect of Likelihood/Seriousness

Seriousness
low medium high EXTREME
low N D C A
Likelihood
medium D C B A
high C B A A
Recommended actions for grades of risk
Grade Risk mitigation actions
A Mitigation actions to reduce the likelihood and seriousness to be identified and implemented as soon as the project
commences.
B Mitigation actions to reduce the likelihood and seriousness to be identified and appropriate actions implemented during
project execution.

C Mitigation actions to reduce the likelihood and seriousness to be identified and costed for possible action if funds permit.
D To be noted - no action is needed unless grading increases over time.
N To be noted - no action is needed unless grading increases over time.

5.0 Risk Analysis
5.1 Risk tables
Key to Risk Rating Symbols used see table below
Rating for Likelihood and Seriousness for each risk

L Rated as Low E Rated as Extreme (Used for Seriousness only)
M Rated as Medium NA Not Assessed
H Rated as High
Grade: Combined effect of Likelihood/Seriousness

Seriousness
low medium high EXTREME
low N D C A
Likelihood
medium D C B A
high C B A A

RID Description of Risk Impact on System Change Date of Review Risk Prevention Disaster Response Responsible person(s) Cost in Australian dollars Timeline for
references reference and in mitigation actions
Grade (combined
Likelihood and
Assessment of
Assessment of
Seriousness)
Seriousness
Likelihood
<R> Natural disaster: Flood From a large amount of Floors raised in server room and Every 3 months Before installation of In this scenario it is -I.T. Manager Loss of time :1 week Immediately after the
rain falling in a short keep electronic devices off the server ensure there is highly important to fact or when safe to do
time, overwhelming the ground where possible. drainage to the protect data from water In dollars:1000s so
storm water system, LOW MED MED outside world, keep as it could affect the
causing inundation. wires maintained network and its
devices.
R1 Electronic: This could have an affect Have complicated passwords, the use Every 6 months Regularly change Administrators should -I.T. Manager Loss of time : 1-2 hours Immediately after the
External/Internal attacks on ABNs ability and of firewalls and VLANs and virus passwords to the be emailed in the event -ANB I.T. employee fact or when safe to do
to ANBs network potentially can be used to scanners wireless, keep the of a breach, network In dollars:UNKNOWN so
access the network LOW C HIGH passwords secret. should be scanned and
threat can be addressed
R2 Power outage Without power the server Have alternative methods of Every 6 months UPS will ensure that If prevention strategies -I.T. Manager Loss of time :1-7 day(s) Immediately after the
and all other operations powering the network UPS/back-up the server is are followed the -ANB I.T. employee fact or when safe to do
stop instantly generator in place. constantly being network should still be In dollars:1000s so
supplied power. back- available for use
up will follow this
LOW A HIGH followed by back-up
power supply brought
online
R3 Hardware failure: Computers can fail at any Uninterruptable power supply (UPS) Every 3 months Ensure that there is The server/hardware -ANB I.T. employee Loss of time : 1-2 hours Immediately after the
Hard drive down time at ANB and can / RAID/ MIRROR/ hyper-V replica/ high availability will need to be fact or when safe to do
have a significant effect fast replacement of parts/ Power through network addressed this will In dollars:100s so
on the productivity of generator balancing and fail come at a cost but if the
ANB to function its over clustering are network is set up
important that each LOW C HIGH functioning and are correctly the outages
department at each enabled will be minimal. Switch
location to be able to talk out the hard drive with
to each other as the a spare.
products are being
produced at multiple
locations simultaneously.
R4 Telecommunications Telecommunications is Use a combination of methods of Every 12 months Telecommunication In the event of an -I.T. Manager Loss of time : 1-2 hours Immediately after the
outages an essential part of ANB communication through VOIP, methods and outage from a service -ANB I.T. employee fact or when safe to do
working in a cost Landlines and mobile phones alternatives should be provider the redundant In dollars:UNKNOWN so
effective and efficient LOW C HIGH through different providers in place before being communications
way. in operation. methods are brought
online.

RID Risk/ Declaring the Description of disaster response steps Resources Needed Date of Review Timeline for
Disaster item disaster action(s)
<P> Natural disaster: IT Manager/ ANB -Have a meeting with the team responsible for the network -Racks Every 3 months When possible
Flood I.T. employee -Check UPs to ensure that power is being supplied to the network devices -Benches to do so
-Ensure back-up has been taken place -Drainage system
-Power up back-up generator
- Turn off non-essential devices
R1 Electronic: IT Manager/ ANB -Isolate affected network if possible/ disconnect from network -Antivirus software Every 6 months When possible
External/Internal I.T. employee -Run antivirus/malware software to eliminate the threat -Data backup solution to do so
attacks to ANBs -Scan all systems to detect any further threats
-Identify where the threat came from
network
-Update/upgrade the relevant software
-Securely backup all data
R2 Power outage IT Manager/ ANB Identify what component is missing, and what function it serves -UPS Every 6 months When possible
I.T. employee Research alternative sources to acquire components -Data back-up policy to do so
Continue with any work that doesnt require that component -Power generator
Identify what caused the equipment no to arrive on schedule
R3 Hardware failure: IT Manager/ ANB -Identify the broken device on inspection -Bare metal server Every 3 months When possible
Hard drive down I.T. employee -Find a spare piece of hardware to switch the old server out -Spare hard drive to do so
R4 Telecommunications IT Manager/ ANB -Have a meeting with the team responsible for the network -VOIP phone Every 12 months When possible
outages I.T. employee - Have a meeting with the team responsible for the network -VOIP directory for each to do so
-Bring online the VOIP network locations
- Give out alternative directory -Mobile phone

PID Description
Descriptionof
ofprevention
preventionmethod
method Resources
ResourcesNeeded
Needed Timeline for
Timeline for action
action
<P> Specific software is needed to complete server configuration This software should have -Benches Immediately after the fact or when safe to do so
been delivered earlier into development -rack server
P1 External attacks/Internal -Switches Immediately after the fact or when safe to do so

-Routers
-UTM
-Secure passwords
-Virus -scanner
P2 Power outage -UPS Immediately after the fact or when safe to do so
-back-up
-power supply
P3 Back-up policy/Schedule -Hard drive Immediately after the fact or when safe to do so
-Partioned drive
-Paper work to match back-up
P4 Password Policy -Group policy Immediately after the fact or when safe to do so
P5 Physical Protection -server rack Immediately after the fact or when safe to do so
-Dedicated server room
-Security measures (locks, etc.)
P6 Natural disaster: Flood Keep cabling protected and electronic devices off the floor -Drainage system within server room Immediately after the fact or when safe to do so
-Isolate cabling from any water source if
safe to do so
P7 Natural disaster: Fire this should be planned for and prevented against using fire protection -Firefighting equipment Immediately after the fact or when safe to do so
and dedicated fire safe server room

6.0 Internal
6.1 Account security

multiple accounts will be set up with different permissions so to limit the use of
administrator. This will make the network more secure in that if the network is compromised
in a certain area they will not get administrator permissions across the entire network. Their
ability will be restricted through the suspension of the account until the more details of the
security breach in known. Group policy will ensure that this password is changed regularly.
6.2 Password
Passwords of users should be updated regularly this can be set through group policy with
mixed characters, with an expiry within a certain period of time to ensure that passwords are
regularly being changed so that in makes these authorised accounts are less likely to be
accessed. This is paired with auditing of specific network files and encryption.
6.3 Encryption
ANB needs to have its data encrypted to ensure the security of the information and
confidentially of the business taking away the users access from the documentation whilst not
on a specified computer. Multiple keys/certificates can be used one public; one private both
required to read the specified files a function of this is included in specified UTM devices. To
limit the chances of packets being intercepted a VPN can be used can be gained through a
Internet service provider or ISP this ensures security, reduces cost and control of remote
devices/sections of the business. Dark lines can be used at a premium these lines have less
users their speed are greater because off these lines have less users they tend to be private and
used mainly by businesses and corporations who have security concerns those who dont
want be part of the general publics traffic.
7.0 Data protection
What is a back-up?
A backup refers to copying of a physical or virtual file to a secondary device or site for
preservation in the event of a equipment failure, fire or other unforeseen catastrophes. Back-
ups can be executed in different ways depending on the goal and the disaster recovery plan.
Back-ups can be done remotely and automatically.
7.1 Back-up strategies

A. Automated back-ups
Back-ups can be set on an automated basis this is usually done when the network is done
usually at night or during a point in time in which the network usage is lower after a virus
scan has been completed. The advantages of this are it limits the input required by the
network administrator.
Disadvantages of back-ups being stored on the network is that if there was a hardware failure
the data on the network will be significantly harder to be accessed then the other back-up
alternatives.
B. Media back-ups
The storage of the sensitive data/backups should be stored off site where its less likely to get
damaged in case of a fire. Important to make sure the devices are kept away from the heat
and shouldnt be left in a damp environment where it could damage the disks. Once a month
the data should also be saved to the cloud to make save the data and give it another layer of
protection. There should be more than the one copy of backups which should be locked away
as the data may be sensitive and important to keep this safe.
Disadvantage of this is the device unless stored correctly or in a safe place can be accessed by
unauthorized users which can then be passed on to competition or can be used in cases of
insider trading.
C. Cloud
Cloud services can be purchased through providers, this gives an additional layer on
protection of the data. This data can be accessed by people at each location the log in
information for this would have be to recorded in the event that this information needs to be
accessed in the event of an emergency. The log in information will to be kept purely on a
need to know basis but needs to be simple enough for it not to effect its ease of access.
The disadvantage of cloud storage is, that it requires a significant amount of internet usage
that can potentially cripple the productivity within the business in the event of a disaster and
wanting to download and apply this to the network.
The ideal back-up plan would have a combination of one or more of these stored at strategic
locations.
7.2 Hardware failure

Hardware failure
Is a serious issue within a business, through maintaining and looking after the equipment it is
important to have copies of the information on multiple devices such a RAID server or a
mirror server that gives a business greater up time and giving the network administrator more
time to fix the network. It is also recommended to have redundant links in a network that can

pick up traffic in the event of one leg going down which wont then stop the production or the
passing on of potential critical information, information that may need to be relied on in real
time.
7.3 RAID
What is a RAID?
RAID stands for Redundant Array for Inexpensive Disk, in general a RAID-enabled systems
used multiple hard disks to improve the performance of the server to increase the level of
redundancy and tolerance for a machine.
The data that is being processed is being shared on all disks so in the event of a disk being
damaged the system will self-heal, the other disks will take up the slack created from the hard
drive that is down.
The advantage of this is it gives the network administrator more time to fix a potential broken
or corrupt hard drive and increases the availability of the server that is essential in ANBs
ability to function.

8.0 Requirements
8.1 Statutory requirements/ Commercial constraints
requirements relevant to the organization
For a business to function, ANB needs to comply with the set out legislation put into law in the following
jurisdiction which will be different depending on in which state/jurisdiction he branch of ANB is operating
in.
Legislation attached to ANB:

Occupational safety and health act 1984
Occupation safety and health regulations 1996
Work safe WA
Environmental protection legislation

Waste avoidance and resource recovery act
Waste Avoidance and Resource Recovery Regulations 2008
Waste Avoidance and Resource Recovery Levy Act 2007
Waste Avoidance and Resource Recovery Levy Regulations 2008

9.0 Disaster recovery sign off
This plan was reviewed on ___________ by ____________
Signed ___________________________________________
The next review date for this document is on ___________

6. Conclusions and recommendations
We used the business requirements and specifications to create a system network and a
maintenance plan. The system is installed and set up we believe that we have done everything
that was required in the original agreement. We are able to come past once a week for two
weeks to ensure the system is working as originally designed and to make sure theres no
errors and make sure things are going smoothly for the business.
The system that has been purchased will require the system to be maintained and updated. A
qualified person will be need to monitor the server from time to time to ensure its doing what
it was originally intended to do. We would be able to service the equipment if required for a
monthly fee for one call out a month any more then that call out will cost 50 dollars as a call
out fee and will be charged 50 dollars an hour until the issue is fixed. The system will need to
be serviced from time to time and this is a cheaper alternative then hiring someone who may
not know the system as well as the people that have created it. We can also provide services
to update the software installed on the computers and servicers.
After a period of 6 months when the people are used to using the network and error at this
point the users will give feedback to the managers on the good and the bad about the network.
The review will be used to make improvements to the current software if needed and plan to
fix the downfalls in the current system.

I _____________ agree that the services laid out in this plan in has been provided and I am
happy with the standard that the services that is being provided adequately covers all the
bases that is required for the visual impairment association. I agree that I accept the terms and
conditions laid out in the report

Appendix
Auditing of the log in/access of the

Active directory server
Automated back-up saved to a specified

location on the network
Images located on WDS include a image

taken from default device to be rolled out
on network via using sysprep in addition
to the updates.

Replication set up for all four locations
Perth, Adelaide and Melbourne name
space Organisationdata
DNS image includes the devices attached

to the server.
Kerabros encrypting the data, can access

the certificate to read the encrypted file
through "certmgr.msc exported to a
USB and added to a server dedicated to
encryption keys.
Control panel blocked through group

policy

Access to shares
Account security forced password

changed after certain amount of day
characters needed etc.
Resource monitor can be used to creator

counters looking for specific
Intersite transfer Perth, Melbourne,

Adelaide

Windows system update section which
can be set up manually or can be used to
look up updates which can then be
checked out before being rolled out on
the network
Quota through file resource manager
Trouble shooting applications:

Resource manager
Performance monitor

Proposed ANB Multi Domain Solution

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Proposed ANB Multi Domain Solution

Enviado por

Direitos autorais:

Formatos disponíveis

Proposed ANB multi domain

2. Requirements and Constraints

Harry McCourt ANB 14/11/17

1.1 Background of the organization

1.2 Scope of the project

Organisational guidelines will need to be drawn up for the user of

What this project includes

What this project doesnt include

Harry McCourt ANB 14/11/17

2.1 Functional Requirements

Some of the issues that need to be addressed are;

Harry McCourt ANB 14/11/17

2.2 Non-functional Requirements

Harry McCourt ANB 14/11/17

Harry McCourt ANB 14/11/17

Below is proposed machine layout for Perth

Perth 1 PER-BM-1 PER-VM-1 -Domain controller Primary DC

PER-VM-2 -Remote desktop

2 PER-BM-2 PER-VM-1 -Domain controller

PER-VM-2 -Remote desktop

3 PER-BM-3 PER-VM-1 -Files and storage

PER-BM-4 Hosting website

Devices Start End

Machine Network IP Subnet Network class

Harry McCourt ANB 14/11/17

Harry McCourt ANB 14/11/17

Harry McCourt ANB 14/11/17

Location Physical machine Name of server VM machine Roles Comment

MEL 1 MEL-BM-1 MEL -VM-1 -Domain controller Primary DC

MEL -VM-2 -Remote desktop

2 MEL -BM-2 MEL-VM-1 -Domain controller

MEL -VM-2 -Remote desktop

3 MEL-BM-3 MEL -VM-1 -Files and storage

Harry McCourt ANB 14/11/17

Devices Start End

Melbourne departments see below

Personnel Managers Their staff Comment

Harry McCourt ANB 14/11/17

Harry McCourt ANB 14/11/17

Harry McCourt ANB 14/11/17

Location Physical machine Name of server VM machine Roles Comment

Adelaide 1 ADE-BM-1 ADE -VM-1 -Domain controller Primary DC

MEL -VM-2 -Remote desktop

2 ADE -BM-2 ADE -VM-1 -Domain controller

ADE -VM-2 -Remote desktop

3 ADE -BM-3 ADE -VM-1 -Files and storage

Devices Start End

Harry McCourt ANB 14/11/17

Machine Network IP Subnet Network class

Adelaides departments see below

Harry McCourt ANB 14/11/17

Harry McCourt ANB 14/11/17

Harry McCourt ANB 14/11/17

Location Physical machine Name of server VM machine Roles Comment

London 1 LON-BM-1 LON -VM-1 -Domain controller Primary DC

MEL -VM-2 -Remote desktop

2 LON -BM-2 LON -VM-1 -Domain controller

LON -VM-2 -Remote desktop

3 LON-BM-3 LON -VM-1 -Files and storage

Devices Start End

Machine Network IP Subnet Network class

Harry McCourt ANB 14/11/17

Harry McCourt ANB 14/11/17