welcome to our presentationPresented by:Selamawit Hunelegn
Abiy GirmaEskinder Getachew
1
INTERNSHIP PROJECT VISION2000 LAN DESIGN AT
INSA(information network security agency)
2
Content Background about the company
Problem statement Objective Project Conclusion and recommendation Internship experiance
3
Background of the companyINFORMATION NETWORK SECURITY AGENCY (INSA) Government institution
established in 2000 E.C
Currently it is one of the
most competitive intelligence institution in our country4
Product and serviceo Software development o Hard programming o Network and network security
contd
Some of the product of INSAo Digital Audio Recording and Archiving System (DARAS)o Answering Machine o Digital Video, Audio and Image Archiving System (DVAIAS) o Land Information (cadastre) system
o Emergency and Risk Management System (ERMS)o Secure Data Communication System(SDC)
5
Project We have been working on network department
They gave us all the requirement to design LAN
for a company named VISION2000 We analyzed the requirements and come up with some problems
6
problem All the traffic go to one switch (back bone) cause traffic congestion If the backbone switch fail the whole network will goes down Not scalableo No reserved IP address o Doesnt support network device from another vender
no server based antivirus system and susceptible to intruder7
Objective of the project design and implement secure, reliable, and
affordable network infrastructure whichenable the company to communicate easily and efficiently.
8
contd.. We believes that this network design offers the
following features Scalable network LAN Up-to-date technology performance Security Availability Manageable Adaptability Affordability9
Requirements of VISION2000 The design and deployment of LAN that support
network infrastructure like Website
Internet Mail
10
Scope of the project
Design and deployment of network That is suitable for application like the company website, mail,Internet and other information system.
With high security secure the data center server
Creating different access level for the users of the company.
11
contd.. Expected application that can run in these
network infrastructure Dynamic website Internet Mail Antivirus
12
LAN Design Goal of LAN design
is to meet requirement of the Vision 2000
by creating scalable, available, secure, goodperformance and affordable local area network.
13
contd.. the design have the following consideration LAN protocols and technology considerations; LAN device considerations;
14
contdNetwork devices
Access Switch: Cisco catalyst 2960 used to connect workstations.
Distribution switches: Cisco catalyst 4507 There are two, including redundancy, Cisco distribution switches in the Vision 2000
LAN. Routing and policy based security will be configured in these switches Serves as a DHCP server for the internal workstations. VLANs should be created to separate traffic flows among different VLANs. Other best practice security configurations will be implemented
15
VLANs , IP Planning & protocols
VLAN Planning Number of
When planning VLAN we consider :VLAN (based on department)(based on the requirement)
Number of user per VLAN VLAN range
(based on common work function or access level)
16
VLAN GroupVLAN name VLAN 10 VLAN 20 VLAN 30 ASSIGNED TO Student Meeting Hall Research IP ADDRESS 172.20.0.0/23 172.20.2.0/24 172.20.3.0/25
VLAN 40VLAN 50 VLAN 60 VLAN 70 VLAN 8017
SupportServer Administration Store Server 2
172.20.3.128/27172.20.3.160/28 172.20.3.192/28 172.20.3.208/28 172.20.3.176/28
contd.. IP addressing and name planning
IP addressing: Class b Private IP address (ipv4)- for all internal network NAT-to map the internal private address to public address
so that users can surf the web
VLSM
18
contd.. VLSM
Variable length subnet maskNo wastage of IP address
**it is recommended to leave extra host bit beyond the
requirement of Vision 2000.
19
contd.. name planning
the names are short and meaningful to simplify network management
are assigned to switches Servers Hosts
Other resources
20
Naming systemDevice Name VS_FLG_SR_AS00 VS_FL2_AD_AS00 Description Vision ground floor Store Access Switch 0 Vision second floor Administration Access Switch 0
VS_FL2_SU_AS00 VS_FL2_SE_AS00 VS_FL3_RE_AS00 VS_FL3_RE_AS01 VS_FL4_ST_AS00 VS_FL4_ST_AS01 VS_FL4_ST_AS02 VS_FL1_MH_AS0
Vision second floor Support Access Switch 0 Vision second floor Server Access Switch 0 Vision third floor Research Access Switch 0 Vision third floor Research Access Switch 1 Vision fourth floor Student Access Switch 0 Vision fourth floor Student Access Switch 1 Vision fourth floor Student Access Switch 2 Vision first floor Meeting Hall Access Switch 0
21
Selecting switching and routing protocol
Selecting switching
protocol VLAN tagging
protocolsince we used VLAN the interconnected switch need the IEEE 802.1q standard protocol to support these VLAN22
contd..o IEEE 802.1Q Establish Standard method for tagging Ethernet frames Intended to address the problem of how to break large
network into smaller part so broadcast and multicast traffic would not grab more bandwidth than necessary
for security between segment of internal network
23
contd.. Spanning tree protocol (STP) : IEEE 802.1Do why STP ?
To stop looping due to multiple active path between network nodes
o looping cause:-
broadcast packet to be forwarded endlessly between switches(consuming all available bandwidth)
the same MAC address to be seen on multiple port causing the switch forwarding function to fail
24
contd..o In this network design
since redundant connection is used STP allows: automatic backup path if an active link fails without the danger of bridge loop and manual enable/disableo For this network we choose RSTP
why RSTP? because STP has slow convergence of up to 30 to 40 sec underutilized links and lack of load balancing mechanism
25
Routing protocol
OSPF routing protocol is selected because : With OSPF, there is no limitation on the hop count. It is an open standard it uses SPF algorithm to compute the best
path to any known destination OSPF ensures a loop-free topology with fast convergence The updates are not broadcast but multicast It is industry standard protocol
It is not limited by the size of the network It is very flexible
26
Vision2000 LAN design
27
Security design architectureo most important part of network design
Without security : the network can easily be attacked by intruders and cause a lot of problem
o physical security
refers to protection of building site and equipment from theft Man made catastrophe and accidental damage
28
contd..Security mechanism recommended for datacenter CCTV system to watch who is inside the room and doingwhat Alarm system when irregular activity in server room Fire detection and protection system in server room
o perimeter security (at the Internet edge) to protect the network from external intruder (intruder
on web) Cisco firewall ( Cisco ASA 5500 series firewall and IPS29
module)
contd..o server farm security all critical data are located here
so it must be protected from external and internal intruder unauthorized user Virus and malicious code To protect this server farm
** redundant Cisco ASA 5500 series firewall and IPS module
will be deployed **
30
contd..o Anti-x server based antivirus will be configured
to keep the LAN from malicious software such as Virus Worms Trojan horses We will use kaspersky anti virus
provides anti virus anti spam anti spy ware
31
result we find that our network is secured, scalable, reliable,
manageable and affordable . Users can get IP address dynamically. Clients can update their antivirus from the server We have different access level for the users of the company.
32
Conclusion The network has good performance because we divide the traffic
33
from users into the redundant switches and the users are divided into different vlans The network is secured from viruses, malicious code and intruders because in this project we use firewall, access control list configuration on switches and there is also server based antivirus. The network is easy to manage because the users are divided into valns groups that is based on access level and departments. and also each network device has organized naming system, which makes it easy to troubleshoot and configure . The problem of network failover is solved due to the redundant switches the network is scalable because in the configuration we choose industry standard protocols not Cisco proprietary
RecommendationApplication
These network design is applicable to medium sized business enterprises
Future work It is recommended that the company add redundandent core
switch which give the network high performance. The redundandent core switch is used for fast packet switching. And also it is recommended that the company to have a database server. It simplifies file management and also secure from an authorized access.
34
Internship Experience Working processes in companies
Work ethics Personal skill
35
Thank you
36