IntroductionIn this project we will design a network solutionthat is suitable for a small business. Our businessis located in an office park in one floor of a newoffice building. Our office has all of the modernfeatures of a contemporary workplace, includingadequate, clean power, air conditioning and goodlighting. We are fortunate in that our office wasbuilt with a secure computer room that already hasa direct connection to a local Internet ServiceProviderâ€™s regional network, and we will use thisconnection for our access to the Internet.Our office will include cube space and office spacefor 18 workstations. Four of the workstations willbe located in private offices for the companyexecutives, and the remaining 14 workstations willbe deployed into cubicles for the employees. Thecubicles are located in a spacious, open cubiclearea. Our computer room is directly adjacent toour cubicle area, and it has power and cooling thatis adequate for server needs. Our computer roomhas been built with appropriate physical security,so we have controlled access to our servers. Allworkstations and servers in all offices, cubicles andother areas are all easily within 30 meters of eachother, so no cable run will exceed 30 meters.For basic security reasons, we have been taskedwith producing a network design that separatesany servers that must be accessible from theInternet in an area that is logically separate from aprivate internal area where our internal servers andworkstations will reside. Regardless of where theymay reside, our servers and workstations must beprotected from attack! We are required to describehow we will logically separate our network into thearea that is accessible from the Internet from theinternal area, how we will secure our network, andhow we will secure the servers and workstations inour network. We are admonished to pay particularattention to the security of the servers that mustbe accessible from the Internet. So, our design willinclude at a minimum two logically different areasin our network; one area will be accessible from theInternet, and a second internal area for ourworkstations and internal servers which will not bedirectly accessible from the Internet.In our internal area we have several requirements.In our internal area we are expected to providewireless service to our employees. We have beencautioned to make sure that our wireless accesspoint is secure and to prevent any unauthorizedpersonnel from connecting to our internal networkthrough our wireless access point. Additionally, ourManagement is particularly concerned thatemployees not abuse their access to websites whilethey are at work. So, we are going to controlemployee access to websites. All attempts thatoriginate from within our internal area to visit anywebsite will be required to use to a proxy server.We will have a few servers in our internal area. Allworkstations in our internal area shall be DHCPclients, so we must have a DHCP server to managetheir IP address requests. Other servers in ourinternal area will include a Database server and aProxy server. We will also have two networkprinters in our internal area. In our internal areathe IP addresses of the wireless access point, the IPaddresses of all servers, and the IP addresses bothnetwork printers shall be static addresses. Onlythe workstations in our internal area shall haveDHCP delivered IP addresses.In our Internet accessible area we shall deploy aWeb server and a Mail server. These servers mustbe publicly accessible as they will host ourcompany website and our company email. We willalso have a Bastion host in our Internet accessiblearea. The Bastion host will exist to provide inboundSecure Shell access to our network so that ourAdministrators can maintain our network andnodes from other locations when they are notphysically present in the office. As such, theBastion host shall provide a Secure Shell serverthat is accessible from the Internet.And, all servers in all areas must be hardened.Internal AreaWireless Access Point – Not directly connected to the InternetDHCP ServerDatabase ServerProxy Server2 Network Printers18 WorkstationsInternet Accessible AreaWeb ServerMail ServerSecure Shell Server – Bastion HostNetwork ComponentsRouter(s) – As needed for our designSwitch(s) – As needed for our designFirewall(s) – As needed for our designNetwork Intrusion Detection System / Network IntrusionProtection System – As needed for our designOur solution must be delivered in a document thatwill include:Management Summary – Our document will begin with asummary description of our design. The summary shall besuitable for consumption by Management.Inventory – Our document shall include an inventory of all nodes,including servers, workstations, printers, router(s), switch(s) andother components. Our inventory shall describe the logicaldeployment of all nodes and components, their purpose andfunction in our network, and any special features or requirementsthat each node or component may have.Network Diagram – The network diagram must use industrystandard symbols that describe the logical deployment of ournodes and components. The network diagram shall complementour inventory.Security – The security discussion will describe the securityconsiderations that we will take to protect all nodes andcomponents that are deployed on our network. Our securitydiscussion must address all nodes and components individually.For example, the security requirements for a Mail server will bedifferent from the security requirements of a Workstation.The final document shall be delivered instandard .doc or .docx format. The networkdiagram shall be imbedded in the document. Thenetwork diagram can be produced using such toolsas Visio from Microsoft Corporation, or NetworkNotepad (freely available fromhttp://www.networknotepad.com/).
Our writing company offers a unique service that provides guidance in different types of assignments. Please rest assured that the service is absolutely legal and doesn’t violate any regulations. It can be used for generating new ideas and thoughts for your own project, additional insight into the subject, or encouragement for further researches.