Top Banner

Click here to load reader

of 36

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript

welcome to our presentationPresented by:Selamawit Hunelegn

Abiy GirmaEskinder Getachew

1

INTERNSHIP PROJECT VISION2000 LAN DESIGN AT

INSA(information network security agency)

2

Content Background about the company

Problem statement Objective Project Conclusion and recommendation Internship experiance

3

Background of the companyINFORMATION NETWORK SECURITY AGENCY (INSA) Government institution

established in 2000 E.C

Currently it is one of the

most competitive intelligence institution in our country4

Product and serviceo Software development o Hard programming o Network and network security

contd

Some of the product of INSAo Digital Audio Recording and Archiving System (DARAS)o Answering Machine o Digital Video, Audio and Image Archiving System (DVAIAS) o Land Information (cadastre) system

o Emergency and Risk Management System (ERMS)o Secure Data Communication System(SDC)

5

Project We have been working on network department

They gave us all the requirement to design LAN

for a company named VISION2000 We analyzed the requirements and come up with some problems

6

problem All the traffic go to one switch (back bone) cause traffic congestion If the backbone switch fail the whole network will goes down Not scalableo No reserved IP address o Doesnt support network device from another vender

no server based antivirus system and susceptible to intruder7

Objective of the project design and implement secure, reliable, and

affordable network infrastructure whichenable the company to communicate easily and efficiently.

8

contd.. We believes that this network design offers the

following features Scalable network LAN Up-to-date technology performance Security Availability Manageable Adaptability Affordability9

Requirements of VISION2000 The design and deployment of LAN that support

network infrastructure like Website

Internet Mail

10

Scope of the project

Design and deployment of network That is suitable for application like the company website, mail,Internet and other information system.

With high security secure the data center server

Creating different access level for the users of the company.

11

contd.. Expected application that can run in these

network infrastructure Dynamic website Internet Mail Antivirus

12

LAN Design Goal of LAN design

is to meet requirement of the Vision 2000

by creating scalable, available, secure, goodperformance and affordable local area network.

13

contd.. the design have the following consideration LAN protocols and technology considerations; LAN device considerations;

14

contdNetwork devices

Access Switch: Cisco catalyst 2960 used to connect workstations.

Distribution switches: Cisco catalyst 4507 There are two, including redundancy, Cisco distribution switches in the Vision 2000

LAN. Routing and policy based security will be configured in these switches Serves as a DHCP server for the internal workstations. VLANs should be created to separate traffic flows among different VLANs. Other best practice security configurations will be implemented

15

VLANs , IP Planning & protocols

VLAN Planning Number of

When planning VLAN we consider :VLAN (based on department)(based on the requirement)

Number of user per VLAN VLAN range

(based on common work function or access level)

16

VLAN GroupVLAN name VLAN 10 VLAN 20 VLAN 30 ASSIGNED TO Student Meeting Hall Research IP ADDRESS 172.20.0.0/23 172.20.2.0/24 172.20.3.0/25

VLAN 40VLAN 50 VLAN 60 VLAN 70 VLAN 8017

SupportServer Administration Store Server 2

172.20.3.128/27172.20.3.160/28 172.20.3.192/28 172.20.3.208/28 172.20.3.176/28

contd.. IP addressing and name planning

IP addressing: Class b Private IP address (ipv4)- for all internal network NAT-to map the internal private address to public address

so that users can surf the web

VLSM

18

contd.. VLSM

Variable length subnet maskNo wastage of IP address

**it is recommended to leave extra host bit beyond the

requirement of Vision 2000.

19

contd.. name planning

the names are short and meaningful to simplify network management

are assigned to switches Servers Hosts

Other resources

20

Naming systemDevice Name VS_FLG_SR_AS00 VS_FL2_AD_AS00 Description Vision ground floor Store Access Switch 0 Vision second floor Administration Access Switch 0

VS_FL2_SU_AS00 VS_FL2_SE_AS00 VS_FL3_RE_AS00 VS_FL3_RE_AS01 VS_FL4_ST_AS00 VS_FL4_ST_AS01 VS_FL4_ST_AS02 VS_FL1_MH_AS0

Vision second floor Support Access Switch 0 Vision second floor Server Access Switch 0 Vision third floor Research Access Switch 0 Vision third floor Research Access Switch 1 Vision fourth floor Student Access Switch 0 Vision fourth floor Student Access Switch 1 Vision fourth floor Student Access Switch 2 Vision first floor Meeting Hall Access Switch 0

21

Selecting switching and routing protocol

Selecting switching

protocol VLAN tagging

protocolsince we used VLAN the interconnected switch need the IEEE 802.1q standard protocol to support these VLAN22

contd..o IEEE 802.1Q Establish Standard method for tagging Ethernet frames Intended to address the problem of how to break large

network into smaller part so broadcast and multicast traffic would not grab more bandwidth than necessary

for security between segment of internal network

23

contd.. Spanning tree protocol (STP) : IEEE 802.1Do why STP ?

To stop looping due to multiple active path between network nodes

o looping cause:-

broadcast packet to be forwarded endlessly between switches(consuming all available bandwidth)

the same MAC address to be seen on multiple port causing the switch forwarding function to fail

24

contd..o In this network design

since redundant connection is used STP allows: automatic backup path if an active link fails without the danger of bridge loop and manual enable/disableo For this network we choose RSTP

why RSTP? because STP has slow convergence of up to 30 to 40 sec underutilized links and lack of load balancing mechanism

25

Routing protocol

OSPF routing protocol is selected because : With OSPF, there is no limitation on the hop count. It is an open standard it uses SPF algorithm to compute the best

path to any known destination OSPF ensures a loop-free topology with fast convergence The updates are not broadcast but multicast It is industry standard protocol

It is not limited by the size of the network It is very flexible

26

Vision2000 LAN design

27

Security design architectureo most important part of network design

Without security : the network can easily be attacked by intruders and cause a lot of problem

o physical security

refers to protection of building site and equipment from theft Man made catastrophe and accidental damage

28

contd..Security mechanism recommended for datacenter CCTV system to watch who is inside the room and doingwhat Alarm system when irregular activity in server room Fire detection and protection system in server room

o perimeter security (at the Internet edge) to protect the network from external intruder (intruder

on web) Cisco firewall ( Cisco ASA 5500 series firewall and IPS29

module)

contd..o server farm security all critical data are located here

so it must be protected from external and internal intruder unauthorized user Virus and malicious code To protect this server farm

** redundant Cisco ASA 5500 series firewall and IPS module

will be deployed **

30

contd..o Anti-x server based antivirus will be configured

to keep the LAN from malicious software such as Virus Worms Trojan horses We will use kaspersky anti virus

provides anti virus anti spam anti spy ware

31

result we find that our network is secured, scalable, reliable,

manageable and affordable . Users can get IP address dynamically. Clients can update their antivirus from the server We have different access level for the users of the company.

32

Conclusion The network has good performance because we divide the traffic

33

from users into the redundant switches and the users are divided into different vlans The network is secured from viruses, malicious code and intruders because in this project we use firewall, access control list configuration on switches and there is also server based antivirus. The network is easy to manage because the users are divided into valns groups that is based on access level and departments. and also each network device has organized naming system, which makes it easy to troubleshoot and configure . The problem of network failover is solved due to the redundant switches the network is scalable because in the configuration we choose industry standard protocols not Cisco proprietary

RecommendationApplication

These network design is applicable to medium sized business enterprises

Future work It is recommended that the company add redundandent core

switch which give the network high performance. The redundandent core switch is used for fast packet switching. And also it is recommended that the company to have a database server. It simplifies file management and also secure from an authorized access.

34

Internship Experience Working processes in companies

Work ethics Personal skill

35

Thank you

36


Related Documents
Presentation 2501 AB2501 Presentation

Presentation 2501 AB2501 Presentation

Category: Documents
Efficient Presentation Design & Presentation

Efficient Presentation Design & Presentation

Category: Self Improvement
TUESDAY, 8 MAY 2018 Program.pdfPitch Presentation 4 Pitch Presentation 10 Pitch Presentation 16 Pitch Presentation 22 Pitch Presentation 28 Pitch Presentation 33 275 - DETERMINING

TUESDAY, 8 MAY 2018 Program.pdfPitch Presentation 4 Pitch...

Category: Documents
Presentation on presentation

Presentation on presentation

Category: Presentations & Public Speaking
Presentation presentation

Presentation presentation

Category: Documents
Drought presentation presentation

Drought presentation presentation

Category: Technology
Presentation Title Presentation Title Presentation Title

Presentation Title Presentation Title Presentation Title

Category: Documents
Imeem Presentation Buscomp Presentation

Imeem Presentation Buscomp Presentation

Category: Technology
Presentation skills- presentation - simetehontes€¦ · Presentation skills- presentation - simetehontes Created Date: 20171001184553Z ...

Presentation skills- presentation - simetehontes€¦ ·...

Category: Documents
Coloursquare presentation Corporate Presentation

Coloursquare presentation Corporate Presentation

Category: Business
Investor Presentation...Investor Presentation November 2016 This presentation, including the accompanying oral presentation (collectively, this “presentation”),does not constitute

Investor Presentation...Investor Presentation November 2016....

Category: Documents
First Presentation+2nd Presentation

First Presentation+2nd Presentation

Category: Documents