Place Order

Networking Assignment

Mandatory task requirement

 

  1. Define the need for network security by identifying potential risks, threats, and consequences of security breaches or network downtime, and provide a Risk Assessment Report.
  2. Design a hybrid network model that leverages both on-premises and cloud-based resources to meet the company’s requirements for scalability, flexibility, and cost-efficiency.
  3. Identify weaknesses and strengths of the network design through a comprehensive analysis, considering factors such as security, performance, manageability, and cost.
  4. For your project, demonstrate and document hands-on tasks for building the prototype network or relevant activities, and your grade will be based on the effort invested in this aspect.
  5. Perform penetration testing and vulnerability assessments of a part of the existing network that you define. At least three different unique systems must be tested. Provide evidence of performing these tasks.
  6. Assess the current network, enhance the design, and bolster security by rectifying identified issues and vulnerabilities. Additionally, document “how” your new design addresses and resolves the flaws and security issues identified during the earlier assessments.
  7. Provide an appropriate list of equipment, software, and licenses required as part of your new proposed design. Include Name, Model, Description, estimated price, relevant data spec sheet, and the quantity required per location. Provide a total cost of equipment required for your project.
  8. Create detailed network diagrams of the old and new network designs, illustrating the layout of devices, connections, and network segments, as well as the overall topology between on-prem and Cloud resources.
  9. The student must demonstrate “how” to implement continuous monitoring of the network to detect potential security incidents, unauthorized access, or performance issues.
  10. Implement network segmentation and VLANs to improve security and reduce broadcast traffic.
  11. Develop a comprehensive backup and disaster recovery plan.
  12. Incorporate firewall policies and network access control mechanisms to protect internal resources.
  13. Demonstrate “how” the enterprise can regularly update their endpoints, network equipment, and server infrastructure.
  14. Develop a network security policy and provide training to employees on security best practices.

 

 

Industry standards:

 

When designing the new network, students should adhere to industry standards and best practices to ensure a secure, efficient, and reliable network infrastructure. Some of the relevant industry standards for LAN, WAN, and Wireless networks include:

IEEE Standards:

  • IEEE 802.3: Ethernet (LAN)
  • IEEE 802.1Q: VLAN
  • IEEE 802.11: Wireless LAN (WLAN)
  • IEEE 802.1X: Network Access Control

Internet Engineering Task Force (IETF) RFCs:

  • RFC 1918: Private IP Addressing
  • RFC 2131: Dynamic Host Configuration Protocol (DHCP)
  • RFC 1034 & RFC 1035: Domain Name System (DNS)
  • RFC 791, RFC 792, and RFC 793: Internet Protocol Suite

Security Standards and Frameworks:

  • NIST Cybersecurity Framework
  • ISO/IEC 27001: Information Security Management System (ISMS)
  • PCI DSS: Payment Card Industry Data Security Standard

 

When building their new network, students should consider these standards and best practices, ensuring that their design complies with the relevant guidelines and provides a secure, efficient, and reliable infrastructure to support the organization’s growth plans.

 

 

Network Port requirement.

 

  • 3 and 802.3U: All edge nodes must support 10BaseT and 100BaseTX Ethernet, as well as 1000BaseT Ethernet. This means that the network should support RJ-45 connectors and twisted-pair cabling, such as CAT5e or CAT6. The network devices must be able to communicate at 10 Mbps, 100 Mbps, and 1 Gbps speeds.
  • 1000Mbps Ethernet: The Core Server nodes in the Data Centre must support 1000 Mbps Ethernet, as well as 10 Gbps Ethernet. This means that the network devices should support RJ-45 connectors and CAT5e or CAT6 cabling. The network devices must be able to communicate at 1 Gbps and 10 Gbps speeds.
  • Modular Connectors: To allow for the greatest flexibility between the edge devices and the core, both edge and core devices must support Modular Connectors for both gigabit Fiber and Gigabit Ethernet, as well as 10 Gigabit Ethernet. This means that the network devices should support fiber optic connectors such as SC, LC or ST, and twisted-pair cabling with RJ-45 connectors.
  • Ethernet Switching Technology: All nodes must support Ethernet Switching technology. This means that the network devices should be able to switch traffic between different ports and ensure that traffic is delivered to its intended destination.
  • Power over Ethernet (PoE): While Voice over IP has been identified as potential application requirements for this network, the network node is not required to support Power over Ethernet. This means that the network devices do not need to provide power to the connected devices through the Ethernet cable.

 

 

Project Report:

 

  • Upon project completion, you are expected to present a detailed report about your findings and recommendations, showcasing how your new network design meets the company’s growth plans while maintaining a secure and efficient environment.
  • This report should cover the mandatory tasks you completed, the optional tasks you selected, and the rationale behind your choices. Your supporting documentation may include, but is not limited to, the following:
  • Network Diagrams: Visual representations of your proposed network layout, connections, and topology.
  • Equipment Lists: Detailed lists of network devices, their models, and quantities required for the new design.
  • Risk Assessment: An analysis of potential security risks, their likelihood, and potential impact on the network.
  • System Analysis: A thorough examination of the existing network infrastructure and its shortcomings.
  • Network Design: The new network design, including the improvements and optimizations made to address the identified issues.
  • Wiki: A collaborative documentation platform that includes relevant information about the project, such as guides, policies, and procedures.
  • Deployment: A plan for rolling out the new network infrastructure, including timelines, resources, and personnel.
  • Documentation: Manuals, guides, and reference materials for users and administrators.
  • Technical Adherence Report: An evaluation of the proposed network design’s adherence to industry standards and best practices.
  • Maintenance Plan: A schedule and strategy for ongoing network maintenance, including updates, patches, and hardware replacements.
  • Research Report: A summary of the research conducted during the project, such as studying new technologies, security trends, and industry best practices.
  • Penetration Testing Report: Results and analysis from penetration testing performed on the prototype network.
  • Vulnerability Assessment and Remediation Report: A detailed account of vulnerabilities discovered during the assessment and the steps taken to address them.
  • While not all of these components may be included in your final report, you should aim to provide a comprehensive and well-documented proposal that supports your network design and addresses the course objectives

 

 

Project Scenario  

The company in this scenario which has hired your consulting services has four offices.

The company is headquartered in Toronto, Ontario (500 employees)

They have a large branch site in Vancouver, British Columbia (350 employees)

There is a medium size branch office at Montreal, Quebec (135 employees)

Lastly, there is a small satellite office in Calgary, Alberta (15 employees)

 

  1. Headquarters (Toronto, Ontario – 500 employees):
  • Executive Department (6 employees)
  • Chief Executive Officer (CEO) – 1 employee
  • Chief Operating Officer (COO) – 1 employee
  • Chief Financial Officer (CFO) – 1 employee
  • Chief Marketing Officer (CMO) – 1 employee
  • Chief Human Resources Officer (CHRO) – 1 employee
  • Chief Technology Officer (CTO) – 1 employee
  • Sales Department (120 employees)
  • Marketing Department (100 employees)
  • Finance Department (80 employees)
  • Human Resources Department (70 employees)
  • Research and Development Department (130 employees)
  1. Large Branch Site (Vancouver, British Columbia – 350 employees):
  • Sales Department (90 employees)
  • Marketing Department (80 employees)
  • Finance Department (70 employees)
  • Human Resources Department (60 employees)
  • Research and Development Department (50 employees)
  1. Medium Size Branch Office (Montreal, Quebec – 135 employees):
  • Sales Department (40 employees)
  • Marketing Department (30 employees)
  • Finance Department (25 employees)
  • Human Resources Department (20 employees)
  • Research and Development Department (20 employees)
  1. Small Satellite Office (Calgary, Alberta – 15 employees):
  • Sales Department (4 employees)
  • Marketing Department (3 employees)
  • Finance Department (3 employees)
  • Human Resources Department (3 employees)
  • Research and Development Department (2 employees)

 

 

IT Infrastructure

 

Headquarters (Toronto, Ontario – 500 employees):

 

Servers:

  • 2 x File Servers (Windows Server 2008)
  1. Both servers are running Raid – 0 Disk Array of 5, 1 TB hard drives for redundancy and performance on 7200 RPM drives that are backed up manually by the System Administrator once a month. The last time the System Administrator tested the backup was 3 years ago when he had to recover a file for an executive.
  • 1 x Web Server hosting their public website (Linux, Apache)
  1. The website is often slow due to the high volume of visitors
  • 1 x Physical Server hosting a Domain Controller, and DNS (Windows Server 2016)
  • All the branch sites rely on this domain controller for user authentication. When the site-to-site VPN (Virtual Private Network) is down, branch users cannot login to their computers.
  • Server uptime is 731 days (about 2 years)
  • 1 x Physical Server, DNS Server (Windows Server 2000)
  • Backup DNS server, in case the DNS server on the Domain Controller ever goes down.
  • Server uptime is 1814 days (about 5 years)
  • 1 x Email Server (Windows Server 2016, Exchange)
  • There used to be two email servers, but one of the servers had a hardware failure and was never replaced. Mailboxes are exported to PST files once a year for backup purposes
  • 2 x Application Servers for their Enterprise Resource Planning (ERP) system (Windows Server 2019)
  • The other Application Server runs the Customer Relationship Management (CRM) software
  • Both servers are physical servers
  • 1 x Database server (Windows Server 2016, SQL Server 2008)
  • The SQL database hosts data for both ERP and CRM applications
  • The System Administrator often performs backup to tape using SQL Server Maintenance Plan Backup to Tape functionality. However, this method has proven to be unreliable as 3/5 backups will fail during a recovery process.
  • 1 x Print Server (Windows Server 2022)
  • The previous IT manager purchased a secondhand Dell server with Windows Server 2022 preinstalled
  • The Server often complains that Windows Server is not activated and the server shutdowns once a day.
  • The System Administrator manually turns on the server once a day as part of his daily routine.
  • The Print Server manages all the printers in the organization
  • 6 x DHCP Servers (Windows 7)
  • The System Administrator installs the DHCP service on Windows 7 workstations whenever he runs out of IP addresses in a subnet on the network. He is currently on his sixth workstation, each one providing IP addresses for /27 subnets
  • 10 x Multifunction Printers
  • 5 x Desktop Printers

 

  1. Large Branch Site (Vancouver, British Columbia – 350 employees):
  • 1 x File Server (Windows Server 2012):
  • Running on a single hard drive with no RAID configuration
  • Backup is performed manually by the System Administrator once every two months
  • No regular backup testing, and the last successful recovery test was conducted over a year ago.
  • 1 x DHCP and DNS Server (Windows 7 Workstation)
  • 5 x Multifunction Printers
  • 2 x Desktop Printers

 

 

  1. Medium Size Branch Office (Montreal, Quebec – 135 employees):
  • 1 x File Server (Windows Server 2008):
  • Running on a single hard drive with no RAID configuration
  • Backup is performed manually by the System Administrator once every two months
  • No regular backup testing, and the last successful recovery test was conducted over a year ago.
  • 1 x DHCP and DNS Server (Windows 7 Workstation)
  • 2 x Multifunction Printers
  • 5 x Desktop Printers

 

  1. Small Satellite Office (Calgary, Alberta – 15 employees):
  • 1 x DHCP and DNS Server (Windows 7 Workstation)
  • 1 x Multifunction Printers

 

 

 

 

 

 

Network Infrastructure

 

Headquarters in Toronto, Ontario (500 employees):

  • Firewall
  • CISCO PIX 515E Firewall
  • Named: TO-FW1
  • Core Switch:
  • Cisco Catalyst 3850 Series 48-port Gigabit Ethernet Managed Switch (48 ports)
  • Named: TO-CORE-SW1
  • Distribution Switches:
  • Cisco Catalyst 2960X-48TS-L 48-port Gigabit Ethernet Managed (2 units for a total 96 ports)
  • Named: TO-DIST-SW1, TO-DIST-SW2
  • Access Switches:
  • D-Link DGS-1210-48 48-port Gigabit Ethernet Smart Managed Switch with PoE (8 units for 384 ports)
  • TP-Link TL-SG1008P 8-port Gigabit PoE Switch (4 units for 32 ports)
  • Named: TO-ACCESS-SW1 – TO-ACCESS-SW12 (Range)
  • Servers and Printers:
  • Patch panels for server and printer connections
  • Total Switch Ports: 48 (Core) + 96 (Distribution) + 384 (Access) + 32 (PoE) = 560 ports

 

Large Branch Site in Vancouver, British Columbia (350 employees):

  • Firewall
  • CISCO PIX 515E Firewall
  • Named: VA-FW1
  • Core Switch:
  • Cisco Catalyst 3850 Series 48-port Gigabit Ethernet Managed Switch (48 ports)
  • Named: VA-CORE-SW1
  • Distribution Switches:
  • Cisco Catalyst 2960L-48TS-LL 48-port Gigabit Ethernet Managed Switch (2 units for a total 96 ports)
  • Named: VA-DIST-SW1 – VA-DIST-SW2
  • Access Switches:
  • D-Link DGS-1210-24P 24-port Gigabit Ethernet Smart Managed Switch with PoE (6 units for 144 ports)
  • TP-Link TL-SG1008P 8-port Gigabit PoE Switch (5 units for 40 ports)
  • Named: VA-ACCESS-SW1 – VA-ACCESS-SW11
  • Servers and Printers:
  • Patch panels for server and printer connections
  • Total Switch Ports: 48 (Core) + 96 (Distribution) + 144 (Access) + 40 (PoE) = 328 ports

 

Medium Size Branch Office in Montreal, Quebec (135 employees):

  • Firewall
  • CISCO PIX 515E Firewall
  • Named: MO-FW1
  • Access Switches (also acting as Distribution):
  • D-Link DGS-1210-24 24-port Gigabit Ethernet Smart Managed Switch (6 units for 144 ports)
  • Named: MO-ACCESS-SW1 – MO-ACCESS-SW6
  • Servers and Printers:
  • Patch panels for server and printer connections
  • Total Switch Ports: 144 (Access/Distribution) = 144 ports

 

Small Satellite Office in Calgary, Alberta (15 employees):

  • Firewall
  • CISCO PIX 515E Firewall
  • Named: CA-FW1
  • Access Switches (also acting as Distribution):
  • D-Link DGS-105 5-port Gigabit Ethernet Unmanaged Switch (4 units for 20 ports)
  • Named: CA-ACCESS-SW1 – CA-ACCESS-SW4
  • Servers and Printers:
  • Patch panels for server and printer connections
  • Total Switch Ports: 20 (Access/Distribution) = 20 ports

 

 

Wireless Network

Headquarters in Toronto, Ontario (500 employees):

  • Linksys WRT54G Wireless-G Router
  • Quantity: 16 units (Coverage for approximately 30 employees per access point)
  • Named: TO-WR01 – TO-WR16

Large Branch Site in Vancouver, British Columbia (350 employees):

  • D-Link DIR-615 Wireless N Router
  • Quantity: 12 units (Coverage for approximately 29 employees per access point)
  • Named: VA-WR01 – VA-WR12

Medium Size Branch Office in Montreal, Quebec (135 employees):

  • Netgear WNR2000 Wireless-N Router
  • Quantity: 5 units (Coverage for approximately 27 employees per access point)
  • Named: MO-WR01 – MO-WR05

Small Satellite Office in Calgary, Alberta (15 employees):

  • Belkin N150 Wireless Router
  • Quantity: 1 unit (Coverage for approximately 15 employees)
  • Named: CA-WR01

 

Physical Connections

 

 

  • Legend:
  • FS01 & FS02: File Servers
  • WS01: Web Server
  • DC01: Domain Controller and DNS Server
  • BDS01: Backup DNS Server
  • ES01: Email Server
  • APS01 & APS02: Application Servers (ERP and CRM)
  • DBS01: Database Server
  • PS01: Print Server
  • DHCP01 – DHCP06: DHCP Server
  • Network Topology Description:

 

Headquarters in Toronto, Ontario (500 employees):

 

  • The Internet connection is provided by the ISP named FastNet with a speed of 100 Mbps.
  • The Firewall (TO-FW1) connects directly to the Internet, serving as the primary defense mechanism. Network Routing is performed on the Firewall.
  • The Core Switch (TO-CORE-SW1) is connected to the Firewall, acting as the central hub for the entire network.
  • Two Distribution Switches (TO-DIST-SW1 & TO-DIST-SW2) branch out from the Core Switch. These two switches have no network connections between each other.
  • TO-DIST-SW1 connects to:
  • Servers: FS01, FS02, WS01, DC01, BDS01, ES01, APS01, APS02, DBS01, PS01, and DHCP01 – DHCP06
  • TO-DIST-SW2 connects to all the remaining Access Switches. All of the office network printers connect to this switch.
  • Access Switches (TO-ACCESS-SW1 – TO-ACCESS-SW12):
  • TO-ACCESS-SW1 –  TO-ACCESS-SW8  supports Workstations
  • TO-ACCESS-SW9 in addition to Workstations, supports Access Points 1-4
  • TO-ACCESS-SW10 in addition to Workstations, supports Access Points 5-8
  • TO-ACCESS-SW11 in addition to Workstations, supports Access Points 9-12
  • TO-ACCESS-SW12 in addition to Workstations, supports Access Points 13-16
  • A total of 132 workstations will not be connected to the switches and will rely on wireless connectivity provided by the 16 access points.
  • All servers, workstations, and wireless routers are connected to the network via patch panels.

 

Large Branch Site (Vancouver, British Columbia – 350 employees):

Legend:

  • FS03: File Server
  • DHCP07: DHCP and DNS Server

Network Topology Description:

  • The Internet connection is provided by the ISP named Telus with a speed of 500 Mbps.
  • The Firewall (VA-FW1) connects directly to the Internet, serving as the primary defense mechanism. Network Routing is performed on the Firewall.
  • The Core Switch (VA-CORE-SW1) is connected to the Firewall, acting as the central hub for the entire network.
  • Two Distribution Switches (VA-DIST-SW1 & VA-DIST-SW2) branch out from the Core Switch. These two switches have no network connections between each other.
  • VA-DIST-SW1 connects to:
  • Servers: FS03, and DHCP07
  • VA-DIST-SW2 connects to all the remaining Access Switches. All of the office network printers connect to this switch.

 

  • Access Switches (VA-ACCESS-SW1 to VA-ACCESS-SW11):
  • VA-ACCESS-SW8 supports Access Points 1-4
  • VA-ACCESS-SW9 supports Access Points 5-8
  • VA-ACCESS-SW10 supports Access Points 9-12
  • All servers, workstations, and wireless routers are connected to the network via patch panels.

Medium Size Branch Office (Montreal, Quebec – 135 employees):

Legend:

  • FS04: File Server
  • DHCP08: DHCP and DNS Server

Network Topology Description:

  • The Internet connection is provided by the ISP named Bell with a speed of 1Gbps.
  • The Firewall (MO-FW1) connects directly to the Internet, serving as the primary defense mechanism. Network Routing is performed on the Firewall. MO-ACCESS-SW1 connects to MO-FW1
  • Servers: FS04, and DHCP08 connect to MO-ACCESS-SW1
  • MO-ACCESS-SW2 connects to MO-ACCESS-SW1
  • MO-ACCESS-SW3 – 6 connect to MO-ACCESS-SW2
  • All the office network printers connect to MO-ACCESS-SW2
  • Access Switches (MO-ACCESS-SW3 to MO-ACCESS-SW6):
  • MO-ACCESS-SW6 supports Access Points 1-5
  • All servers, workstations, and wireless routers are connected to the network via patch panels.

 

Small Satellite Office (Calgary, Alberta – 15 employees):

Legend:

  • DHCP09: DHCP and DNS Server

 

Network Topology Description:

  • The Internet connection is provided by the ISP named Rogers with a speed of 800 Mbps.
  • The Firewall (CA-FW1) connects directly to the Internet, serving as the primary defense mechanism. Network Routing is performed on the Firewall. CA-ACCESS-SW1 connects to CA-FW1
  • Servers: DHCP09 connect to CA-ACCESS-SW1
  • CA-ACCESS-SW2 connects to CA-ACCESS-SW1
  • CA-ACCESS-SW3 – 4 connect to CA-ACCESS-SW2
  • All the office network printers connect to CA-ACCESS-SW2
  • Access Switches
  • CA-ACCESS-SW4 supports CA-WR01
  • All servers, workstations, and wireless routers are connected to the network via patch panels.