The devices which will be included in the network will involve HPE ProLiant DL20 Gen9 Server, HP Compaq Pro 6300 Workstations, Cyberoam NG firewall by Cyberoam Technologies; The Cisco Catalyst 3650 Series is the primary server which allocates the IP addresses dynamically to the clients within the network. Below are the devices in the network, their specifications and their function within the network.
HPE ProLiant DL20 Gen9 Server
Intel Atom 4 Core Processor 3.5 GHZ
1 U-Rack Chassis
Memory: 16GB DDR4 2, 133 Megahertz UDIMM (Max64 GB)
Double LFF or 4 SFF drive bays
HPE Smart Array P440 12Gbps SAS RAID technology with FBWC up to 4 GB
4 embedded Gigabit Ethernet ports
Intel® Integrated Graphics.
Networking: Integrated Realtek® RTL8151GD Ethernet LAN 10/100/1000.
Windows Server 2008
HPE Insight Remote monitoring
The server will be configured with an IP address of 10.1.18.252 and the subnet mask to 255.255.255.0 and will be responsible for assigning the IP addresses dynamically to the workstations.
Delegate your assignment to our experts and they will do the rest.
HP Compaq Pro 6300 Workstations
Operating system: Windows 7 Professional PS/2 keyboard
Processor: Intel (R) i3-3220 2 nd generation, 3.30 GHz with Graphics: Intel HD Integrated Graphics 2500
Memory: 4GB DDR3
Networking: Ethernet (RJ-45). Intel 82579LM Gigabit Network Connection (standard)
Storage: SATA hard drive 500 GB Optical disc drive ( DVD-ROM SuperMulti DVD writer Blu-ray writer. The workstations will be configured to obtain the IP addresses dynamically from the server. The clients will further be installed with Symantec Endpoint antivirus software to guard against the virus.
Input and output ports: 4 - USB 3.0 (rear), 4 - USB 2.0 (on front), 2 - USB 2.0 (on the rear),1 - Serial RS-232 compatible, 2 - PS/2 (color-coded support purple for keyboard and green mouse, 1 – VGA, 1 – Display Port 1.1, 1 - Microphone and headphone (on front), Audio-in and Audio-out (rear) and 1 - RJ-45 interface (accesses the integrated network interface controller)
Cyberoam NG Firewall
Cyberoam NG firewall by Cyberoam Technologies is known to be best firewalling for corporate. Taking security challenges which are now prevalent in business environments into consideration, it is now a basic requirement for every organization to implement safety measures to handle both inside and outside attacks on the network. Cyberoam provides whatever is needed to handle all the security issues with scalability and efficiency. Additionally, the performance of the network will be enhanced since the firewall will be responsible for blocking unwanted sites such as torrents which consume a lot of bandwidths. Through its ability to filter HTTPS requests, the firewall will prevent dangerous incoming traffic and files from entering the company network. The features of this device include 2-Urack chassis, 2 Xeon Processors with 2.9 GHz, 16GB DDR3 memory, 10 Gigabit Ethernet networking technology, iView management via a web browser, 2 USB ports, 4 RJ-45 ports and a console port with configurable internal DMZ/WAN ports. The application filtering ability in this device is also another important feature which increases security in the network. Other features involve bandwidth management, intrusion prevention, firewall capabilities, anti-spam and web filtering. The firewall is configured and managed via the public IP address with policies defined to block unwanted content from entering the network and automatically swap the two networks from the different service providers where one will be a primary and the other one a secondary network which is automatically switched when the primary is down. The basic configuration of the device will involve deploying the device in discovery mode which includes connecting the device to a network and assigning the IP address of 10.1.18.129 and the subnet mask of 255.255.255.0 and the management IP address of 72.16.16.16 where the entire work of managing the network will be operated from remotely.
The Cisco Catalyst 3650 Series: This switch is the next generation enterprise specific with standalone and stackable access layer with the ability to provide support for both wired as well as wireless devices on a single platform. It is built with Cisco stack Wise-160 technology and has a UADP (Cisco Unified Access Data Plane) as well as the ASIC technology. The switch also supports the full IEEE 802.3 technology and the Power over Ethernet Plus (PoE+). The switch comes with 48 ports with 2GB flash memory. The switch will be allocated an IP address of 10.1.18.230 and configured with two VLANs the first VLAN occupying 24 ports while the next having 20 ports while the rest will remain reserved for future use (Cisco, 2016) .
Other devices that will be on the network are two ISP routers which will be used to provide the Internet to the organization. Each of these ISP will have a router which will feed the Cyberoam which will converge these two networks to enable them back up each other where one will be restored after the other fails to ensure that the network is always available.
The diagram below shows the network and the devices that are included in it.
Figure 1 : Network diagram
The security of the devices
The security required in the system will be provided majorly by the Cyberoam which will be offering the protection to the browsing as well as minimizing the bandwidth. The primary security that the firewall will be concerned with is filtering traffic to identify the malicious content and block them before they reach the corporate network. However, the other nodes in the network have their security features. The HP Proliant has Trusted Platform Module (TPM) and HP Data Protection security features and encryption technologies. Bio password setup and anti-theft technology are also among the features that will help to secure the server. The workstations, on the other hand, will be installed with Symantec Endpoint antivirus software supported by Microsoft firewall to guard against information tempering. Cisco Catalyst is accompanied by its advanced security features which involve IEEE 803.1× technology, DHCP snooping, Internet Protocol source guard and wireless intrusion prevention capability which help prevent unauthorized access by attackers or users. The two VLANs in the network are however another important security measure which is aimed at reducing the level of access to more sensitive information on VLAN 20 by users operating at VLAN 100. The users from Finance department will not be able to communicate with those from the finance department as a security measure since the information being accessed by the finance department will be only meant to them. As a result, the two VLANs will split the network into two segments. The security features that each of these devices will have on the network will reduce the level of exposure that the organization faces significantly and ensure that the information on the firm is only accessed by the authorized individuals. Moreover, the degree of malware infection on the computers within the network will be minimized dramatically due to the level of filtering that the Cyberoam firewall and the antivirus programs in the workstations enforces. Furthermore, the firewall will monitor and block access with the forged SSL certificates; moreover the firewall will be responsible for monitoring web traffic and block outbound unauthenticated traffic from the network. The content filtering option will be turned “ON” to filter the unwanted content and block the content which is not permitted into the network for the purpose of security and optimization of bandwidth (House, 2014) .
As a further measure to manage the network efficiently, Solaris Winds software will be installed on the server to check on the traffic and possible loss of signal and even overuse of the bandwidth. Spiceworks, on the other hand, will be the main software installed on the server to help in reporting of the possible failure of a single node within the network. An additional security measure will be implemented through VPN implementation. The connection will be made through implementing a Point-to-Point link between the Internet and the corporate network which will ensure a secure link between the two sides. As a way of ensure the safety of the information systems at all times, the vulnerability scans will be carried out in real-time by the Cyberoam and Symantec as well as Microsoft firewall. IPsec capability by Cisco switch will allow wireless communication between the laptops and the corporate network which is provided by the VPN server. The Light Weight Access Point technology (LAP) ensures that the VPN clients establish a connection with a VPN tunnel.
References
Brown, S. (1999). Implement Virtual Private Networks. McGraw-Hill Professional.
Cisco. (2016, 8 28). datasheet-c78-729449.html . Retrieved from www.cisco.com: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3650-series-switches/datasheet-c78-729449.html
House, C. S. (2014). Cyberoam NG series Firewall. Cyberoam Technologies Pvt. Ltd.