Secure Network Design Proposal

Document Sample
Secure Network Design Proposal Powered By Docstoc
					     BDMHS
     Network Proposal
     Kevin Gilmartin, Andrew Mullen, Joe Faron, Pierre Sajous, Scott Behrens


     Compu-Global-Hyper-Meganet

     April, 2006




BDMHS Network Proposal                                                     Page i
                                    BDMHS NETWORK PROPOSAL

                                                   TABLE OF CONTENTS
                                                                                                                                                     Page #

1.0   Executive Summary ......................................................................................................................... 1-1
      1.1      Abstract .................................................................................................................................. 1-1
      1.2      Compu-Global-Hyper-Meganet Company Policy .................................................................. 1-1
2.0   Network Design Specification ......................................................................................................... 2-1
      2.1      Summary ................................................................................................................................ 2-1
      2.2      IP address Schema .................................................................................................................. 2-1
      2.3      Routing Schema ..................................................................................................................... 2-1
      2.4      Network Diagram ................................................................................................................... 2-2
3.0   WAN Specification .......................................................................................................................... 3-1
      3.1      Interconnect Overview ........................................................................................................... 3-1
4.0   Access and Security ......................................................................................................................... 4-1
      4.1      Security Overview .................................................................................................................. 4-1
5.0   Systems Specification ...................................................................................................................... 5-1
      5.1      Hardware ................................................................................................................................ 5-1
      5.2      Software ................................................................................................................................. 5-1
6.0   Migration and Implementation ......................................................................................................... 6-1
      6.1      Summary ................................................................................................................................ 6-1
      6.2      Timeline ................................................................................................................................. 6-2
7.0   Pricing .............................................................................................................................................. 7-1
      7.1      Summary ................................................................................................................................ 7-1
      7.2      Pricing Chart .......................................................................................................................... 7-1
8.0   Appendicies...................................................................................................................................... 8-1




BDMHS Network Proposal                                                                                                                               Page ii
                                  1.0 Executive Summary




                         1.0   Executive Summary




BDMHS Network Proposal
                                                                                 1.0 Executive Summary




1.0    GENERAL INFORMATION


1.1    Abstract

This document provides you with our proposed network design for BDMHS headquarters located in
Lincoln Park as well as the two remote locations in Naperville and Downtown Chicago. This document
includes Network Design Specifications, WAN Specifications, Access and Security, System
Specification, Migration and Implementation, and Pricing. We have come to the conclusion that our
grand total will be $92,000.00, exactly $3,000 dollars under the proposed grant money, and we will still
have perfectly running network thanks to the generous donation of 35 PC’s and 3 switches not to mention
the extremely discounted rates because of the non-for-profit status of your business. The following
report outlines the specifications for your new network.


1.2    Compu-Global-Hyper-Meganet Company Policy

Pierre Sajous and Scott Behrens founded compu-Global-Hyper-Meganet in 2003. The two were both
consultants for JP Consultant Company but decided to branch off into their own consulting firm.
Compu-Global-Hyper-Meganet provides state of the art networks from 3 years ago to customers
desperately in need of an upgrade.




BDMHS Network Proposal                                                                         Page 1-1
                                          2.0 Network Design Specification




                         2.0   NETWORK DESIGN SPECIFICATION




BDMHS Network Proposal
                                                                          2.0 Network Design Specification



2.0     NETWORK DESIGN SPECIFICATION


2.1     Summary

Below is the proposed network design for your local and remote offices. Our goal was to maximize
resource efficiency while minimizing cost. We used private addressing locally to preserve your class C
network addresses and we chose to use a high speed interconnect to make sure your applications have
enough bandwidth to support multiple application connections. We also used EIGRP protocol for
routing, which allows for a redundant and scalable network, which will provide your network with
minimal downtime in the case of maintenance and system failure.


2.2     IP address Schema

Included with your high speed interconnect is a class C network. In order to allow for scalability all
client machines will be assigned a private IP address in the 192.x.x.x. range. In your remote sites the
routers provided will perform PAT to allow interconnectivity between sites using one class C address.
The main site will have an application server, which will need access to the Internet. We will provide
static NAT translation to allow this machine to access the Internet on one of the server’s two interfaces.
The other interface will be accessible internally and remotely to BDMHS workers to perform the email
and application calls. Your network is also further divided into VLAN’s on the core switch to allow only
specific machines access to the Internet. This will provide easy access if BSMDS decides to allow more
than just the application server to have Internet access. See network diagram pg. 2-2.


2.3     Routing Schema

In order to perform routing between sites we will use EIGRP. Key capabilities that distinguish EIGRP
from other routing protocols include fast convergence, support for variable-length subnet mask, support
for partial updates, and support for multiple network layer protocols. EIGRP will be run between the
remote sites and the ISP. We will be using Autonomous System Number 100 to distinguish the network.
Automatic route summarization will be disabled if BDMHS decides in the future to conserve more IP
address by using discontinuous subnets. The core router will also run a firewall. See access and
security pg 4-1.




BDMHS Network Proposal                                                                           Page 2-1
                                                                                                                       2.0 Network Design Specification




2.3   Network Diagram



                                                               Blue Demon Musician
                                                                   Help Services


                                                                                  Internet



                                                                                                                    EIGRP
                    Remote Office                                                            Headquarters                    AS 100   Remote Office
                     (Naperville)                                     163.63.63.8/25         (Lincoln Park)                            (Downtown)
                        163.63.63.1/30                           163.63.63.2/30              163.63.63.5/30                              163.63.63.4/30


                  192.168.2.1                                                            192.168.1.1                                            192.168.3.1




                                                              192.168.1.192/30                                                                                      24 Port Switch
                        24 Port Switch                                                             24 Port Switch
                                                              Nat to 163.x.x.10


                                         Application Server
                                           E-mail Server                                                       `
                                            Web Server

         `                                                                                            192.168.2.128/26- HR                           `
                                                              192.168.1.196/30
                                                              Nat to 163.x.x.11                                                                    192.168.3.0/24
       192.168.2.0/24
                                                                                                   48 Port Switch




                                                                                  192.168.2.0/25
                                                                                                              `



Figure 2.1 - Network Diagram




BDMHS Network Proposal                                                                                                                               Page 2-2
                                    3.0 WAN Specification




                         3.0   WAN SPECIFICATION




BDMHS Network Proposal
                                                                                     3.0 WAN Specification



3.0     WAN SPECIFICATION


3.1     Interconnect Overview

In the proposed network Internet connectivity to the WAN will be provided. Allowing the proposed
network to connect to the Internet will benefit BDMHS in several ways. Connecting the corporate web
server and e-mail server will give BDMHS communication to the outside world and presence on the
Internet. Employees at BDMHS will also be able to access to the Internet to complete required tasks,
which will maximize performance in the work place.

JP Telco will be providing the appropriate WAN connections for BDMHS. As shown in the network
diagram, BDMHS headquarters will be connected to the Internet via T1. The T1 to the Internet will
provide Internet access to the company headquarters and both remote offices. The remote offices will be
connected to the core network, at the BDMHS headquarters, via dedicated T1. Having a T1 going out to
both remote sites will allow users at all sites to access the application server which is housed on the core
network, while also allowing each remote user an ample amount of bandwidth, which is the required 50K
per session.




BDMHS Network Proposal                                                                             Page 3-1
                                      4.0 Access and Security




                         4.0   ACCESS AND SECURITY




BDMHS Network Proposal
                                                                                       4.0 Access and Security



4.0     ACCESS AND SECURITY


4.1     Access System


When designing your proposal, we kept resource access and security in mind. By using state full firewall
inspection, users on your main site and remote sites will have access to the application server. We will
also provide strict firewall rules to allow users to access the service outside of the infrastructure, but only
for the application. This will prevent attackers and hackers from accessing your resources. According to
your specifications, only the application server will have Internet access. If you need additional servers
or workstations to have Internet access, the VLAN those machines are on can be changed to the Internet
VLAN (VLAN 2).

Due to the increase in security flaws and viruses among windows machines, we chose to install all Linux
based workstations and clients. This will allow for your network to be up to date with a hardened
operating system that includes all the features of a major OS like windows. The operating system is
Fedora Core, which is a major distribution frequently updated with security and software packages.
Training on this system will be easy, as it provides a visual desktop reminiscent of windows.

Your application server will also run Fedora Core. The application server will run Apache web server.
Apache provides a secure, efficient and extensible web server that provides HTTP services in sync with
the current HTTP standards. The application sever will also run Dovecot, an open source IMAP and
POP3 server for Linux/UNIX-like systems, written with security primarily in mind. This will ensure that
your systems and applications are secure, allowing for minimal downtime and increased productivity.




BDMHS Network Proposal                                                                                Page 4-1
                                    5.0 Systems Specification




                         5.0   Systems Specification




BDMHS Network Proposal
                                                                                 5.0 Systems Specification



5.0     SYSTEMS SPECIFICATION


5.1     Hardware

We are using a variety of Hardware items in the network. This includes the Server, Client PC’s, Printers,
Switches, and Routers.
Our Server is a Dell Poweredge 4400 Dual 866MHZ and 3 36GB HD. This server meets all the
requirements for the network and was found at a cheap price. This server has the appropriate power and
disk space to house the newly implemented counseling application, corporate e-mail, and corporate web.
Our Client PC’s are IBM NetVista Intel Pentium III processor, 256 MB RAM, and 20 GB HD. Each
workstation will be running Fedora 4 Core, which will be user friendly and easy to use for all employees.
Each one of the printers we are going to implement is going to be a HD 8150 LaserJet. Each printer will
be able to be shared with all users, one printer per location.
In our network we have four switches being implemented. We have three Cisco 24-port, 10/100 Mb
managed switches. And we also have a Cisco 48-port, 10/100 Mb managed switch. We are confident
that these Cisco switches will produce a high performing network and take care of all of our network
trafficking needs. Also with so many open ports available in every location, we are leaving ample space
for expansion up to 50%.
Our network design requires the use of three routers. The first router, which we will be using in out core
network, is a Cisco 2611 router. We are using the Cisco 2611 for the sole purpose because it has dual
Ethernet ports, which is required for the design of our network. For the remote sites, which will be
connecting to the core network via dedicated T1, we are using two Cisco 1720 modular routers.



5.2     Software


Fedora Core is an operating system and platform based on Linux, which is always free for anyone to use,
modify, and distribute. It comes with security in mind, and has an enhanced GUI desktop making it
easier to transition users from a Windows environment. On top of the Fedora application server will run
apache web server and dovecot mail server. Both of these software packages are de facto standards with
enhanced security configurations. The core router will run secure IOS 12.3. This will allow the router to
act as a state full firewall and an intrusion defense system. These characteristics of the software will
make your work environment state of the art in defense.




BDMHS Network Proposal                                                                           Page 5-1
                                          6.0 Migration and Implementation




                         6.0   MIGRATION AND IMPLEMENTATION




BDMHS Network Proposal
                                                                          6.0 Migration and Implementation



6.0     MIGRATION AND IMPLEMENTATION


6.1     Summary

Our Implementation is outlined in the diagram below. (See 6.2) First, we must order all the Printers,
Servers, Workstations, Network Gear, Cabling, and Accessories as well as the Access Lines. After we
receive the workstations, we can set them up at the Local and Remote Sites and test them for any
problems. In the setup, we will install and ghost the Fedora Core Operating System. At this time, we
will also set up the Application Server.

After that, we will set up the wall jacks and cabling infrastructure, starting first at the remote sites and
then the Headquarters. After this, we will start with the installation and configuration of the network
gear. To begin, we will install the router and configure the firewall and routing protocols. We will then
install the switches and configure them and the VLANs. Once all of this is done, we will test the
Application Server and Connectivity.

Throughout the entire implementation process, we will be constantly testing and troubleshooting
everything to ensure the perfection of the network processes. Upon completion of the network, we will
train all the employees on how to use the new equipment and software.




BDMHS Network Proposal                                                                             Page 6-1
                         6.0 Migration and Implementation

6.2   Timeline




BDMHS Network Proposal                           Page 6-2
                               7.0 Pricing




                         7.0   Pricing




BDMHS Network Proposal           Page 7-2
                                                                                             7.0 Pricing

7.0     PRICING



7.1     Summary

Enclosed below is an outline of all the equipment, software, labor, etc needed for the network and a
grand total pricing. Labor was discounted for non-for-profit organization and was optimized to save you
$3,000 dollars to allow a generous donation to those in need.


7.1     Pricing Chart


COMPU GLOBAL HYPER MEGA NET

               PROJECT TOTALS INVOICE
                                   BDMHS

HARDWARE
                                                  Price            Shipping Price + SH
SWITCHES
Cisco                                         3            $0.00      $0.00       $0.00
24-Port, 10/100 Mbit Managed

Switch
Cisco                                         1            $0.00      $0.00       $0.00
48-Port, 10/100 Mbit Managed                                                      $0.00
Switch

ROUTERS
Cisco 2611 Router w/ WIC-1DSU-T1 &
WIC-2T Serial                                 1       $250.00        $15.00     $265.00
CISCO 1720 Modular Router                     2       $239.00        $15.20     $493.20

WORKSTATIONS
IBM Laptops/Desktops                         35            $0.00      $0.00       $0.00
IBM Desktops                                 55           $75.00      $0.00   $4,125.00

POWER SUPPLY
APC Back- UPS ES 725 Broadband                3           $64.99      $0.00     $194.97
& Serial 120V



BDMHS Network Proposal                                                                         Page 7-2
                                                                         7.0 Pricing


SERVER
Dell Poweredge 4400 Dual 866MHZ    1    $499.00    $75.00     $574.00
Xeon


PRINTER
HP 8150DN Laser Jet                3      $0.00     $0.00        $0.00

RACKS
Server Cabinet                     1   $1,048.00    $0.00    $1,048.00
Table Top Rack                     2     $934.00    $0.00      $934.00

INTERFACE CARDS
D-link Copper PCI Adapter          2     $18.96     $7.27      $ 45.19

Cable/Face Plates/Jacks
Cat5E Cable 1,000ft                2     $49.99    $22.94     $122.92
Cat5e Keystone Jacks RJ45 lot 50   2      $74.95   $15.50     $165.40
Wall plate                         4     $20.00    $12.00      $92.00


INTERNET CONNECTION
JP TELCO ISP
DEDICATED T1                       2 $21,600.00             $43,200.00
T1 to the Internet                 1 $32,400.00             $32,400.00


LABOR                                  $8,341.32             $8,341.32


SOFTWARE

Fedora/Open Source Applications                                  $0.00



Total                                                       $92,000.00




BDMHS Network Proposal                                                     Page 7-2
                                8.0 Appendices




                         8.0   Appendices




BDMHS Network Proposal
                           8.0 Appendices



8.0    APPENDICIES

Appendices are attached.




BDMHS Network Proposal           Page 8-1

				
DOCUMENT INFO
Description: Secure Network Design Proposal document sample