Preview

Improving Network Topology

Powerful Essays
Open Document
Open Document
2806 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Improving Network Topology
CMCN6103

Deric Law CGS00479903

1. Improving Network Topology Draw the topology of the network that you are currently using. Be sure to include addressing structures, network architecture, and include devices such as core switches, workgroup switches, firewalls, routers, and other network devices. Analyze the security of the topology and then draw a proposed new topology. Be sure to include security detection systems as well as security zones. Kazakhstan International School had implemented their network infrastructure since 2007. The school had around 100 computers and every computer is connected to Internet, serving more than 200 users. The school uses 3 subnets to divide the general administration, computer laboratory and Classrooms. Internet service provider (ISP) of the school is Corporate Telecommunication System (CTC), provided the Fibre Optic network connection for the school. The internal network IP addresses make up of 192.168.1.1 - 192.168.1.254, (General Administration) 192.168.2.1 – 192.168.2.254, (Classroom PC) 192.168.3.1 – 192.168.3.254 (Computer Laboratory) With the subnet 255.255.255.0 Majority of the network topology in the school are makeup of star topology. The figure below shows a section of the network topology (Star Topology) in Kazakhstan International School.

The school do not have managed switch, all of the switches in the school are of unmanaged switches. The number of ports of the switch range from 4 to 24. The models of the switches are D-Link DES-1024D, D-Link DES-1008D, and D-Link DES-1005D. They support the network speed up to 100 Mbps.

1

CMCN6103

Deric Law CGS00479903

As of the internet connection, the school had setup a proxy server with the firewall software in between the ISP and the user. The Router from the ISP provides two external connections for the school through its fibre optic network: 1. External IP address 172.25.146.1 Subnet Mask 225.225.0.0   Connection within



References: Scarfone, Karen; Mell, Peter (February 2007). "Guide to Intrusion Detection and Prevention Systems (IDPS)". Computer Security Resource Center (National Institute of Standards and Technology) (800-94). http://csrc.ncsl.nist.gov/publications/nistpubs/800-94/SP800-94.pdf. Retrieved 1 January 2010. Whitman, Michael E.; Mattord, Herbert J. (2008). Principles of Information Security. Course Technology. pp. 290–301. ISBN 9781423901778. Anderson, Ross (2001). Security Engineering: A Guide to Building Dependable Distributed Systems. New York: John Wiley & Sons. pp. 387–388. ISBN 9780471389224. Anderson, James P., "Computer Security Threat Monitoring and Surveillance," Washing, PA, James P. Anderson Co., 1980. Denning, Dorothy E., "An Intrusion Detection Model," Proceedings of the Seventh IEEE Symposium on Security and Privacy, May 1986, pages 119–131 Lunt, Teresa F., "IDES: An Intelligent System for Detecting Intruders," Proceedings of the Symposium on Computer Security; Threats, and Countermeasures; Rome, Italy, November 22–23, 1990, pages 110–121. Lunt, Teresa F., "Detecting Intruders in Computer Systems," 1993 Conference on Auditing and Computer Technology, SRI International Sebring, Michael M., and Whitehurst, R. Alan., "Expert Systems in Intrusion Detection: A Case Study," The 11th National Computer Security Conference, October, 1988 Smaha, Stephen E., "Haystack: An Intrusion Detection System," The Fourth Aerospace Computer Security Applications Conference, Orlando, FL, December, 1988 Vaccaro, H.S., and Liepins, G.E., "Detection of Anomalous Computer Session Activity," The 1989 IEEE Symposium on Security and Privacy, May, 1989 Teng, Henry S., Chen, Kaihu, and Lu, Stephen C-Y, "Adaptive Real-time Anomaly Detection Using Inductively Generated Sequential Patterns," 1990 IEEE Symposium on Security and Privacy 10      CMCN6103     Deric Law CGS00479903  Heberlein, L. Todd, Dias, Gihan V., Levitt, Karl N., Mukherjee, Biswanath, Wood, Jeff, and Wolber, David, "A Network Security Monitor," 1990 Symposium on Research in Security and Privacy, Oakland, CA, pages 296–304 Winkeler, J.R., "A UNIX Prototype for Intrusion and Anomaly Detection in Secure Networks," The Thirteenth National Computer Security Conference, Washington, DC., pages 115–124, 1990 Dowell, Cheri, and Ramstedt, Paul, "The ComputerWatch Data Reduction Tool," Proceedings of the 13th National Computer Security Conference, Washington, D.C., 1990 Snapp, Steven R, Brentano, James, Dias, Gihan V., Goan, Terrance L., Heberlein, L. Todd, Ho, Che-Lin, Levitt, Karl N., Mukherjee, Biswanath, Smaha, Stephen E., Grance, Tim, Teal, Daniel M. and Mansur, Doug, "DIDS (Distributed Intrusion Detection System) -- Motivation, Architecture, and An Early Prototype," The 14th National Computer Security Conference, October, 1991, pages 167– 176. Jackson, Kathleen, DuBois, David H., and Stallings, Cathy A., "A Phased Approach to Network Intrusion Detection," 14th National Computing Security Conference, 1991 Paxson, Vern, "Bro: A System for Detecting Network Intruders in Real-Time," Proceedings of The 7th USENIX Security Symposium, San Antonio, TX, 1998 Amoroso, Edward, "Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response," Intrusion.Net Books, Sparta, New Jersey, 1999, ISBN 0-9666700-7-8 Kohlenberg, Toby (Ed.), Alder, Raven, Carter, Dr. Everett F. (Skip), Jr., Esler, Joel., Foster, James C., Jonkman Marty, Raffael, and Poor, Mike, "Snort IDS and IPS Toolkit," Syngress, 2007, ISBN 978-1-59749-099-3 Barbara, Daniel, Couto, Julia, Jajodia, Sushil, Popyack, Leonard, and Wu, Ningning, "ADAM: Detecting Intrusions by Data Mining," Proceedings of the IEEE Workshop on Information Assurance and Security, West Point, NY, June 5–6, 2001 Intrusion Detection Techniques for Mobile Wireless Networks, ACM WINET 2003 11

You May Also Find These Documents Helpful

  • Satisfactory Essays

    College Campus

    • 423 Words
    • 2 Pages

    Numbers of students are expected to be doubled every 4 years. There are 4 departments:…

    • 423 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    The explosive growth and popularity of the Internet have resulted in thousands of structured query able information sources. Most organizations are familiar with Penetration Testing and other ethical hacking techniques as a means to understanding the current security status of their information system assets. Consequently, much of the focus of research, discussion, and practice, has traditionally been placed upon active probing and exploitation of security vulnerabilities. Since this type of active probing involves interacting with the target, it is often easily identifiable with the analysis of firewall and intrusion detection/prevention device (IDS or IPS) log files.…

    • 501 Words
    • 2 Pages
    Satisfactory Essays
  • Powerful Essays

    It 244 Appendix B

    • 3468 Words
    • 14 Pages

    Awareness of these kinds of attacks is the key and to be prepared on the part of management and the user. They must be made aware of the consequences of their actions while using the network and accessing the data. The users of the network and system need to be prepared in case of an attack and have knowledge of…

    • 3468 Words
    • 14 Pages
    Powerful Essays
  • Satisfactory Essays

    NETW410 Week 5 Lab Report

    • 297 Words
    • 2 Pages

    1. Provide an IP addressing plan for the existing campus and the new campus. (70 points)…

    • 297 Words
    • 2 Pages
    Satisfactory Essays
  • Powerful Essays

    Riordan Security Issues

    • 1371 Words
    • 6 Pages

    Shaw, R. (2009). Intrusion prevention systems market trends. Faulkner Information Services. Retrieved September 22, 2009, from…

    • 1371 Words
    • 6 Pages
    Powerful Essays
  • Good Essays

    References: Cichonski, P., Miller, T., Grace, T., & Scarfone, K. (2012). Computer Security Incident Handling Guide . Retrieved from http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf…

    • 805 Words
    • 3 Pages
    Good Essays
  • Better Essays

    Lab2 Snort

    • 1322 Words
    • 4 Pages

    References: CSEC 630 Lab2 -Intrusion Detection System and Protocol Analysis Lab (n.d.). University of Maryland University College. Retrieved from: https://learn.umuc.edu/d2l/common/viewFile.d2lfile/Database/NzkyMzkw/CSEC630_lab2_LEO.pdf?ou=33745…

    • 1322 Words
    • 4 Pages
    Better Essays
  • Powerful Essays

    Nt1330 Unit 3 Assignment 1

    • 5050 Words
    • 21 Pages

    This section represents a room, or department within the campus, showing how the Nodes are all connected to a multi-port switch using straight-through cables (Used to connect non-similar devices, such as a PC and a switch). The diagram on the left is a bog standard star topology, whereby a switch is connected to multiple nodes via an RJ45 straight-through cable, thus allowing the transfer of packets to and from the devices on the sub-network; I.E. PC to printer, or laptop to PC and so on. By the connecting the switch to the router(s) at the centre of the college network, you are allowing the sub network above to communicate with other departments and devices around the campus. Such as the Student file server, and the email server, (Which are used for the storage and retrieval of files, and the sending and storing of emails.) both of which are connected to the entire network, allowing access from around the campus, regardless of what device a user chooses to try and access them. The college has also incorporated a server which is used to host the website, and the various services (DNS, ADDS, DHCP)…

    • 5050 Words
    • 21 Pages
    Powerful Essays
  • Good Essays

    Gandhi, M. , & Srivatsa, S. Detecting and preventing attacks using network intrusion. International Journal of Computer Science and Security, 2(1), 49-60. Retrieved , from http://www.cscjournals.org/csc/manuscript/Journals/IJCSS/Volume2/Issue1/IJCSS-28.pdf…

    • 1443 Words
    • 6 Pages
    Good Essays
  • Better Essays

    The network IP addressing scheme for the Frederick MD building should be designed to ease network management. A well thought out network subnet design enables administrators to quickly locate computers by IP address by building floor and room, and whether the computer is a server, a student computer, staff computer or instructor’s computer. A proper subnet design will also minimize broadcast traffic that decreases network performance, by reducing the total number of computers allowed in each broadcast domain. A proper subnet design will also provide for efficient use of IP addresses by including only the number of IP addresses in each subnet necessary to support current computers plus a few additional IP addresses for immediate expansion when required. To differentiate subnets by IP address, student subnets start with a “1” in the third octet, staff subnets start with a “2” in the third octet where “10” in the second and third digits designates the location to be floor 1, “12” designates the location to be floors 1 and 2, “10” designates the location to be floor 1, “20” designates the location to be floor 2, and a second digit of “4” designates office staff and a second digit of “5” designates Admissions staff. The broadcast and network numbers have been removed from the IP address ranges below.…

    • 1166 Words
    • 3 Pages
    Better Essays
  • Satisfactory Essays

    Network Design

    • 534 Words
    • 2 Pages

    In this paper I will be going over a network design proposal for a building on the UMUC campus in Adelphi, Maryland. I would plan to run a fiber optic network to ensure the fastest speeds possible and fiber optics are notorious for not having any signal loss compared to a Cat5e. Using a star topology throughout the building with the servers in each classroom connected to the server room on the respective floor. Equipment used to build the network will consist of servers, routers, hubs and computers. There will be a physical firewall installed on each server and an IDS (Snort) for the network as well as AVG firewall and virus scanner.…

    • 534 Words
    • 2 Pages
    Satisfactory Essays
  • Powerful Essays

    Network Design

    • 1434 Words
    • 5 Pages

    In order to differentiate between students, staff, and instructors, we will place them on different subnets. Also, the instructors subnet will begin with a “1” in the third octet, the staff subnet will begin with a “3”, and the students subnet will begin with a “4” or “5” in the third octet of the IP addresses. Lastly, the second digit of the third octet will assign the floor for each subnet. An even number in the second digit will mean that the computer or device on the subnet is located on the first floor and an odd number means that it is located on the second floor.…

    • 1434 Words
    • 5 Pages
    Powerful Essays
  • Best Essays

    Chen, T. & Walsh, P. J. (2009). Guarding Against Network Intrusions. In J. R. Vacca Computer and Information Security Handbook. Amsterdam: Elsevier.…

    • 4737 Words
    • 19 Pages
    Best Essays
  • Best Essays

    security breaches

    • 2967 Words
    • 12 Pages

    Thiel, J. (2012). IDS/IPS: An Introduction to Intrusion Detection and Prevention Systems. Retrieved on February 6th, 2013, from http://www.ece.drexel.edu/telecomm/Talks/thiel.pdf…

    • 2967 Words
    • 12 Pages
    Best Essays
  • Better Essays

    Dougherty, C., Householder, A., & Houle, K. (2002). Computer attack trends challenge Internet security. Computer, 35(4), 0005-7.…

    • 1278 Words
    • 5 Pages
    Better Essays