Advanced Network Management, Design and Security for YG

Verified

Added on 2023/05/29

AI Summary

This report provides a comprehensive network solution for the Yotsuba Group (YG), focusing on replacing their outdated network and expanding their headquarters. It begins with requirement gathering and assumptions, detailing user needs and network scope. A detailed network proposal is presented, including device selection (Cisco ASA 5506 Firewall, Cisco 2811 Series Router, Cisco 3560 and 2960 switches, Cisco WRT300N Wireless Router, and Cisco 7960 IP Phones), physical topology, wiring, and device placement. The report includes an addressing scheme, justifying the design choices for efficient network communication and security. A network policy outlines user access and security protocols, while a section on network security threats and solutions identifies potential vulnerabilities like DoS attacks and identity spoofing, offering mitigation strategies. The document also covers network design strategies, risk identification, and a disaster management and contingency plan to ensure network uptime and performance. This solution focuses on creating a secure, efficient, and scalable network infrastructure for the Yotsuba Group.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: ADVANCED NETWORK MANAGEMENT AND DESIGN
Advanced Network Management and Design
Name of the Student
Name of the University
Author’s Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
ADVANCED NETWORK MANAGEMENT AND DESIGN
Table of Contents
1. Introduction............................................................................................................................2
2. Requirement gathering and assumptions...............................................................................2
3. Network Proposal...................................................................................................................4
3.1. Device selection..............................................................................................................4
3.2. Physical Topology...........................................................................................................5
3.3. Wiring and device placement..........................................................................................5
4. Addressing Scheme................................................................................................................5
4.1. Justification of the design................................................................................................9
5. Network Policy.....................................................................................................................10
6. Network security Threats and solution................................................................................10
7. Network design strategies and plans....................................................................................12
8. Identification of potential risk..............................................................................................13
9. Disaster management and contingency plan........................................................................13
Bibliography.............................................................................................................................15

2
ADVANCED NETWORK MANAGEMENT AND DESIGN
1. Introduction
The network solution is developed for the Yotsuba Group (YG) for rep the old
network and expanding the companies headquarter in the new building. The company
currently faced different problems with their old network as they found the performance of
the network deteriorated and increase in the number of security incidents. The report is
created for the development of the requirement analysis and assuming the network device and
the wiring that is needed to be made for development of the network framework. A proposal
for the network is attached with the report including the network device, network topology
and wiring and placement of the network device and server for creating a secure network
infrastructure for the organization.
An addressing scheme is also prepared that would be needed for configuring the
network device interface. The number of users should be identified and a network policy is
developed for the management of the usage of the device and allowing or restricting them to
access the core network components. The network security threats acting on the network and
their solution is also documented in the report. Strategy that can be used for mitigating the
risk is given in the report that would help the increase the uptime of the network and provide
the best performance for the organization.
2. Requirement gathering and assumptions
For the development of the network solution the requirement of the network should be
identified on the terms of number of users using the network and the area needed to be
covered by the network. The security requirement and the number of subnets required for the
development of the network is needed to be identified for increasing the efficiency of the
network. The building floor plan should be analysed for the placement of the device and the
develop the cabling plan for connecting the network device and increasing the efficiency of

3
ADVANCED NETWORK MANAGEMENT AND DESIGN
the network. The old network is analysed for finding the flaws in the network and incorporate
the network for increasing the compatibility of the network and secure it from the external
agents.
For gathering the requirement the interaction of the user with the network is needed to
be understand and the resources and the services essential for the network should be listed.
Information about the external and internal access of the services and the resources should
also be identified from the existing old network because without the knowledge about the
users accessing the network resources some of the requirement can be overlooked. A network
design should be designed based on the requirement and shared with the organization for its
approval. For the identification of the potential users the users should be grouped such as:
 Filed office and branch staffs
 Remote users
 Suppliers. Partners and Vendors
 Customers
 Board members
The user access should be added by configuring the server connected in the network
such that the identity of the user is managed and the network resources are kept secured. The
network project should be based on the business goals of the organization and the business
managers should perform a feasibility analysis on the project for the identification of the
contribution of the project on the growth of the organization. The technical requirement of
the network should be defined for establishing the scope of the project and improving the
scalability, availability and performance of the network. It also helps in simplification of the
support and management. The network equipment needed for the development of the project

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
ADVANCED NETWORK MANAGEMENT AND DESIGN
should be listed and the protocols that are needed for establishing the goals of the
organization should be identified for the implementation of the network services.
The following assumptions are made for the development of the network solution and
are given below:
 For the configuration of the network multiple VLANs would be created with
the name of the department and the DHCP protocol should be used for the
allocation of the IP address to the device.
 The users using the network would be have knowledge of using the network
and aware with the security policy of the organization.
 The password of the wireless access point would be available only with the
organizational staffs
3. Network Proposal
3.1. Device selection
For the development of the network solution the following device are needed such as:
 Cisco ASA 5506 Firewall x 2
 Cisco 2811 Series Router x 1
 Cisco 3560 24 PS Layer 3 Switch x1
 Cisco 2960 24TT switch x 9
 Cisco WRT300N Wireless Router x 1
 Cisco 7960 IP Phone x max. 480
 PC x max. 480

5
ADVANCED NETWORK MANAGEMENT AND DESIGN
3.2. Physical Topology
3.3. Wiring and device placement
Each of the floor of the new building should be installed with a server closet for the
installation of the switch and connect the PCs with the switch. Layer 2 switches are used for
the distribution of the network and it connected with the layer 3 switch using copper cross
over cables. The switch port is connected with the IP phone with the means of copper straight
through cable and the PC is connected with the IP phone for reducing the wiring cost and
keep the network simplified. The server, router and the firewalls are needed to be installed in
a separate room and the physical access of this network device should be restricted for the
improvement of the security and eliminate the risk of unauthorised access of the network.
4. Addressing Scheme
Major Network: 192.168.8.0/21
Available IP addresses in major network: 2046
Number of IP addresses needed: 1020
Available IP addresses in allocated subnets: 1068

6
ADVANCED NETWORK MANAGEMENT AND DESIGN
About 54% of available major network address space is used
About 96% of subnetted network address space is used
Subnet
Name
Need
ed
Size
Alloca
ted
Size
Address Ma
sk
Dec Mask Assignabl
e Range
Broadcast
Research
and
Technolog
y (Data)
60 62 192.168.11
.0
/26 255.255.25
5.192
192.168.11
.1 -
192.168.11
.62
192.168.11
.63
Research
and
Technolog
y (Voice)
60 62 192.168.11
.64
/26 255.255.25
5.192
192.168.11
.65 -
192.168.11
.126
192.168.11
.127
Financial
Planning
(Data)
60 62 192.168.8.
0
/26 255.255.25
5.192
192.168.8.
1 -
192.168.8.
62
192.168.8.
63
Financial
Planning
(Voice)
60 62 192.168.8.
64
/26 255.255.25
5.192
192.168.8.
65 -
192.168.8.
126
192.168.8.
127
Sales
(Data)
60 62 192.168.11
.128
/26 255.255.25
5.192
192.168.11
.129 -
192.168.11

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
ADVANCED NETWORK MANAGEMENT AND DESIGN
192.168.11
.190
.191
Sales
(Voice)
60 62 192.168.11
.192
/26 255.255.25
5.192
192.168.11
.193 -
192.168.11
.254
192.168.11
.255
Material
and
Design
(Data)
60 62 192.168.9.
128
/26 255.255.25
5.192
192.168.9.
129 -
192.168.9.
190
192.168.9.
191
Material
and
Design
(Voice)
60 62 192.168.9.
192
/26 255.255.25
5.192
192.168.9.
193 -
192.168.9.
254
192.168.9.
255
Personnel
(Data)
60 62 192.168.10
.0
/26 255.255.25
5.192
192.168.10
.1 -
192.168.10
.62
192.168.10
.63
Personnel
(Voice)
60 62 192.168.10
.64
/26 255.255.25
5.192
192.168.10
.65 -
192.168.10
.126
192.168.10
.127
Planning 60 62 192.168.10 /26 255.255.25 192.168.10 192.168.10

8
ADVANCED NETWORK MANAGEMENT AND DESIGN
and
Manufactu
ring
(Data)
.128 5.192 .129 -
192.168.10
.190
.191
Planning
and
Manufactu
ring
(Voice)
60 62 192.168.10
.192
/26 255.255.25
5.192
192.168.10
.193 -
192.168.10
.254
192.168.10
.255
Legal and
Accountin
g (Data)
60 62 192.168.8.
128
/26 255.255.25
5.192
192.168.8.
129 -
192.168.8.
190
192.168.8.
191
Legal and
Accountin
g (Voice)
60 62 192.168.8.
192
/26 255.255.25
5.192
192.168.8.
193 -
192.168.8.
254
192.168.8.
255
Marketing
(Data)
60 62 192.168.9.
0
/26 255.255.25
5.192
192.168.9.
1 -
192.168.9.
62
192.168.9.
63
Marketing
(Voice)
60 62 192.168.9.
64
/26 255.255.25
5.192
192.168.9.
65 -
192.168.9.
192.168.9.
127

9
ADVANCED NETWORK MANAGEMENT AND DESIGN
126
Server 10 14 192.168.12
.64
/28 255.255.25
5.240
192.168.12
.65 -
192.168.12
.78
192.168.12
.79
Cafeteria 50 62 192.168.12
.0
/26 255.255.25
5.192
192.168.12
.1 -
192.168.12
.62
192.168.12
.63
4.1. Justification of the design
The addressing plan is developed based on each of the VLAN and the VLAN is
needed to be configured with the DHCP addressing pool with the assignable of IP address
created in the above addressing table. The last assignable IP address should be used as the
gateway address such that it can be used for communicating with the hosts connected with
the other VLAN. The creation of the DHCP pool for each of the department helps in
reduction of the broadcasting message and reduce the congestion in the network. The security
of the network can be increased by installing the server in the DMZ zone and controlling the
access of the server using the firewall. The firewall can be configured such that the unknown
IP address can be blocked to access the servers installed in the network. Different VLAN is
also used for the VOIP and the data such that the data packets does not collide with the data
packet causing packet loss and the efficiency of the network is improved.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10
ADVANCED NETWORK MANAGEMENT AND DESIGN
5. Network Policy
The network security policy should be created for the development of the new
network solution. The problems in the old network is analysed and the network is
troubleshooted for development of the policy. The policy is developed for controlling the
usage of the network and keep the malicious users outside the network such that they can not
cause any damage to the resources of the network. The policy is developed for outlining the
procedures and principles that should be followed by the user while accessing the network
(Dacier et al. 2017). It acts as a guideline for the user for managing, monitoring and
maintaining the security of the network designed for the organization. The network security
policy should consists of the following elements:
 Legal procedure and rules for accessing the network
 Management and governance of the internet and web
 Implementation of the security procedures and configuration of the access
control list
 Creation of privilege or role based policy for authorization and authentication
of the service provided to the user
6. Network security Threats and solution
There are different security threats acting on the network and they are needed to be
identified for the development of a secure network solution.
Denial of Service attack – In this attack the users connected in the network are denied
to reach the resource by overloading the resource with numerous requests (Jung, Ahn and Ko
2014). This type of attack is common and proper security measures should be taken for
mitigating the risk of DoS attack.

11
ADVANCED NETWORK MANAGEMENT AND DESIGN
Brute force attack – It is used for getting the password of the system with the
application of trial and error mechanism. Once getting the server the intruder can get the
access of the system and the sensitive information about the organization.
Identity Spoofing – The user can use the IP address of a host connected in the
network for altering the data packet and appear as a regular host or the source address for
performing illegal activity.
Browser attack – The main target of this attack are the end users using the browser
and spreading to the whole organizational network (Pierce 2016). Malware can be
downloaded from the sites as fake update of software and infect the system.
SSL TLS attack – This attack is used for intercepting the data transmitted between the
hosts connected in the network. The unencrypted message can be accessed by the attacker
compromising the security of the network.
There are different technology that can be used for mitigation of the security issues
such as:
Penetration Test – In this test the network solution created for the organization is
needed to be hacked with the involvement of friendly hacker for the identification of the
vulnerability of the proposed system. The IT professional hired uses the same technique as
the hacker for the exploitation of the network and identification of the security issue.
Intrusion Detection – In this system the suspicious activity of the user can be
identified by tracking the unauthorised access of the user. For the examination of the
intrusion a malware scan is performed and the general network activity of the user is
reviewed. The vulnerability of the network is checked along with the illegal program installed
in different systems (Jackson et al. 2014). A monitoring is done on the file settings and other
activity of the user for detection of the malicious user.

12
ADVANCED NETWORK MANAGEMENT AND DESIGN
Network Access Control – In this methodology the network access of the user is
controlled based on the network security policy defined for accessing the servers and the
network devices that requires authorization and authentication for the users.
7. Network design strategies and plans
For the development of the network design a strategy must be followed and the
requirement of the network should be identified. The network solution should be aligned with
the goals and objectives of the organization such that the organization is benefitted with the
implementation of the network. Firstly the details of the client should be gathered with their
job role and their working department for the identification of the bandwidth requirement and
the service needed for the management of their operations. The applications used by them
should be listed and should be evaluated regarding the safety of the application for
minimizing the abuse possibility. Secure version of the application should be used and the
access to the unsecured sites should be prevented for reducing the risk of installation of
malware in the system. The installation of the antivirus and management of the user accounts
in the server also helps in controlling the activity of the user and increases the security of the
network framework.
For monitoring the performance of the network an appropriate network monitoring
tool should be selected. The network monitoring tool provides an easy solution for
monitoring the current performance of the network and detecting the faults in the network for
preventing the downtime and troubleshooting the errors. The network monitoring tool should
be selected such that it provides support for the multi-vendor environment have the
scalability to fit the network regardless of the size and complexity of the network. The
devices connected in the network is monitored for getting the complete visibility of the
network and control the network infrastructure according to the needs of the organization.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

13
ADVANCED NETWORK MANAGEMENT AND DESIGN
8. Identification of potential risk
The potential risks identified for the development of the network framework are given below:
Viruses – The virus attack can be a big threat for the small scale and the large scale
enterprises as it can delete valuable information or corrupt files affecting the daily operation
of the business.
Application software – The software installed in the system is needed to be updated
regularly because the outdated software can slow down the network and crash the site causing
a major issue for the organization.
Hackers – The hackers can intrude into the organizational network causing
devastating damage by stealing the sensitive files and information and exposing the secrets of
trade for the competitor.
Employees – The security of the organizational network can be breached by the
internal employees without any concern that can pose a threat on the network security
(Behringer et al. 2017). Th lack of education and the absence of security practice is the main
cause of this threat.
9. Disaster management and contingency plan
For reducing the network downtime a disaster management and contingency plan
should be developed that helps in identification of the immediate response for rapidly
recovering the network. Recovery team should be formed for the management of the
responsibility of the team members and familiarize team with the content of the plan. An
instruction set should be created for invoking the plan and management of the external
communication (Cardoso, Costa and Francês 2015). A backup policy should be developed for
preserving the corporate information on regular basis on a different geographical location.

14
ADVANCED NETWORK MANAGEMENT AND DESIGN
The network components used for backup should be stored in a secure area and the backups
should be stored redundantly such that no data is lost during the recovery process. In case of
management of the disaster fuels should be arranged for the portable generators and the basic
necessities should be arranged such as cash, medical supplies, etc (Tagliacane et al. 2016).
An image of the system should also be created and the critical network elements should be
backed up such as PBXs, emails, Routers, switches, File servers, etc.
The recovery plan is needed to be reviewed quarterly and it should be tested for
analysing its functionality by considering a dynamic environment. A response and recovery
checklist should be used along with a flow diagram for creating a quick reference and
implementation of the disaster recovery plan.

15
ADVANCED NETWORK MANAGEMENT AND DESIGN
Bibliography
Awais, M. and Shah, M.A., 2017, September. Information-centric networking: a review on
futuristic networks. In Automation and Computing (ICAC), 2017 23rd International
Conference on (pp. 1-5). IEEE.
Behringer, M., Carpenter, B., Eckert, T., Ciavaglia, L., Liu, B., Nobre, J. and Strassner, J.,
2017. A reference model for autonomic networking. In IETF Internet draft.
Bilal, K., Khan, S.U., Manzano, M., Calle, E., Madani, S.A., Hayat, K., Chen, D., Wang, L.
and Ranjan, R., 2015. Modeling and Simulation of Data Center Networks. In Handbook on
data centers (pp. 945-958). Springer, New York, NY.
Cardoso, A.J.F., Costa, J.C.W. and Francês, C.R.L., 2015. A New Proposal of an Efficient
Algorithm for Routing and Wavelength Assignment in Optical Networks. Journal of
Communication and Information Systems, 25(1).
Dacier, M.C., Konig, H., Cwalinski, R., Kargl, F. and Dietrich, S., 2017. Security challenges
and opportunities of software-defined networking. IEEE Security & Privacy, (2), pp.96-100.
Deshpande, S. and Shankar, R., 2016, March. A discrete addressing scheme for wireless
sensor networks based internet of things. In Communication (NCC), 2016 Twenty Second
National Conference on (pp. 1-6). IEEE.
Jackson, D., Barrett, J.K., Rice, S., White, I.R. and Higgins, J., 2014. A design‐by‐treatment
interaction model for network meta‐analysis with random inconsistency effects. Statistics in
medicine, 33(21), pp.3639-3654.
Jung, W.S., Ahn, H. and Ko, Y.B., 2014, April. Designing content-centric multi-hop
networking over Wi-Fi Direct on smartphones. In Wireless Communications and Networking
Conference (WCNC), 2014 IEEE (pp. 2934-2939). IEEE.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

16
ADVANCED NETWORK MANAGEMENT AND DESIGN
Kaur, K., Kumar, K., Singh, J. and Ghumman, N.S., 2015, March. Programmable firewall
using software defined networking. In Computing for Sustainable Global Development
(INDIACom), 2015 2nd International Conference on (pp. 2125-2129). IEEE.
Kounev, S., Huber, N., Brosig, F. and Zhu, X., 2016. A model-based approach to designing
self-aware IT systems and infrastructures. Computer, 49(7), pp.53-61.
Lee, Y., Choo, H. and Kim, D.S., 2015, January. Network independent mobility management
scheme using virtual IP addressing. In 2015 International Conference on Information
Networking (ICOIN) (pp. 336-339). IEEE.
Mijumbi, R., Serrat, J., Gorricho, J.L., Bouten, N., De Turck, F. and Davy, S., 2015, April.
Design and evaluation of algorithms for mapping and scheduling of virtual network
functions. In Network Softwarization (NetSoft), 2015 1st IEEE Conference on (pp. 1-9).
IEEE.
Network, M.D.A.I.D., 2015. Critical Analysis & Proposal.
Pierce, J., 2016, June. Design Proposal for a Wireless Derouter: Speculatively Engaging
Digitally Disconnected Space. In Proceedings of the 2016 ACM Conference on Designing
Interactive Systems (pp. 388-402). ACM.
Rakotoarivelo, T., Jourjon, G. and Ott, M., 2014. Designing and orchestrating reproducible
experiments on federated networking testbeds. Computer Networks, 63, pp.173-187.
Rowland, C., Goodman, E., Charlier, M., Light, A. and Lui, A., 2015. Designing connected
products: UX for the consumer internet of things. " O'Reilly Media, Inc.".
Tagliacane, S.V., Prasad, P.W.C., Zajko, G., Elchouemi, A. and Singh, A.K., 2016, March.
Network simulations and future technologies in teaching networking courses: Development
of a laboratory model with Cisco Virtual Internet Routing Lab (Virl). In Wireless

17
ADVANCED NETWORK MANAGEMENT AND DESIGN
Communications, Signal Processing and Networking (WiSPNET), International Conference
on (pp. 644-649). IEEE.
Wang, L., Shang, W., He, W. and Wang, D., 2016, November. Consistent replication
protocol for Named Data Networking. In Network Protocols (ICNP), 2016 IEEE 24th
International Conference on (pp. 1-2). IEEE.
Xu, S., Fujikawa, K., Furukawa, H., Harai, H., Awaji, Y. and Wada, N., 2016, September.
Experimental assessment of seamless interconnection of OPS and EPS networks with IP
addressing and routing control. In ECOC 2016; 42nd European Conference on Optical
Communication; Proceedings of (pp. 1-3). VDE.
Zhang, L., Li, X.Y., Huang, W., Liu, K., Zong, S., Jian, X., Feng, P., Jung, T. and Liu, Y.,
2014, September. It starts with igaze: Visual attention driven networking with smart glasses.
In Proceedings of the 20th annual international conference on Mobile computing and
networking (pp. 91-102). ACM.