Riordan Manufacturing Network Design and Security Report: VPN Solution

Verified

Added on 2019/10/09

AI Summary

This report details a VPN network design for Riordan Manufacturing, a global plastics manufacturer with multiple offices. The proposed solution utilizes VPN routers to create secure tunnels over the public internet, leveraging TCP/IP protocols for communication. The report justifies the selection of VPN for its cost-effectiveness, scalability, and security, while acknowledging latency and response time trade-offs. It examines the existing security situation, including wired and wireless LANs, and outlines potential threats such as unauthorized access, DoS attacks, and social engineering. The importance of explicit enterprise security policies is emphasized, along with potential threats and protection techniques like firewalls and intrusion detection systems. The report also highlights common security concerns inherent in networking and recommends hardware and software environments for protection, including SSH key authentication, firewalls, and VPNs, referencing various sources to support its findings.

RIORDAN NETWORK REPORT 1
Riordan Network Report
NAME
August 14, 2016

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

RIORDAN NETWORK REPORT
Company Background
Riordan Manufacturing is a global plastics manufacturer that employs 550 people and is
headquartered in San Jose, California, having facilities worldwide. (Tavangaran, 2016). To
enable communication among these geographically spread offices we build upon our
recommendations as in previous two reports.
Network Design
Each office's LAN will be configured with a VPN router to serve as endpoints in the
VPN architecture. Using their exiting Internet connection, the VPN router will create a per-
session 'tunnel' in the public Internet, using which the encrypted user data is encapsulated in
tunnel packets and routed as usual on the Internet. The Internet routes these packets as usual and
the endpoint computers read the data encapsulated inside the tunnel packets, decrypt it and
process it ("How VPN Works: Virtual Private Network (VPN)", 2016).
Office 1 LAN Office 2 LAN
Office 3 LAN
VPN Gateway VPN Gateway
VPN Gateway
Internet

RIORDAN NETWORK REPORT
We expect our VPN to be set up for initial testing in under a week and after testing and removing
any implementation issues, we expect the network to be usable in about three weeks.
Design Approach and Rationale
We select Virtual Private Network (VPN) over public Internet under intranet site-to-site
configuration for our company's networking requirement. Protocols used will be TCP/IP
(Transmission Control Protocol/Internet Protocol), as this is the protocol of Internet and most
computers and network devices are capable of communicating in this (Tyson & Crawford, 2011).
We choose this solution as it is cost-effective, is scalable and provides security (by using
encryption) and does not violate any network performance parameters like latency, response time
and jitter for our data requirements.
Performance in Data Rate and Other Parameters
Also, latency in the recommended design is acceptable and is a tradeoff in our chosen
network. We lose control of or a minimum Service Level Agreement (SLA) on latency as some
users in the network may not have sufficient bandwidth. "Latency guarantees are hard to come
by because they're hard to implement" ("The Solution - "How do I turn the network I've got into
the network I need"", 2016).
The response time of the recommended time is acceptable. We do not have a guarantee of
response time in our chosen network, due to the wide variety of speed and quality of the
underlying Internet routes. We consider this a reasonable tradeoff since the company will
primarily be sharing emails, files, and other non-live data.
As per jitter, the recommendation meets this requirement as well. As mentioned earlier,
the company is mainly working with data that is not latency sensitive, thus any jitter is unlikely
to have any noticeable effect on user interface (Hruska, 2015).

RIORDAN NETWORK REPORT
Existing Security Situation
Currently the offices of the company are like islands. They may have their internal
networking, but they have no medium to talk to each other (which is the problem we are
solving). Thus, the discussion on existing security then becomes a discussion of whatever
security provisions the on-site team has established. Now, these offices are using (and will
continue to keep using in the new network design) wired and wireless LAN network.
Wired LAN poses less security issues and provides more control as a tangible physical
medium - cable - is required for the network (Evans, 2013). Separate security zones are created,
so that we can enforce our security policy (Oxenhandler, 2003).
In wireless LAN, risks like insertion attacks, interception and unauthorized monitoring,
jamming, client-to-client attacks, brute force attacks, encryption attacks (Kumar, 2016). To
provide security, the offices have established wireless LAN policies, logically separated internal
networks, removed unnecessary protocols, restricted access point connections and ensured that
all wireless equipment is within premises and no unauthorized person can physically access it.
Common to both types of network is the risk of worms, viruses, denial of service (DoS)
attacks, and to handle these firewalls, intrusion detection systems, encryption etc are used.
Threats to Communication Networks
Electronic threats to communication networks include unauthorized people finding a way
into the network, exploiting software bugs, buffer overflows, denial of service (DoS), hijacking
of the protocol used, data sniffing as it flows through the network and social engineering attacks
(Weisz, 2002).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

RIORDAN NETWORK REPORT
Physical threats to communication networks include unauthorized access to networking
equipment, wire-tapping, damage or theft of equipment, threats from environment like fires,
hurricanes, tornados, and flooding and threats due to poor or no maintenance and electrical
disturbances (Kumar, 2016).
Importance of Explicit Enterprise Security Policies and Procedures
'A company's security policy is the central repository where intangibles such as corporate
philosophy, mission statements, culture, attitude to risk and other difficult to define parameters
can finally be crystallized into enforceable, measurable action statements, procedures and ways
of working' (Loots, 2001). Thus, policies need to be created and published so that everyone
understands the policies and knows the plan of action for a certain process, and when some
contingency arises. The company needs to ' decide the appropriate action for any possible
security breach ahead of time, and have resources available to repair the problem as soon as
possible' ("Developing Security Policies and Procedures", 2016).
Potential Threats and Protection Techniques
The potential threats to a network include (Weisz, 2002):
 Finding a way into the network, which is prevented by firewalls
 Exploiting software bugs, buffer overflows which is prevented by intrusion detection
systems
 Denial of Service (DoS), which is prevented by ingress filtering
 TCP (Transmission Control Protocol) hijacking, which is prevented by IPSec
 Packet sniffing, which is prevented by Encryption (SSH, SSL, HTTPS)
 Social problems, which are prevented by education
Firewall

RIORDAN NETWORK REPORT
A firewall is like a castle with a drawbridge, with only one point access in and out of
network, and can be implemented in hardware or software (Weisz, 2002) and ' typically
establishes a barrier between a trusted, secure internal network and another outside network,
such as the Internet, that is assumed not to be secure or trusted' (Oppliger, 1997).
Some of the network attacks that firewalls help mitigate include remote login, application
backdoors, SMTP session hijacking, Denial of Service, email bombs, macros, viruses, spam,
redirect bombs and source routing (Tyson, 2000). It does so by controlling all the traffic that
goes out of the internal network and all the traffic that comes into the internal network. And this
is implemented by packet filtering (analyzing and dropping data packets as per rules), proxy
service (by being the client of the external network on behalf of internal user agents) and stateful
inspection (at a layer higher than the packets, and making a judgment of the state of the
transmission (Conway & Cordingley, 2004)).
Security Concerns Common to All Networks
Some security concerns are inherent in any networking. These concerns are fundamental
in that if in future a totally different network is introduced, these concerns will present
themselves there also and will have to be handled. Such security concerns and threats include
unauthorized people finding a way into the network, exploiting software bugs, buffer overflows,
denial of service (DoS), hijacking of the protocol used, data sniffing as it flows through the
network and social engineering attacks (Weisz, 2002).
Hardware and Software Environment For Protection
For a secure network that will protect the environment, Ellingwood( 2015) recommends
SSH key authentication, firewall, virtual private network (VPN), private networking, public key
infrastructure, SSL/TLS Encryption, service auditing, file auditing, intrusion detection systems,

RIORDAN NETWORK REPORT
isolated execution environments. For hardware, we recommend security and access control to
physical premises and hardware, in addition to taking care of electrical and natural environment
problems.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

RIORDAN NETWORK REPORT
References
Conway, R. & Cordingley, J. (2004). Code hacking (p. 281). Hingham, Mass.: Charles River
Media.
Developing Security Policies and Procedures. (2016). Technet.microsoft.com. Retrieved 14
August 2016, from https://technet.microsoft.com/en-us/library/cc977913.aspx
Ellingwood, J. (2015). 7 Security Measures to Protect Your Servers | DigitalOcean.
Digitalocean.com. Retrieved 14 August 2016, from
https://www.digitalocean.com/community/tutorials/7-security-measures-to-protect-your-servers
Evans, S. (2013). Wired vs wireless in the enterprise. ComputerWeekly. Retrieved 14 August
2016, from http://www.computerweekly.com/feature/Wired-vs-wireless-in-the-enterprise
How VPN Works: Virtual Private Network (VPN). (2016). Technet.microsoft.com. Retrieved 31
July 2016, from https://technet.microsoft.com/en-us/library/cc779919%28v=ws.10%29.aspx?
f=255&MSPPError=-2147217396
Hruska, J. (2015). What is Jitter?. Speedtest Blog. Retrieved 31 July 2016, from
http://www.speedtest.net/articles/what-is-jitter/
Kotsev, M. (2011). Network Security Threats | Networks & Communications. Network-
communications.blogspot.in. Retrieved 14 August 2016, from http://network-
communications.blogspot.in/2011/04/network-security-threats.html
Kumar, R. (2016). Wireless LAN security. Slideshare.net. Retrieved 14 August 2016, from
http://www.slideshare.net/RajanKumar1/wireless-lan-security-5328412
Loots, M. (2001). Importance of a security policy (1st ed., p. 1). South African Journal of
Information Management. Retrieved from
http://www.sajim.co.za/index.php/SAJIM/article/viewFile/135/132
Murillo, N. (2016). Riordan Manufacturing, Inc.. prezi.com. Retrieved 31 July 2016, from
https://prezi.com/auheop-oxk-r/riordan-manufacturing-inc/
Oppliger, R. (1997). Internet security: firewalls and beyond. Communications Of The ACM,
40(5), 92-102. http://dx.doi.org/10.1145/253769.253802
Oxenhandler, D. (2003) (1st ed., p. 4). SANS Institute. Retrieved from
https://www.sans.org/reading-room/whitepapers/bestprac/designing-secure-local-area-network-
853
Sosinsky, B. (2009). Networking bible (p. 118). Indianapolis, IN: Wiley.

RIORDAN NETWORK REPORT
Tavangaran, A. (2016). Information on Riordan Manufacturing | eHow. eHow. Retrieved 31 July
2016, from http://www.ehow.com/about_5729395_information-riordan-manufacturing.html
The Solution - "How do I turn the network I've got into the network I need". (2016).
Networkworld, (Volume 14, Number 22), 60. Retrieved from https://books.google.co.in/books?
id=NR0EAAAAMBAJ&lpg=PA60&ots=yH7xOsKHc2&dq=latency%20in%20virtual
%20private%20network%20intranet%20internet&pg=PA60#v=onepage&q&f=false
Tyson, J. (2000). How Firewalls Work. HowStuffWorks. Retrieved 14 August 2016, from
http://computer.howstuffworks.com/firewall.htm
Tyson, J. & Crawford, S. (2011). How VPNs Work. HowStuffWorks. Retrieved 31 July 2016,
from http://computer.howstuffworks.com/vpn.htm
Weisz, J. (2002). Network Security (1st ed., p. 10). Carnegie Mellon School of Computer
Science. Retrieved from https://www.cs.cmu.edu/~srini/15-441/F02/lectures/lec21-security.pdf
What is a Communication Protocol? - Definition from Techopedia. (2016). Techopedia.com.
Retrieved 31 July 2016, from https://www.techopedia.com/definition/25705/communication-
protocol
What is latency? - Definition from WhatIs.com. (2016). WhatIs.com. Retrieved 31 July 2016,
from http://whatis.techtarget.com/definition/latency