COMPREHENSIVE AND SECURE NETWORKING SOLUTION
Contents
Topology and Network Devices. 2
Setting up safe remote access. 7
Discretionary access control 9
Mandatory access control (MAC). 9
Role-based access control (RBAC). 10
Topology and Network Devices
Network Devices
Rocky Mountain Corporation network guidance including the type of network devices that will connect devices to the local area network. The internal and external components required to set up the network include gateway, router, switch, modem, bridge, hub, proxy server, firewalls, NAT, wireless network interface controller, wireless access point (Smith, & Pierce, 2016). We need these devices as we cannot form the network without them. A gateway is a node in the computer network, an important stopping point for data on its way to and from other networks, gateways enable communication and sending of data to and from (Parker, 2017). The internet would not be useful without the use of gateway as well as much other hardware and software (2017).
Routers are the basic building blocks of the modern networks, that offer traffic with gateways to the internet and other networks (Kitagawa et al., 2018). Routers make the flexible cross-network communication possible and allow bigger networks to be active even during reshapes or outages. Routers joint with other network devices like modems, switches, and firewalls can play a critical secondary (2018). A modem simple refers to a modulator and a demodulator. It a hardware device in networking that is used in transmitting and receiving data as well through a channel for communication. A modem converts data from analog to the digital mode (Anne & Watts, 2003). It also gives high quality and faster mode of transferring data from one place to another. Modem facilitates faster growth on the company since most of the operations are being done online via the internet (2013).
A switch is a hardware device responsible for filtering and forwarding network packets from one device such as a computer, server, router, switch, and many other to another in a network system (Gupta, Kaur & Kaur, 2018). It is mostly used in the local area network for sending an incoming message frame by looking at the physical device address called the MAC address. A switch connects multiple hosts, forward messages, manage the traffic, and increase the local area network bandwidth. A wireless access point is a hardware device or access point that permits other Wi-Fi devices connectivity to a wired network such as a local area network (Lee, & Yang, 2019). WAP assists with the connectivity between devices and the internet.
Cryptography
A cryptographic method should be used to ensure vital data is encrypted. The data stored in the server should be encrypted with AES encryption (Banik, Bogdanov, & Regazzoni, 2019). AES stands for Advanced Encryption Standard which is a symmetric block cipher that is used for the protection of confidential information. AES is implemented in software and hardware to encrypt sensitive data and information (2019). As data is much important, we should encrypt and protect the files and data.
Network Protocols
Standardized Network Protocols are critical for providing communication between devices. Network protocols are loaded with some rules they have to. Local area network protocols have the intention of describing the lower layer. Some of the protocols are ethernet, token ring, and fiber distributed data interface (Singh & Dhillon, 2016).
With this network, we can ensure that the network can connect all the users to the company resources. It also provides the file-sharing options with network protocols, to manage all these resources, to avoid misleading, we have to arrange the device in a central location. As we use the Network Address Translation (NAT) and firewalls, we can allow the internal users to get into the internet and also allow the external users to remotely access the VLAN (Paunikar & Singh, 2019). We have NAT, proxy, firewall, and many other types of network devices to make this network to work more efficiently.
Budget Proposal
| Items | Price | Quantity | Total |
| HP NetServer LH 3000r | $52.44 | 5 | $262.20 |
| HP NetServer Storage Rack 12FC | $33.66 | 9 | $302.94 |
| Windows 2000 Server | $999.00 | 5 | $4995.00 |
| Compaq DeskPro EN-PIII 600 MHz | $100.00 | 43 | $4300.00 |
| 1000 Ft Cat5e | $70.24 | 3 | $210.72 |
| Tripp Lite SmartPro 1400NET | $55.37 | 5 | $275.86 |
| Cisco-Linksys EFAH08W EtherFast 8-Port 10/100 Auto-Sensing Hub (Desktop) | $84.90 | 4 | $339.60 |
| Cisco-Linksys EFAH24 EtherFast 10/100 Auto-Sensing 24-Port Hub | $134.16 | 3 | $402.48 |
| Cisco-Linksys EFAH05W EtherFast 10/100 5-Port Workgroup Hub | $39.19 | 5 | $195.95 |
| Linksys EtherFast II 10/100 24-port Switch | $40.95 | 2 | $81.90 |
| Cisco CISCO2621 2621 Dual 10/100 Fast Ethernet Modular Router | $87.71 | 4 | $350.84 |
| FIREWALL-1 INTERNET GATEWAY V4.1 100-NODES ONLINE-DOC Specs | $121.00 | 1 | $121.00 |
| Network Down Time | $750.00 | 1 | $750.00 |
| Total costs | $12,587.77 | ||
IP Infrastructure
An IP address denotes a distinctive number that refers to the identity of a network device on a local network (Friedman et al., 2018). For instance, a cell phone has got a distinctive number that is assigned to it so that it can be receiving and making calls. Likewise, elements of a network possess a recognizing number known as the IP Address (2018). As a matter of fact, the smartphone you are using for surfing the web has got an internet protocol address assigned to it. Nevertheless, one cannot see it unless you search for it. The primary rule is very unpretentious; each and every network device has got a unique internet protocol address assigned to it.
Types of IP addresses
We have two types of internet protocol addresses that are static and dynamic. The main difference that is between static IP addresses and dynamic IP addresses is that in dynamic IP addresses, the IP assignment is done temporarily while in static IP addresses, the IP assignment is done permanently.
Static Addressing
Static IP addresses are static as the name says, they hardly change (Eckert, Balaji & Freed, 2018). The assignment of a static IP address on a network device does not change unless a choice is made for it to be changed. The basic structure of an IP address is a twelve-digit address in a configuration design like yyy.yyy.yyy.yyy. For instance, a network device may have a static IP address such as 210.124.002.167. When this address is referenced on a network, it will point continually to that network device just as a phone number always refers to a specific phone (2018). The benefit of a static IP address against the dynamic is the speed of referencing the IP address (Reid, 2017). The number of IP addresses never alters, it consistently refers to a similar network device making it to get into as fast as possible with limited costly processes.
Dynamic Addressing
The contradiction of assignments done by static IP addresses is the DHCP (Kumar & Wilcke, 2020). Different network devices with a different IP address are assigned to the DHCP as they are connected by a device called the DHCP server. This permits the IP addresses to be controlled proficiently by the benefactors with a great user base. The IP addresses are not allocated at once (2020). The DHCP server permits the assigning of dynamic IP addresses in the system to the network devices that need the addresses at a certain time.
Remote Access
Remote access simply refers to giving individuals access to computer systems, software, and communication technologies, even if they have no direct connection to the network of the company (Hopen et al., 2017). For example, the staff can log into the customer database away from the office, setting a project workspace up where clients have the privilege of sharing and viewing files and to allow the employees to be sending and receiving emails from any computer.
Setting up safe remote access
Various tools can be used for allowing an easy set up for remote access. They include GoToMyPC, PCAnywhere, TeamViewer, LogMeIn, and SplashTop (Tomar et al., 2018). When they are configured properly, they are appropriate for the home setting. Virtual private networks can be used for making remote access more secure. Virtual private networks are fast and secure but may be costly and its configuration may be hard (Deshmukh & Iyer, 2017).
For the remote access to be safe, the network and the remote access devices of the company must be secured.
| To secure the network, the following should be done: o Using firewall and security software for keeping out unwanted connections. o Giving only the remote access to the individuals who require it. o Restricting the kind of data that is accessible remotely for the protection of confidential information. o Making sure that all the computer systems that are connected to the network have installed the latest data security software. o Reviewing the firewall and other server logs to check on the remote access and view for any uncommon activity. | To secure the remote access, the following should be done: o Ensuring proper installation of remote access clients. o Restricting access to the minimum services and functions necessary for staff to perform their duties. o Ensuring the usage of strong passwords by the staff on the devices used to access the network remotely. o Regularly changing the remote access passwords. o Making sure that the staff are not setting their devices to automatic login and do not store passwords on the devices. o Using a strong authentication that needs both a token-based and password authentication. o Having a formal remote access policy that explains the things staff can do and cannot with the remote access. o Deleting the staff remote access privileges when he/she is terminated or no longer needs the privileges. |
The above measures are helpful in the company to improve its remote access security and policies.
Security
The advantages of access control are evident when one thinks about it. Access control is meant for identifying the person who is doing a particular job, authenticating them, and then proceeding to give the person only the permission key to the workstation or door that requires access to and not anything more than that (Gauthier et al., 2018). Access control systems are in three categories: discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC). The access control system keeps the track of the employees, secure the confidential data and documents, reduces theft and accidents, and always knows who is coming in and leaving out of the company.
Discretionary access control
Discretionary access control is a method of an access control system that holds the owner of the company accountable for deciding the kind of people that are allowed in a particular location, digitally or physically (Tirosh & Werner, 2018). Discretionary access control is the less restrictive when in comparison to the other types of access control systems, as it basically gives individual permissions or privileges over the anything or objects they are owning in addition to the programs connected to the objects (2018). The disadvantage of DAC is it gives complete privileges to the end-user the on the security settings of the company and this can lead to malware being implemented without the end-user knowing anything about it.
Mandatory access control
Mandatory access control is usually used in a company that needs a high weight on the confidentiality and classification of data (Smith, Castelino & Vipat, 2020). Mandatory access control does not allow the employees to have the privileges to access units or facilities rather, only those in the management are giving the permissions for access controls. MAC classifies the employees and gives them privileges that permit them to have access to the security with recognized security guiding principles.
Role-based access control
This is the most demanded system from all the access control systems. Under the rile based access control, the assignment of access id done by the system administrator and it is strictly based on the role of the employee within the company and most of the permissions or privileges are on the basis of limitations well-defined by the responsibilities of the job (Bush, Case & Jasper, 2018). The RBAC is more effective since instead of assigning numerous individuals’ specific access, the system administrator assigns access only to the particular jo titles.
Malware
Malware is derived from the words malicious and software. It is a general term that is used to refer to threats like spyware, viruses, adware, and any other software that is installed in the computer system without the knowledge of the user (Ikhalia et al., 2017). Malware gets into the computer systems through many ways such as infected email attachments, infected removable storage media like portable drives, downloaded software, and links in the social media websites, email, or instant messages. Antivirus and anti-spyware software are both monitoring the computer for any potential threats. They usually automatically isolation any alleged malware before damaging the system. Typically, the program will always give notification when isolating a potential threat then permit to delete.
Protection
Installing and maintaining antivirus software. Antivirus software distinguishes malware and protects the computer system against it. The installation of antivirus software from a trustworthy vendor is a critical step for protection and detection infections (LaPlant & Hutchinson, 2019). Always sites of vendors directly instead of clicking on the advertisements links or email links. It is crucial to keep the antivirus software updated since the attackers are always developing new viruses and other kinds of malicious code.
Use caution with links and attachments. Suitable precautions should be taken when utilizing email and web browsers to limit the risks of an infection. Be cagy of unwelcome email attachments and use attentiveness when clicking on email links. Installing or enabling firewall (Rajib, 2017). A firewall prevents some of the types of infections by blocking malicious traffic before it enters the network system (2017).
Using anti-spyware tools. The most common source of the virus is spyware but the infections can be minimized by using a program that identifies and removes spyware. Some of the antivirus software that must be enabled to perform this function include an anti-spyware (Beechey, Gartside & Stern, 2017).
Changing the passwords. When the network is infected, changing the password will greatly help. This involves any passwords for the websites that have been stored in the web browser. Creating and using strong passwords will make it hard for attackers to crack.
Reference
Anne, R., & Watts, R. F. (2003). U.S. Patent No. 6,603,808. Washington, DC: U.S. Patent and Trademark Office.
Banik, S., Bogdanov, A., & Regazzoni, F. (2019). Compact circuits for combined AES encryption/decryption. Journal of Cryptographic Engineering, 9(1), 69-83.
Beechey, M. J., Gartside, P. N., & Stern, H. C. (2017). U.S. Patent No. 9,833,709. Washington, DC: U.S. Patent and Trademark Office.
Bush, M. A., Case, C. L., & Jasper, T. J. (2018). U.S. Patent No. 10,075,450. Washington, DC: U.S. Patent and Trademark Office.
Deshmukh, D., & Iyer, B. (2017, May). Design of IPSec virtual private network for remote access. In 2017 International Conference on Computing, Communication and Automation (ICCCA) (pp. 716-719). IEEE.
Eckert, T., Balaji, B. L., & Freed, M. (2018). U.S. Patent No. 10,164,938. Washington, DC: U.S. Patent and Trademark Office.
Friedman, R. B., Parekh, S. M., Tibrewala, N. K., & Lutch, B. (2018). U.S. Patent No. 9,900,284. Washington, DC: U.S. Patent and Trademark Office.
Gauthier, J. J., Bryant, M. S., Heffernan, R. J., Mariani, L. A., Musoke, J. B., Carlson, J. F., & Klatte, D. (2018). U.S. Patent No. 10,110,605. Washington, DC: U.S. Patent and Trademark Office.
Gupta, V., Kaur, K., & Kaur, S. (2018). Developing small size low-cost software-defined networking switch using raspberry Pi. In Next-generation networks (pp. 147-152). Springer, Singapore.
Hopen, C., Tomlinson, G., Anandam, P., Young, B., Flagg, A., & O’reilley, J. M. D. (2017). U.S. Patent No. 9,628,489. Washington, DC: U.S. Patent and Trademark Office.
Ikhalia, E., Serrano, A., Bell, D., & Arreymbi, J. (2017). DEVELOPING AND IMPLEMENTING TTAT-MIP FOR THE AVOIDANCE OF MALWARE THREATS THROUGH ONLINE SOCIAL NETWORKS. IADIS International Journal on WWW/Internet, 15(1).
Kitagawa, T., Ala, S., Eum, S., & Murata, M. (2018, January). Mobility-controlled flying routers for information-centric networking. In 2018 15th IEEE Annual Consumer Communications & Networking Conference (CCNC) (pp. 1-2). IEEE.
Kumar, A., & Wilcke, W. W. (2020). U.S. Patent No. 10,671,910. Washington, DC: U.S. Patent and Trademark Office.
LaPlant, K., & Hutchinson, S. (2019). Computer Security Awareness. Minnesota Summit on Learning & Technology.
Lee, H. C., & Yang, P. (2019). U.S. Patent No. 10,292,189. Washington, DC: U.S. Patent and Trademark Office.
Parker, B. J. (2017). U.S. Patent No. 9,680,870. Washington, DC: U.S. Patent and Trademark Office.
Paunikar, A., & Singh, B. (2019). U.S. Patent No. 10,291,580. Washington, DC: U.S. Patent and Trademark Office.
Rajib, N. (2017). Cisco Firepower Threat Defense (FTD): Configuration and Troubleshooting Best Practices for the Next-Generation Firewall (NGFW), Next-Generation Intrusion Prevention System (NGIPS), and Advanced Malware Protection (AMP). Cisco Press.
Reid, A. (2017). The European court of justice case of Breyer. Journal of Information Rights, Policy and Practice, 1(2).
Singh, S., & Dhillon, N. S. (2016). PERFORMANCE ANALYSIS OF THE FIBER DISTRIBUTED DATA INTERFACE NETWORKS ON THE BASIS OF EFFICIENCY & RESPONSE TIME. Editorial Board, 5(4), 232.
Smith, J. K., & Pierce, R. (2016). U.S. Patent No. 9,240,930. Washington, DC: U.S. Patent and Trademark Office.
Smith, N. M., Castelino, M. R., & Vipat, H. (2020). U.S. Patent No. 10,552,638. Washington, DC: U.S. Patent and Trademark Office.
Tirosh, O., & Werner, E. (2018). U.S. Patent No. 9,917,863. Washington, DC: U.S. Patent and Trademark Office.
Tomar, S. S., Chaudhari, S., Maurya, V. K., Rajan, A., & Rawat, A. (2018). Secure setup for remote access/control of scientific instruments over internet. In Proceedings of the eighth DAE-BRNS Indian particle accelerator conference.