计算机网络安全

Submission date: Dec / 11th / 2011Member’s informationSurname(Print)Initials: ID numbers Member1………………………Member2………………………DECLARATIO NI/we hereby certify that this assignment is entirely my own work, except where I/we have acknowledged all material and sources used in the preparation of this assignment.I/We certify that I/we have done all typing/keystrokes.I/We also certify that the material contained in this assignment has not previously been submitted for assessment in any formal course of study, and that I/we have not copied in part or whole, or otherwise plagiarised the work of other students and/or persons.Name & Signature1: ____________________________________ Date: ___/_____/_____ Name & Signature2: ______________________________________Date: ___/_____/_____Table of contents Introduction of Problem (3)Assumptions + justification of assumption (4)Network requirements (5)Network design (7)Security (11)Future developments and new technologies (12)List of References including web URLs (13)Induction Of the ProblemOur group were hired to design a new network and security for the FRREDOM Finance, Insurance & Taxation Company that wants to expand three new branch offices.The main City Office is located in the centre of the city, while the three branches are in the suburb. In this case, we are going to handle the issue which can be divided into three main parts. First of all, we should design the topology of the terminals in each office and the main structure of the four offices. Then, the transmission equipment that used in each branch and main office, as well as that between each branch and the main City Office, has to be taken into consideration according to the different need of speed and inquiries per day. Besides, the cost of all the equipment is also an important part to consider for the company wants the equipment to be cheap and fine.Therefore, five network topology diagrams are needed, and you will see them in some following pages.Assumptions + justification of assumptionFirst of all, the main City Office connects the three branches by using VPN , for VPN can help reduce the cost while providing better quality of security. Network-to-Network tunnels are used by VPN as they often use passwords or digital certificates which allow the tunnels to establish automatically and without intervention from the user.Secondly, the topology of the main City Office can be hierarchical LAN due to the structure of ten-story-building, as each floor can be equipped with a switch by using UTP. Besides, each floor can have a individual WLAN by setting two or three wireless access points, considering each terminals should have a fine transmission speed.What’s more, the topologies of the three branches, country office,university office and South-east office, are quite similar. For the number of terminals in each branch is relatively small, LAN or WLAN would both be OK.Network requirementThe requirements vary from different inquiries for each office.We can see the differences from the table below.Office Inquiry(per day) Bandwidth for switchCountry Office 200 150KUniversity Office 500 375KSouth-East Office 150 112.5KMain City Office 5850 4.4MThe main office has to control the three branches , so a good sever and database are needed, for it has to ensure that client can share their files and data, which brings convenience to the communication between each department. Besides, the bandwidth of the core switch used by the main office is the largest among the four offices. There is a peak inquiries at 600 per hour during three hours a day, which has to be taken into consideration. Considering the hilly nature and the cost, ADSL (an A TM tecnology) has been chosen, which is cheaper than DDS leased line and optical fiber. Finally, the safeguard is needed for the four offices, so firewall and network anti-virse software is a must.List of devices used in four offices:Device Name Brand Model Price FeatureGiven Sever(used in mainoffice)Sever(used inbranches)Lenovo T100 G11 S6202G/500S￥6588Frequency: 2.6 GHzmemory capacity: 2 GBmaximum memory capacity:32 GBstandard hard drivecapacity: 500 GBDatabase GivenADSL Router Cisco RV042￥1150 VPN RouterSpeed: 10/100Mbps Number of WAN port: 2 Number of LAN port: 4Firewall Cisco ASA5505-UL-BUN-K9￥4800 VPN Router Throughput:150MCore Switch TP-Link TL-SL1226￥560 Speed:10/100/1000MbpsWorkgroup Switch TP-Link TL-SF1024S￥440Speed:10/100MbpsWireless Router TP-Link TL-WR941N￥260Speed:300Mbps Number of WAN port: 1 Number of LAN port: 4Optical Fiber D-Link DFCAO62GST16￥100/mMultimode Number of core:16UTP CA TS Ordinary ￥85/box Not GivenNetwork designMain StructureInternetUniversity OfficeCountry Office South-east OfficeMain City OfficeA D S LA D SL A D S LADS L VP NV P NV PNThe diagram shows that the main City Office establishes connection with three branches by using VPN to create a W AN among the four offices. Considering the low , high security and hilly nature of region, VPN would be the best choice and tunnel technology is needed.The main City OfficeInternetA D SLSeverCore SwitchSwitchSwitchSwitch…………10Workgroup Switches For 10FloorsWireless Router………Wireless Router………Wireless Router………VPN RouterDatabaseLimitationThe main City Office uses VPN to connect other offices, while in the main office, a ten-story-building , a hierarchy topology is chosen for different departments that on different floors may have their own WLAN. Each WLAN can visit the shared sever and database through the core switch and workgroup switches.The Country OfficeInternetWireless RouterThe Country OfficeCore SwitchThe University OfficeInternetCore SwitchWireless RouterWireless RouterWireless Router…………25 terminalsThe University OfficeThe South-East OfficeInternetThe South-East OfficeSeverCore SwitchWireless Router………8 terminalsSecurityAs a large enterprise, FRREDOM must have a mature technology to resist external Internet attacks. Information security in Network environment involves not only encryption , anti- hacker , anti-virus but also any other legal policy issues. Besides, the technical problem is the most direct method to ensure information security. Generally, the goal of information security is to control the information on the import and export strictly through the system security configuration, application firewalls and intrusion detection, security scanning and network anti-virus technology. At the same time, all the devices on the network should be detected , analyzed and evaluated. The most important is that, they must have a unified security management platform. In this platform, a series of operations could be carried on.Considering the overall security of the network, it is necessary to use two cisco pix535 firewall. One is to isolate service network and enterprise inner network,another is to isolate Internet and enterprise network. Among them, DNS,mail and other external server connect is isolated from internal and external gateway in the firewall DMZ zone.In addition, they should deploy CA intrusion detection system and install network intrusion detection agents controlled by central station in different segments to detect and respond the network intrusion.In ordinary circumstances, corporate network has www, email , domain , video server and inportant database server. For managers, the can't exactly understand and resolve problems about each server system and the the whole network security vulnerabilities. So they need get help from vulnerability scanning tools scanning, analysis and evaluation regularly, and reporting the weaknesses and loopholes in system, assessing security risks, recommending remedial measures to enhance network security purposes.In terms of anti-virus, managers could use Symantec network anti-virus software and establish enterprise-wide anti-virus system to protect server and all computer equipments comprehensively. In network center, they need set up virus protection management center, and create all the computers in the same area through it. Via the main server in anti-virus management domain, managers can formulate a unified anti-virus strategy, set field scanning operation, and make system search and kill viruses automatically.In intranet, administrator must manage passwords for all devices and void using the same password on different systems. Besides, it should have uppercase and lowercase letters, characters, numbers in password.Finally, it is also important to back up significant data regularly to prevent system crash as a result of hardware and software failures, viruses and hackers destruction, and then suffer great losses. Managers can choose functional, flexible backup software and disaster recovery software to protect data security comprehensively.FutureIn my opinion, information security technology is mainly characterized by four major trends. Overall , the current information security technology is based on network security technology, which is the important direction of the future information security technology development.The first is of credible. This trend is the transition from the traditional concept of computer security to the dependable computing concept as its core of computer security.The next is webifying. The technology and application model's transform caused by popularization of the Internet ,is to further promote the development of information security technologies and the discovery of new technology.The third is standardization. Developed countries pay much attention to the standardization's trend ,and have been permeated into developing countries' attitude to standardization. It is embodied in patent Standardization .Besides, security technology will also be international. The final is integration .It means that single functional technologies and products can turn to which has a variety of functions ,or integrated product with combination of several functions.List of References including web URLs 。