Вы находитесь на странице: 1из 11

Non-Profit Organization - Network Design

Project
Managing Networks and Telecommunications
LIS4482
December 4, 2015
Nick Orluski, Mike Kennedy, Marco Carvallo, Mike Peritz

Executive Summary

We want to be able to connect our organization throughout our building in a cost effective way.
We have a lot of employees and we were even offered some older computers that we will implement into
our system. We need to have all of our computers setup based on the roles of the employees/volunteers.
Our office is on two levels of the same building and it is up to us to put the appropriate technologies to
use in order to have the whole organization connected correctly.
Our organizations goal is to provide technology to those less fortunate. We set up technology
labs all over the country for those that cant afford computers for themselves. Our labs are in libraries,
after school programs, and local community centers all across the country. Our team consists of one
director, four full time people, seven-part time people, and 35 interns/volunteers. We need this large
center in order to house our servers that support our website, email, and data, and have everyone
connected to the same network.
We want to stream-line the communication process between our team. Have our staff have
internet connection at all times in order to do research. Our mail server will be housed and we want our
employees to be able to connect with each other as well as our clients. We also host our website from our
own servers so everyone with internet access can view our mission and see what our organization is
about.
For the wiring throughout the facility that will connect all of our users will be CAT5 cable. We
will house a lot of servers in the building. This is because we will be housing everything internally such
as our web server for the site, mail servers, and even just our data. There will be computers and monitors
to go with each. We will also need to set up routers and switches in the server room with the rest of the
main hardware for the network. Each desk will have an analog phone that will attach into analog ports in
the wall.

Network Description
Our network consists of three different subnets. The first one is the DMZ subnet that is behind
our external firewall. The other two subnets are behind our internal firewall in order to further protect
them from harm through the Internet. The first of these subnets is a place for our internally used servers
for things such as storage, application hosting, and printer management. The other internal subnet houses
the workstations of the organizations employees. The on top of managing these devices, a systems
administrator would also be in charge of managing the three switches in the building, the two routers, and
the two physical firewalls.
Appendix A shows the physical view of our created network. The layout shows how the
computers, monitors, servers, routers, switches, and firewalls are distributed throughout the multi-storied
building that our non-profit is in. There are also printers connected through the print server throughout the
building. Everything is physically connected to something else in order for it to be connected to the
network. For example, we have servers connected to switches, which then go through routers to connect
to other subnets. There are firewalls that data must pass through in order to get to certain parts of the

network. CAT5 cable is shown to connect all of the devices with one another forming a physical network,
excluding wireless from it.
Appendix B shows the logical view of the network. It shows the devices used on the network
along with their corresponding IP addresses. The speed of the network is also seen throughout. This is
provided by the Internet Service Provider (ISP) that is at the demarcation point in the room labeled as
demarc point on the first level of the building. The logical diagram shown in Appendix B depicts the
devices as they may look in real life, and includes the connection between them. There is a hierarchical
outline in the flow of the network. At the top we have the Internet and the connection to any user in the
world. This trickles down through the firewalls and gets further into the network as it goes along. The
more inner parts of the network are more vulnerable so they need to be more protected than other parts of
the network.
Appendix C shows the cost breakdown of setting up the network from scratch. Although some
aspects were donated to us (which is mentioned in the Budget section of this paper), we were still left in
charge of covering a majority of the costs of setting up this organizations system. We can see a
breakdown of all devices and misc. hardware and software that is needed for the network to operate
efficiently. There is a grand total presented towards the end of the document that includes all of the
necessary items added up. The grand total of this project comes to about $65,000 give or take. We
currently can only estimate the costs of the project, because so many things can affect the total outcome
of this network setup.

Network Policies
There are many different network protocols used throughout the non-profits network. Protocols
are in place to keep rules in place in order for the correct transmission of data. For example, we have
SMTP for our email servers. SMTP stands for Simple Mail Transfer Protocol. It is located on port 25 on
the server and can come from any port on the workstation computers. These rules will be set on the
firewalls that divide, the Demilitarized Zone (DMZ) subnet from the internal workstations of the network.
We also have File Transfer Protocols (FTP) on ports 21, in place because we have an FTP server in the
DMZ subnet of our network behind our external firewall. FTP is a protocol relating to the file transfer
through the Internet. We want this in order to have files to be downloadable through the internet that can
be analyzed and monitored before it is exposed to our inner network through our firewall.
We are also concerned with a specific naming convention in our system. This lies within the
Domain Name Service (DNS) server in the DMZ subnet of our network. This is behind our external
firewall, but still outside the inner firewall dividing our internal network of personal computers of our
non-profits employees. The DNS redirects the user directly to the web server once it is known that the
packets sent to it are safe. Port 53 is sent packets from outside on the Internet to the DNS server through
the first external firewall. Once here the packets are analyzed and either dismissed or establish a
connection to the web server that hosts our site. This allows those wanting to view the site, to view it
without being denied access.

The environmental and power issues are few and far between. The environment of the company
makes for the network to extend five levels high to accommodate more employees above the base level
where everything is hosted. They are connected through long CAT5 cable through the riser closet where
our servers reside. The power issues for the network is of little concern. Every server is backed up by two
potential UPSs that can support the servers with power for an hour until the generator kicks in to support
their power concerns.
Setup for Network
There are very specific reasons as to why the network is set up the way it is, both physically and
logically. We have established a DMZ subnet in our network that is less protected than the more internal
subnet consisting of the employees workstations. There is also another internal subnet that consists of
servers such as storage and application servers. These firewalls are setup in order to protect our systems
CIA, which stands for confidentiality, integrity, and availability. CIA is related to the different aspects of
security that may be affected from an attack. We also look wanted to house all of our systems like email,
web servers, etc.
The physical layout of our network is based on the rooms we were allowed to rent out. We
received some free computers with the new office space. We ended up keeping and updating 18
computers with Windows 7 in order to meet our organizations needs. We were given 2 floors and
multiple rooms. The layout has some of the higher ups on the fifth floor of the building and the
volunteers, part-timers, and lower ranked employees are on the first floor. Based on the size of the room
and its proximity to major hardware devices, such as servers, we have spread out the computers and
printers accordingly. Once our network is all set up, it is to be monitored by our non-profits system
administrator.

Security Policies
The priorities of our non-profits information security is as such. Only the workers of our
organization may be allowed system access. The higher ranked employees such as the director having the
most privileges above others under them except the systems administrator. We want the organizations
data kept private from outsiders and to only allow very small access to our system in order to connect to
our web server for our site. Our main priority in setting up this network for a non-profit organization was
the security of the data concerning the employees as well as the data concerning people involved with the
organization. The data worth protecting from the organization includes banking funds, information about
the computer labs the non-profit sets up, and even donators information.
User access into our system relies on the credentials that a user inputs. We require a simple
username for our employees that involves the first letter of their first name followed by an underscore and
then their last name. For example, if John Miller wanted to enter our system through his computer, his
username would be j_miller. The passwords for the users have a strict order to follow in order to make
them less hackable than others, less structured ones. A password must contain at least one of each a letter,
number, and special characters. It also needs at least one capital letter in order to make it harder to crack.

Not only that, but everyones password will need to be reset every 90 days and cannot be the same
password as the previous 10 passwords the employee used.
The way that the computers access the system is through an Ethernet connection in the computer
which connects it with Cat5E cable that is in the walls leading to the servers in the server room. The
servers that everyone connects to are physically protected by a cage that surrounds them. The cages
around the servers are locked with a key that only system admins have, which are located in a room that is
also locked by the door. Before packets and other requests enter our system they must pass through our
intrusion detection systems (IDS) and intrusion prevention systems; including our firewalls. One of the
other IDSs that we use is called Snort. This program works at the Network level of IPSs (called NIPS).
Snort is a free, open-source Intrusion Protection System that analyzes traffic and logs incoming and
outcoming packets. There are other software programs that can help find vulnerabilities in a system. One
of the programs is called OWASP ZAP. It can look at our websites vulnerabilities and present them in an
easy to read way in order to fix them. These are just a few examples of what our non-profit uses to
operate efficiently.

Disaster Recovery Policy


All of the companys storage is backed up nightly to an offsite location in another city. Just in
case there is a fire in the building or the servers are destroyed for another reason, our non-profit has the
ability to recover. If this occurs, the it would be possible to regain the lost information from our servers
and we could have it duplicated, yet again in order to have a copy at our facility again. Depending on the
type of problem that occurs, it is also possible to remote into the offsite servers during the recovery time.
This is only something corrupted the data in our servers and not the copy as well.
As far as power concerns go, all of the servers will be backed up by two UPS units, incase one
runs out of juice before the generator can kick on. With that said, there is indeed a generator that the UPSs
plug into from a wall socket. All of the computers, and monitors for the employees, totaling to 40
computers and are going to be plugged into surge protectors from the electrical outlets in the walls. This
will make sure that if there is a storm and lightening hits the building, the computers will not be damaged
from being fried.

Budget
Our budget is broken down in Appendix C. There are other things to account for that are
not provided in the Bill of Materials section. We were given eighteen free computers from the
previous tenants of the space. In order to use them, we first wiped them with DBAN in order to
not jeopardize our systems confidentiality, integrity, or availability. This was a lot of money
saved on our part. There were also nine LCD monitors that we decided to keep in order to
eliminate even further funds down the road.
We tried to get our costs down as much as possible, yet still include all of the things
necessary to allow our non-profit to run efficiently. By hosting, our own web servers as well as

email servers we were able to cut down costs of having a third party monitor and secure our
things. We already planned to implement a good deal of security throughout the network, which
allowed us to spread it to our web and email servers in order to protect them as well. We also
bought larger hardware than is initially needed for our company. This allows us room to expand
in the future without having to upgrade our systems or hardware in order to meet the companys
needs.

Appendix A: Physical Diagram

1st Floor ^

5th Floor ^

Appendix B: Logical Diagram

Appendix C: Bill of Materials


Item

Quantity

Price by Unit

Total

Storage Server (8 drives,


2TB Each)

1 Infortrend ENP8502MD-2T EonNAS Pro


850-2 16TB 8-Bay Tower NAS Server

$5,238.00

$5,238.00

DNS Server

1 Infortrend ENP8502MD-2T EonNAS Pro


850-2 16TB 8-Bay Tower NAS Server

$5,238.00

$5,238.00

Web Hosting Server

1 Infortrend ENP8502MD-2T EonNAS Pro


850-2 16TB 8-Bay Tower NAS Server

$5,238.00

$5,238.00

Email Hosting Server

1 Infortrend ENP8502MD-2T EonNAS Pro


850-2 16TB 8-Bay Tower NAS Server

$5,238.00

$5,238.00

Application Server

1 Infortrend ENP8502MD-2T EonNAS Pro


850-2 16TB 8-Bay Tower NAS Server

$5,238.00

$5,238.00

Print Server

1 Infortrend ENP8502MD-2T EonNAS Pro


850-2 16TB 8-Bay Tower NAS Server

$5,238.00

$5,238.00

FTP Server

1 Infortrend ENP8502MD-2T EonNAS Pro


850-2 16TB 8-Bay Tower NAS Server

$5,238.00

$5,238.00

Switch

3 NETGEAR ProSAFE GS108 Switch - 8


Ethernet Ports

$38.99

$116.97

Router

2 Ubiquiti ERLite-3 Edgemax EdgeRouter


Lite-3 3x Gigabit LAN Ports

$95.99

$191.98

Firewall

2 CISCO ASA 5505 Other Firewall

$355.99

$711.98

Computers

22 Dell Towers (With Contract)

$750.00

$16,500

Monitors

31 Dell Monitors (With Contract)

$40.00

$1240.00

CAT 5E Cable

500 ft.

$49.99

$49.99

Microsoft Office

Office 365 for 45 Users for a Year

$15.00/User

$675

DBAN

DBAN Software

FREE

FREE

Windows 7

2 Microsoft Windows 7 Professional SP1


OEM 64-Bit 30-Pack

$4,095

$8,190

Web Server Software

(Comes with Windows 7 Professional)

FREE

FREE

Air Conditioning Unit

Industrial Portable Air Conditioner w/ Heat,


1.5 Ton 16,800BTU Cool, 18,500BTU Heat,
115V

$3,750

$3,750

Server Rack

3 Middle Atlantic Solid Security Door SSDR8

Komodo Edit

Komodo IDE

$106.50

$319.50

FREE

FREE

TOTAL =

$68,411.42

Вам также может понравиться