Design Project

LIS 4482 Networking and Telecommunication

12/4/16

Tommy Geary, Kevin Berry, David Williams, Trevor Sears

 Executive Summary

It is our desire to implement a secure, stable, and redundant network using Microsoft
Server 2012 and Active Directory, with internet access via an ISP allowing wifi
access throughout the building. Microsoft Active Directory will be used for Authentication,
Authorization, and Accounting. Authentication provides a way of identifying a user, typically by
having the user enter a valid user name and valid password before access is granted. We will
create accounts for every employee, and assign passwords to each individual upon contact. We
will handle the authorization setup, and provide appropriate access levels for each individual.
Stable desktops with an adequate amount of storage and power will be implemented for
optimal productivity. Locks for the server room will be needed for security purposes. A database
for storing client information, sensitive data, and other needs of the organization will need to be
created. File and print sharing access will be provided. An intrusion detection system as well as a
firewall system will be implemented for security measures.
CAT5e Cabling needs to be installed throughout the building to connect the network. A
pair of 24 port switches to replace the hubs that were damaged will also be installed. One router
and ISP will give us a modem. One server rack with one server, a UPS for power outages and
surge protectors for the computers and hardware will be added. Extra air conditioning in the
server room to keep hardware from overheating will be a necessary addition. Separate wifi
routers for the first and fifth floor will be installed. Microsoft Server 2012 with Active directory
and a DNS for the organizations network will be implemented.

Written Description
For this proposal, our network shall be a fairly simple network, consisting of a main
router connected to our ISP, which then connects to a switch connecting our two VLANs, one for
the first floor, and one for the fifth floor as well as our servers. Both VLANs consists of a router
and a 24 port ethernet switch, which connects all of the workstations on their respective floors,
along with wireless access points on each floor. Each workstation is connected to the wall using
ethernet jacks, and the ethernet cables run through the walls into the ceiling, to the switches in
the comm closet.
All of the equipment will be brand new, as the technology left for us was quite ancient.
We shall purchase 24 new workstations, along with all of the switches, routers, cabling, and
various other things as needed to support the network.
 As a small NPO, the network doesnt need to be a hugely complicated thing, but we
thought it wise to separate the different floors of the building into separate VLANS, or virtual
local area networks. This way we can give the network on the fifth floor different privileges or
options if you so choose. We decided that all new equipment was necessary as the desktops left
were early 2000s technology, some even from the late 90s, and the networking equipment was
all either damaged or non-existent.
Our network equipment will all be placed in the comm closet, with most of it on the first
floor, but with a router and switch on the fifth floor. Most of the workstations will be placed in
the training room, as well as the empty room next to the conference room.
While the network we are implementing isnt overly-complicated; it meets the needs of
the NPO. Our implementations are more than sufficient to support the needs of the user-base in
an effective manner.

Network Policies
Our network will use DHCP to automatically assign IP address to workstations, as
opposed to making every workstation static, as we wont always be using some of the
workstations. We will have a DNS for our LAN network. Our website with information about
our NPO will be off site hosted by hostgator. The website will not allow connections to our
servers or databases through the internet. We will have our servers be private for security
reasons. Any off site access to directories or files will be strictly limited to a Dropbox account
that our system admins will control. If any employee needs access to files on our server we will
give them access to only those files on our Dropbox account. This will add security and allow
limited access remotely on a employee by employee basis. Through Active Directory we can
create groups that have limited access to the directories. This will allow certain groups to what
they need to perform their jobs and restrict them from accessing files that do not pertain to their
job within the NPO. Active Directory will also allow System Administrators to create and delete
user accounts as need be. Users may then be placed into their respective group allowing them
limited access. We believe these policies will allow the NPO to grow in the future without
adding unneeded complexities for our System Administrators.

Security Policies
Microsoft Active Directory will be used for Authentication, Authorization, and
Accounting. We will create accounts for every employee, and assign passwords to each
individual upon contact. Our organization will handle the authorization setup, and provide
appropriate access levels for each individual. We will provide locks and keys for the server room
so only those who are authorized are allowed to enter. A database for storing client information,
sensitive data, and other needs of the organization will need to be created, and security measures
will need to be implemented for it. We will provide appropriate authentication and authorization
for those who need access to the database via the DBMS. An intrusion detection system as well
as a firewall system will be implemented for additional security measures.

Disaster Recovery Policies

The following section outlines our Disaster Recovery Plan, where Disaster Recovery is
defined as the process that occurs in the middle of or after an event that disrupts business. Such
events include,but are not limited to power failures, cyberattacks, environmental disasters,
terrorism, severe weather, riots, or Acts of God.

One of the first aspects to consider is personnel safety and awareness. The NPO will keep
an updated list of employee contacts in the event they needed to be contacted in the event of an
emergency, so alerts can be blasted with continuous updates. The NPO will also have an
emergency evacuation plan in place and posted throughout our rooms, additionally the NPO will
execute various types of drills quarterly to ensure personnel are not caught unawares in the event
of an actual emergency. Additionally, certain medical supplies and fire suppressants will be
placed throughout the building, as well as having key members of the organization being trained
in CPR. Counseling will also provided to personnel if necessary as well.

The building in which business is conducted also has safeguards as well. The venue will
of course have property insurance, which will cover the external and internal properties.
Additionally, we will have cyberattack insurance in the event of a security breach in our cyber
properties. A risk management assessment should be conducted every quarter by authorized
personnel.

To ensure Business Continuity, which is defined as the process of retooling and

ensuring the non-profit can continue operating in the event of a disaster, an alternative venue has
been set up so operations may be continued if the main site is impacted by any type of disaster.
This alternative venue will be structurally designated as cold site meaning that there is a
designated space, however there is no telecommunications infrastructure set-up at the designated
alternative venue and the NPO would require about 12-18 hours to be fully operational at the
cold site in the moment or aftermath of a disaster. Factors contributing to this timetable is backup
equipment retrieval, securing the alternative venue, setting up telecommunications, ensuring all
employees have access as according to least-privilege and securing the alternative venues
telecommunications security policy against opportunistic external cyber threats on a
departmental case-by-case basis. The designation of using a cold site were determined by
availability and budgetary factors.

The NPO has also defined protocol for all physical and electronic files and information.
All essential information whether stored in our databases or servers will be backed up by a
third-party vendor. In the event of cyberattacks, the third-party vendor provides backup copies if
anything is destroyed or altered from a cyber-breach. If a physical disaster impacted operations
at the NPO, then the third-party vendor backup will allow for remote access to such information
and property from the designated alternative venue. Data located on the SQL database and
Microsoft server will be backed up daily through an automated process to the third-party vendor.
Although, the NPO strives for all essential information to be electronic, nonetheless there will be
essential information that will be physically printed on paper or stored on hardware such as
CD-ROM or USB. In the event of a disaster that cripples the main site, a fire-proof cabinet or
safe will be designated so risk to pertinent information stored on physical mediums will be
mitigated.

The NPO also will designate a media relations representative, who is the only authorized
employee to speak to the media in the event of a disaster. Non-designated personnel are not
authorized to speak to the media and any remarks made by such personnel are not considered
official communications of the NPO. The NPO will also work with local emergency
management authorities to coordinate recovery efforts to the main site. This includes assessing
damage, making an insurance claim, or any other action deemed necessary to return to normal
business operations of the NPO. In the event that normal operations cannot be resumed at the
main site, operations will continue at the designated venue. The NPO will work with phone,
internet, mail and application providers to ensure there is no disruption of services. Additionally,
a technology shopping cart will be set up, so any unrecoverable property or technology can be
replaced in a timely manner. Unusable technology such as workstations or desktops will be
sanitized before disposal.

Budget
Item Number required Cost
Dell Precision 5000 20 $20,000
workstations
 Installation Costs 1 $10,000

Office furniture 24 chairs, 12 desks $5,000

iMacs 4 $5,000

Monitors 20 $4,000

Monthly Upkeep 12(months) $2,400

Dell PowerEdge Server 2 $2,000

Cisco RV325 3 $1,000

Office supplies N/A $1,000

Printer/copier 2 $700

Netgear 24 port switch 3 $350

Ethernet jack 24 $150

2000 ft ethernet cable 1 $150

Carbonite Backup 12 (months) $300

Windows Server 2012 2 $400

Windows 10 Pro 24 $0

Office Suite 24 $0

Various Software 24x??? $0-$1,000

Total Estimated $55,000

Appendix A: Physical Diagram

First Floor
Fifth Floor
Appendix B: Logical Diagram
 Appendix C: Bill of Materials
Microsoft SQL Server 2016
Microsoft Server RD2 2012
Microsoft Office Suite 2013
Accounting software?
Access control mechanisms
Office supplies $1000
UPS Battery Backups $1000
Physical data storage 5 4TB HDDs $500
Third-party backup (Carbonite?) $300/year
Alternative cold site venue
Desks/chairs $5000
2000 ft. ethernet cable $150
3 Netgear 24 port switches $350
3 Cisco RV325 routers $999
2 Dell PowerEdge Rack Servers $2000
20 Dell Precision 5000 workstation $20000
20 monitors $4000
4 iMacs $4800
24 ethernet jacks $150
Estimated installation hours: 1 week x 8 hours x 5 people for the wiring, installation of
equipment, and installation of software and network setup
Estimated installation cost: $10000
Estimated Monthly Upkeep: $200

Estimated Total Cost: $55,000