MAJOR PROJECT REPORT

ON

WAN superintendence
and implementation
in leased
telecommunication
circuits

SUBMITTED BY:
Sukhum singh ENROLLMENT NO. A1000715006
 ACKNOWLEDGEMENT

The present work is an effort to throw some light On WAN superintendence

and implemenation in leased telecommunication circuits The work would not

have been possible to come to the present shape without the able guidance,

supervision and help to me by number of people.

With deep sense of gratitude I acknowledge the encouragement and guidance

received by AMITY University who helped and supported me during the course of

completion of my Major project report.

 INDEX

Introduction to Network Security

Introduction to Networking

o What is a Network?

o The ISO/OSI Reference Model

o What are some Popular Networks?

UUCP

The Internet

Risk Management: The Game of Security

Firewalls

o Types of Firewalls

Application Gateways

Packet Filtering

Hybrid Systems

o So, what's best for me?

o Some Words of Caution

Single Points of Failure

Secure Network Devices

o Secure Modems; Dial-Back Systems

o Crypto-Capable Routers

o Virtual Private Networks

CHAPTER-3 DESIGN & IMPLEMENTATION OF NETWORK

 3.1 AT Delhi Main Office
3.1.1 Network Diagram

Server Preparation
3.1.2 Preparation of Primary Domain Controller
3.1.3 Preparation of DNS Server
3.1.4 Preparation of DHCP Server

WorkStation
installation at
3.2 At Delhi Branch Office
3.2.1 Step 1. Installation server (As in Delhi HO)
3.2.2 .Step 2. Joining in Domain (As in Delhi HO)
3.2.3 Step3. Installation of Active Directory (Child Domain Creation)

CHAPTER-4 SECURITIES 113-

125
4.1 configuration of VLAN
4.2 configuration of access list
o

Conclusions

Bibliography
 Introduction to Network Security

Network security is a complicated subject, historically only tackled by well-

trained and experienced experts. However, as more and more people become

``wired'', an increasing number of people need to understand the basics of security

in a networked world. This document was written with the basic computer user

and information systems manager in mind, explaining the concepts needed to read

through the hype in the marketplace and understand risks and how to deal with

them.

Some history of networking is included, as well as an introduction to TCP/IP and

internetworking . We go on to consider risk management, network threats,

firewalls, and more special-purpose secure networking devices.

This is not intended to be a ``frequently asked questions'' reference, nor is it a

``hands-on'' document describing how to accomplish specific functionality.

It is hoped that the reader will have a wider perspective on security in general, and

better understand how to reduce and manage risk personally, at home, and in the

workplace.
 Introduction to Networking

A basic understanding of computer networks is requisite in order to understand the

principles of network security. In this section, we'll cover some of the foundations

of computer networking, then move on to an overview of some popular networks.

Following that, we'll take a more in-depth look at TCP/IP, the network protocol

suite that is used to run the Internet and many intranets.

Once we've covered this, we'll go back and discuss some of the threats that

managers and administrators of computer networks need to confront, and then

some tools that can be used to reduce the exposure to the risks of network

computing.
 What is a Network?

A ``network'' has been defined[1] as ``any set of interlinking lines resembling a

net, a network of roads || an interconnected system, a network of alliances.'' This

definition suits our purpose well: a computer network is simply a system of

interconnected computers. How they're connected is irrelevant, and as we'll soon

see, there are a number of ways to do this.

The ISO/OSI Reference Model

The International Standards Organization (ISO) Open Systems Interconnect (OSI)

Reference Model defines seven layers of communications types, and the interfaces

among them. (See Figure 1.) Each layer depends on the services provided by the

layer below it, all the way down to the physical network hardware, such as the

computer's network interface card, and the wires that connect the cards together.

An easy way to look at this is to compare this model with something we use daily:

the telephone. In order for you and I to talk when we're out of earshot, we need a

device like a telephone. (In the ISO/OSI model, this is at the application layer.)

The telephones, of course, are useless unless they have the ability to translate the

sound into electronic pulses that can be transferred over wire and back again.

(These functions are provided in layers below the application layer.) Finally, we
get down to the physical connection: both must be plugged into an outlet that is

connected to a switch that's part of the telephone system's network of switches.

If I place a call to you, I pick up the receiver, and dial your number. This number

specifies which central office to which to send my request, and then which phone

from that central office to ring. Once you answer the phone, we begin talking, and

our session has begun. Conceptually, computer networks function exactly the same

way.

It isn't important for you to memorize the ISO/OSI Reference Model's layers; but

it's useful to know that they exist, and that each layer cannot work without the

services provided by the layer below it.

Figure 1: The ISO/OSI Reference

Model
 What are some Popular Networks?

Over the last 25 years or so, a number of networks and network protocols have

been defined and used. We're going to look at two of these networks, both of

which are ``public'' networks. Anyone can connect to either of these networks, or

they can use types of networks to connect their own hosts (computers) together,

without connecting to the public networks. Each type takes a very different

approach to providing network services.

UUCP

UUCP (Unix-to-Unix CoPy) was originally developed to connect Unix hosts

together. UUCP has since been ported to many different architectures, including

PCs, Macs, Amigas, Apple IIs, VMS hosts, everything else you can name, and

even some things you can't. Additionally, a number of systems have been

developed around the same principles as UUCP.

 Batch-Oriented Processing.

UUCP and similar systems are batch-oriented systems: everything that they have

to do is added to a queue, and then at some specified time, everything in the queue

is processed.

Implementation Environment.

UUCP networks are commonly built using dial-up (modem) connections. This

doesn't have to be the case though: UUCP can be used over any sort of connection

between two computers, including an Internet connection.

Building a UUCP network is a simple matter of configuring two hosts to recognize

each other, and know how to get in touch with each other. Adding on to the

network is simple; if hosts called A and B have a UUCP network between them,

and C would like to join the network, then it must be configured to talk to A and/or

B. Naturally, anything that C talks to must be made aware of C's existence before

any connections will work. Now, to connect D to the network, a connection must

be established with at least one of the hosts on the network, and so on. Figure 2

shows a sample UUCP network.

 Figure 2: A Sample UUCP Network

In a UUCP network, users are identified in the format host!userid. The ``!''

character (pronounced ``bang'' in networking circles) is used to separate hosts and

users. A bangpath is a string of host(s) and a userid like A!cmcurtin or C!B!A!

cmcurtin. If I am a user on host A and you are a user on host E, I might be known

as A!cmcurtin and you as E!you. Because there is no direct link between your

host (E) and mine (A), in order for us to communicate, we need to do so through a

host (or hosts!) that has connectivity to both E and A. In our sample network, C has

the connectivity we need. So, to send me a file, or piece of email, you would

address it to C!A!cmcurtin. Or, if you feel like taking the long way around, you

can address me as C!B!A!cmcurtin.

The ``public'' UUCP network is simply a huge worldwide network of hosts

connected to each other.

Security is everybody's business, and only with everyone's cooperation, an

intelligent policy, and consistent practices, will it be achievable.

CHAPTER 3
DESIGN & IMPLEMENTATION
OF NETWORK
3 DESIGN & IMPLEMENTATION OF NETWORK

Fig.8 Network to be implemented

 Configuration
At
Delhi Main Office
We have 30 Machines in our Delhi office; four of them are used as Servers & rest are
used as clients

3.1 Network Diagram:

Fig.9
Domain Controller( Which Maintain The centralized Control)
- Operating System Windows 2003
- IP Address 192.168.0.2
- Active Directory to Martian Centralized Control
- Full Control to Administrator
- User Access 30 users having Different rights
Additional Domain Controller( Which Maintain The centralized Control)
- Operating System Windows 2003
- IP Address 192.168.0.200
- Backup of Active Directory
- Full Control to Administrator
- User Access 30 users having Different rights
DNS Server ( Which Resolve The Domain Name Into IP Address)
- Operating System Windows 2003
- IP Address 192.168.0.3
- DNS Configuration
- Member of Domain

DHCP Server (Which Provides the IP Addressees to Client Machines)

- Operating System Windows 2003
- IP Address 192.168.0.4
- DHCP Scope Range 192.168.0.5 to 192.168.0.30
Workstations
- Operating System Windows 2000 professional
 - IP Address Assign By DHCP Server
- Member of Domain
- User Access 30 users with having Different
rights
Network Devices
- Two 16 ports Layer-3 Manageable Switches (for
VLAN)
- One Router
- CISCO
- IP Address 192.168.0.1
- UTP Cable

Configuration of
 DNS Server
At
Delhi Office

Step 1. Installation of windows server Operating System

Step 2. IP Configuration (192.168.0.3)

Step 3. Installation of DNS

The Active Directory Installation wizard offers to install DNS if the wizard does not
detect a proper DNS zone configuration during the installation of Active Directory.
However, you should not rely on the wizard for these tasks. Many bug reports have been
submitted regarding installation bases that relied on the wizard. Also keep in mind that
the Active Directory Installation wizard does not install a reverse lookup zone.

1. Click Start --> Settings --> Control Panel.

2. Double-click Add/Remove Programs and then click Add/Remove Windows

Components.

3. In Components, select Networking Services and then click Details.

4. In Subcomponents of Networking Services, select the Domain Name System (DNS)

check box, click OK, and then click Next.

5. In Copy Files From, type the full path to the Windows 2000 distribution files and
then click OK.
 To host Active Directory, you must properly configure DNS with a zone for the
Active Directory namespace. You should create both zone types for a proper DNS
implementation for your Active Directory namespace that is, a forward lookup
zone and a reverse lookup zone Configure the DNS Zone

Creating a Standard Primary Forward Lookup Zone

1. Click Start, point to All Programs, point to Administrative Tools, and then
click DNS Manager. You see two zones under your computer name: Forward
Lookup Zone and Reverse Lookup Zone.
2. Right click Forward Lookup Zones and choose to add a new zone.
3. Click Next. The new forward lookup zone must be a primary zone so that it
can accept dynamic updates. Click Primary, and then click Next.
 4. The name of the zone must be the same as the name of the Active Directory
domain, or be a logical DNS container for that name. For example, if the Active
Directory domain is named Oriel.com

Type the name of the zone, and then click Next.

5. Accept the default name for the new zone file. Click Next.
6. To be able to accept dynamic updates to this new zone, click "Allow both no
secure and secure dynamic updates". Click Next.

7. Click Finish.
You should now make sure your computer can register itself in the new zone. Go to
the Command Prompt (CMD) and run "ipconfig /registerdns" (no quotes, duh...). Go
back to the DNS console, open the new zone and refresh it (F5). Notice that the
computer should by now be listed as an A Record in the right pane.

If it's not there try to reboot (although if it's not there a reboot won't do much good).
Check the spelling on your zone and compare it to the suffix you created in step 1.
Check your IP settings.

Creating a Standard Primary Reverse Lookup Zone

we can (but you don't have to) also create a reverse lookup zone on your DNS server.
The zone's name will be the same as your TCP/IP Network ID. For example, if your
IP address is 192.168.0.200, then the zone's name will be 192.168.0 (DNS will
append a long name to it, don't worry about it). You should also configure the new
zone to accept dynamic updates. I guess you can do it on your own by now, can't
you?
Configuration
Of
DHCP Server
At
Delhi office
3.1.4 Step for the Preparation of DHCP Server

Step 1. Installation of windows server Operating System

Step 2. IP Configuration (192.168.0.4)

Step 3. Setting up a DHCP Server

Installing the DHCP server is made quite easy in Windows 2003. By using the "Manage
your server" wizard, you are able to enter the details you require and have the wizard set
the basics for you. Open to "Manage your server" wizard, select the DHCP server option
for the list of server roles and press Next. You will be asked to enter the name and
description of your scope.
Scope: A scope is a collection of IP addresses for computers on a subnet that use DHCP.

The next window will ask you to define the range of addresses that the scope will
distribute across the network and the subnet mask for the IP address. Enter the
appropriate details and click next.
You are shown a window in which you must add any exclusions to the range of IP
addresses you specified in the previous window.

It is now time to set the lease duration for how long a client can use an IP address
assigned to it from this scope. It is recommended to add longer leases for a fixed network
(in the office for example) and shorter leases for remote connections or laptop computers.
In this example I have set a lease duration of twelve hours since the network clients
would be a fixed desktop computer in a local office and the usual working time is eight
hours.
You are given a choice of whether or not you wish to configure the DHCP options for the
scope now or later. If you choose Yes then the upcoming screenshots will be of use to
you. Choosing No will allow you to configure these options at a later stage.
The router, or gateway, IP address may be entered in next. The client computers will then
know which router to use.

In the following window, the DNS and domain name settings can be entered. The DNS
server IP address will be distributed by the DHCP server and given to the client.
If you have WINS setup then here is where to enter the IP Address of the WINS server.
You can just input the server name into the appropriate box and press "Resolve" to allow
it to find the IP address itself.
The last step is to activate the scope - just press next when you see the window below.
The DHCP server will not work unless you do this.

The DHCP server has now been installed with the basic settings in place. The next stage
is to configure it to the needs of your network structure.

3.1.6 Step 1 Installation of Client Operating System

Requirements:
Windows Server 2000 CD
The server's name
A CD key if using non-IU published media
Phase 1: VGA Install
1. Boot to the Windows Server 2000 CD
2. Press Enter to start the installation
3. Press F8 to accept the licensing agreement
4. Use the arrow keys to select the partition on which to install server, or press "c" to
create a partition on which to install server. (A partition of at least 4GB is
recommended)
5. Format the partition using NTFS
6. Let Setup copy files
7. Reboot

Phase 2: GUI Install

1. Installing devices: Let setup detect hardware

2. Regional settings: Accept the default settings and click next
3. Personalize your software: Enter your name and organization
4. Your product key: Enter the 25-character key from the CD sleeve.
5. Licensing modes: Select "Per Device or Per User"
6. Computer name and administrator password:
- Enter in your computer name and local administrator password (use the correct
naming convention as outlined at Date and time settings: Adjust the clock to the
correct time and select "(GMT .05:00)Indiana (East)" time zone
7. Workgroup or computer domain: Leave it in workgroup mode and proceed,
8. Installing components : Wait for setup to copy files
9. Finalizing installation : Wait for setup to complete its needed tasks
10. Done
Click Finish to end setup
3.1.7 Step 2.DHCP Client Configuration

1. Right-click My Network Places and then click Properties.

2. Right-click Local Area Connection and then click Properties.

3. Click Internet Protocol (TCP/IP), and then click Properties.

3. Click on to obtain the IP Automatically From DHCP Server
3.1.8 Step 3. Joining of Client with Domain

To join Client machine in Domain:

Right Click on My Computer --> Properties -->Network Identification-->

 Configuration
At
Delhi Branch Office
We have 15 Machines in our Delhi office; three of them are used as Servers & rest are
used as Clients

Fig.-10

Additional Domain Controller( Which Maintain The centralized Control)

- Operating System Windows 2003
- IP Address 192.168.10.2
- Active Directory to Martian Centralized Control
- Full Control to Administrator
- 15 users having Different rights
DHCP Server (Which Provides the IP Addressees to Client Machines)
- Operating System Windows 2003
- IP Address 192.168.10.3
- DHCP Scope Range 192.168.10.4 to
192.168.10.16
Workstations
- Operating System Windows 2000 professional
- IP Address Assign By DHCP Server
- 15 users having Different rights
Network Devices
- One 16 ports Layer-3 Manageable Switches (for
VLAN)
- One Router
- CISCO
- IP Address 192.168.10.1
- UTP Cable
Installation of the SECOND DC in an EXISTING DOMAIN in and EXISTING
FOREST.

Here is a quick list of what you must have:

An NTFS partition with enough free space

The Domain Admin's username and password

The correct operating system version

A NIC(network interface card)

Properly configured TCP/IP (IP address, subnet mask and - optional - default
gateway)

A network connection (to a hub or to another computer via a crossover cable)

A persistent and un-interrupted connection with the domain's existing DC

An operational DNS server which holds the relevant SRV Record

information for the AD domain and forest

The Domain name for the domain that you want to join
 CHAPTER - 4
CONFIGURATION
OF
SECURITY
IMPLEMENTATION

To configure PDC for auto enrollment of computer certificates, perform the following
steps.
1. Open the Active Directory Users and Computers snap-in.
2. In the console tree, double-click Active Directory Users and Computers,
right-click the Oriel.com domain, and then click Properties.
3. On the Group Policy tab, click Default Domain Policy, and then click Edit.
4. In the console tree, open Computer Configuration, then Windows Settings,
then Security Settings, then Public Key Policies, then Automatic Certificate
Request Settings. This is shown in the following figure.
5. Right-click Automatic Certificate Request Settings, point to New, and then
click Automatic Certificate Request.
6. On the Welcome to the Automatic Certificate Request Setup Wizard page,
click Next.
7. On the Certificate Template page, click Computer. This is shown in the
following figure.

8. Click Next. On the Completing the Automatic Certificate Request Setup

Wizard page, click Finish. The Computer certificate type now appears in the
details pane of the Group Policy Object Editor snap-in. This is shown in the
following figure.

Type gpupdate at a command prompt to update group policy on PDC.

 VLAN CREATION
To provide more Security to the Network we can use manageable Switch & the

BIBLIOGRAPHY

VPNs: A Beginners Guide, By Mairs, John

DNS on Windows Server 2003, Third Edition , By Cricket Liu, Matt Larson, Robbie
Allen

Cisco WAN Switching Professional Reference, By Tracy Thorpe

Teach Your Self

ISBN :- 8176352489

Authors :- Kuo Peter Pence John

Publisher :- Techmedia

IP Network Design

-Cormac Lang

Computer Network

-Tannenbaum
Websites:

www.cisco.com

www.lammle.com

www.globlenettraining.com

www.oreilly.com

Routersim.com