Вы находитесь на странице: 1из 36

welcome to our presentation

Presented by:
Selamawit Hunelegn

Abiy Girma
Eskinder Getachew

INTERNSHIP PROJECT
VISION2000 LAN DESIGN AT

INSA
(information network security agency)

Content
Background about the company

Problem statement
Objective Project Conclusion and recommendation Internship experiance

Background of the company


INFORMATION NETWORK SECURITY AGENCY (INSA)
Government institution

established in 2000 E.C

Currently it is one of the

most competitive intelligence institution in our country


4

Product and service


o Software development o Hard programming o Network and network security

contd

Some of the product of INSA


o Digital Audio Recording and Archiving System (DARAS)
o Answering Machine o Digital Video, Audio and Image Archiving System (DVAIAS) o Land Information (cadastre) system

o Emergency and Risk Management System (ERMS)


o Secure Data Communication System(SDC)

Project
We have been working on network department

They gave us all the requirement to design LAN

for a company named VISION2000 We analyzed the requirements and come up with some problems

problem
All the traffic go to one switch (back bone) cause traffic congestion If the backbone switch fail the whole network will goes down Not scalable
o No reserved IP address o Doesnt support network device from another vender

no server based antivirus system and susceptible to intruder


7

Objective of the project


design and implement secure, reliable, and

affordable network infrastructure which


enable the company to communicate easily and efficiently.

contd..
We believes that this network design offers the

following features
Scalable network LAN Up-to-date technology performance Security Availability Manageable Adaptability Affordability
9

Requirements of VISION2000
The design and deployment of LAN that support

network infrastructure like


Website

Internet Mail

10

Scope of the project

Design and deployment of network


That is suitable for application like the company website, mail,
Internet and other information system.

With high security


secure the data center server

Creating different access level for the users of the company.

11

contd..
Expected application that can run in these

network infrastructure
Dynamic website Internet Mail Antivirus

12

LAN Design
Goal of LAN design

is to meet requirement of the Vision 2000

by creating scalable, available, secure, good


performance and affordable local area network.

13

contd..
the design have the following consideration
LAN protocols and technology considerations; LAN device considerations;

14

contd
Network devices

Access Switch:
Cisco catalyst 2960 used to connect workstations.

Distribution switches:
Cisco catalyst 4507 There are two, including redundancy, Cisco distribution switches in the Vision 2000

LAN.
Routing and policy based security will be configured in these switches Serves as a DHCP server for the internal workstations. VLANs should be created to separate traffic flows among different VLANs. Other best practice security configurations will be implemented

15

VLANs , IP Planning & protocols

VLAN Planning
Number of

When planning VLAN we consider :VLAN (based on department)


(based on the requirement)

Number of user per VLAN


VLAN range

(based on common work function or access level)

16

VLAN Group
VLAN name VLAN 10 VLAN 20 VLAN 30 ASSIGNED TO Student Meeting Hall Research IP ADDRESS 172.20.0.0/23 172.20.2.0/24 172.20.3.0/25

VLAN 40
VLAN 50 VLAN 60 VLAN 70 VLAN 80
17

Support
Server Administration Store Server 2

172.20.3.128/27
172.20.3.160/28 172.20.3.192/28 172.20.3.208/28 172.20.3.176/28

contd..
IP addressing and name planning

IP addressing: Class b Private IP address (ipv4)- for all internal network NAT-to map the internal private address to public address

so that users can surf the web

VLSM

18

contd..
VLSM

Variable length subnet mask


No wastage of IP address

**it is recommended to leave extra host bit beyond the

requirement of Vision 2000.

19

contd..
name planning

the names are short and meaningful


to simplify network management

are assigned to
switches
Servers Hosts

Other resources

20

Naming system
Device Name VS_FLG_SR_AS00 VS_FL2_AD_AS00 Description Vision ground floor Store Access Switch 0 Vision second floor Administration Access Switch 0

VS_FL2_SU_AS00 VS_FL2_SE_AS00 VS_FL3_RE_AS00 VS_FL3_RE_AS01 VS_FL4_ST_AS00 VS_FL4_ST_AS01 VS_FL4_ST_AS02 VS_FL1_MH_AS0

Vision second floor Support Access Switch 0 Vision second floor Server Access Switch 0 Vision third floor Research Access Switch 0 Vision third floor Research Access Switch 1 Vision fourth floor Student Access Switch 0 Vision fourth floor Student Access Switch 1 Vision fourth floor Student Access Switch 2 Vision first floor Meeting Hall Access Switch 0

21

Selecting switching and routing protocol

Selecting switching

protocol
VLAN tagging

protocol
since we used VLAN the interconnected switch need the IEEE 802.1q standard protocol to support these VLAN
22

contd..
o IEEE 802.1Q
Establish Standard method for tagging Ethernet frames Intended to address the problem of how to break large

network into smaller part so broadcast and multicast traffic would not grab more bandwidth than necessary

for security between segment of internal network

23

contd..
Spanning tree protocol (STP) : IEEE 802.1D
o why STP ?

To stop looping due to multiple active path between network nodes

o looping cause:-

broadcast packet to be forwarded endlessly between switches


(consuming all available bandwidth)

the same MAC address to be seen on multiple port causing the switch forwarding function to fail

24

contd..
o In this network design

since redundant connection is used STP allows: automatic backup path if an active link fails without the danger of bridge loop and manual enable/disable
o For this network we choose RSTP

why RSTP?
because STP has slow convergence of up to 30 to 40 sec underutilized links and lack of load balancing mechanism

25

Routing protocol

OSPF routing protocol is selected because :


With OSPF, there is no limitation on the hop count. It is an open standard it uses SPF algorithm to compute the best

path to any known destination


OSPF ensures a loop-free topology with fast convergence The updates are not broadcast but multicast It is industry standard protocol

It is not limited by the size of the network


It is very flexible

26

Vision2000 LAN design

27

Security design architecture


o most important part of network design

Without security : the network can easily be attacked by intruders and cause a lot of problem

o physical security

refers to
protection of building site and equipment from theft Man made catastrophe and accidental damage

28

contd..
Security mechanism recommended for datacenter
CCTV system to watch who is inside the room and doing
what Alarm system when irregular activity in server room Fire detection and protection system in server room

o perimeter security (at the Internet edge)


to protect the network from external intruder (intruder

on web)
Cisco firewall ( Cisco ASA 5500 series firewall and IPS
29

module)

contd..
o server farm security
all critical data are located here

so it must be protected from external and internal intruder unauthorized user Virus and malicious code
To protect this server farm

** redundant Cisco ASA 5500 series firewall and IPS module

will be deployed **

30

contd..
o Anti-x
server based antivirus will be configured

to keep the LAN from malicious software such as Virus Worms Trojan horses
We will use kaspersky anti virus

provides
anti virus anti spam anti spy ware

31

result
we find that
our network is secured, scalable, reliable,

manageable and affordable . Users can get IP address dynamically. Clients can update their antivirus from the server We have different access level for the users of the company.

32

Conclusion
The network has good performance because we divide the traffic

33

from users into the redundant switches and the users are divided into different vlans The network is secured from viruses, malicious code and intruders because in this project we use firewall, access control list configuration on switches and there is also server based antivirus. The network is easy to manage because the users are divided into valns groups that is based on access level and departments. and also each network device has organized naming system, which makes it easy to troubleshoot and configure . The problem of network failover is solved due to the redundant switches the network is scalable because in the configuration we choose industry standard protocols not Cisco proprietary

Recommendation
Application

These network design is applicable to medium sized business enterprises

Future work
It is recommended that the company add redundandent core

switch which give the network high performance. The redundandent core switch is used for fast packet switching. And also it is recommended that the company to have a database server. It simplifies file management and also secure from an authorized access.

34

Internship Experience
Working processes in companies

Work ethics
Personal skill

35

Thank you

36