Final Project
NETWORK ARCHITECTURE SNHUENERGY INC 3
Network Architecture SNHUEnergy Inc,
Jamie Vaughan
Southern New Hampshire University
10 April 2018
Executive Summary
SNHUEnegry Inc, is a medium sized oil and gas company that is focused on the discovery and drilling of oil-base products. The company wants to grow focused on exploration into a company that also provides the transportation and refinement of its discoveries. This is a big step for the company, and it wants to make sure the communication infrastructure is ready to delivery in the next 12 to 18 months. The current network now give us some concern about impact of losing connectivity between Dallas router and the Memphis router affect to business, communication between the users. The network loses connectivity means lost dollars and lost business opportunities. The application may be impact should be: email, Video Conferencing, Payroll, Accounting and HR. When the router losing connectives the users must waiting on their network to catch up to the speed at which they are working. They have to sit and wait for file transfers, applications to open, attachments to download, and web pages to open. Slow internet causes costly delays in the company operations and work flow management. The risk of just having a single router or switch within Memphis office it could shut down the Memphis site if the router in Memphis down, or switch down. The route traffic takes among different network providers also affects performance.
In the future, the company will extend these services across the WAN by using TCP/IP communication processes, because Wide Area Network (WAN) to connect the two locations. WAN connections vary in bandwidth depending on your needs, and may be set up as a direct connection or a virtual private network (VPN) via the Internet. Either way, connecting your locations will enable better and more secure communication within your business. For Memphis site we will get extra switch and router for back up, in case the single switch, and router down. I would consider security when making any change to company network infrastructure, especially when connecting two sites. I would consider higher level protection network security when expend the network.
Current Network Architecture: Network Applications
The company currently uses these applications: Email, Payroll, Accounting, and Human Resource. The network plays a huge role in application performance management in the company. Per Robbie Harrel in journal article: “Understanding the network application environment” states depending upon server locations and network geography, the traffic patterns can be significantly different for different areas of the network. This requires a wide view of the network in terms of capturing application flows. Therefore we need to understanding and controlling that traffic is critical, and centralizing computing facilities for servers can provide greater visibility without the need to decentralize application traffic capturing capabilities (Harrell, N.D).
Current Network Architecture: OSI Model
The component of the network with the OSI transport layer: switch, router, firewall, PC work stations, servers, application. The device use for network layer is router. Layer 3, the network layer of the OSI model, provides an end-to-end logical addressing system so that a packet of data can be routed across several layer 2 networks (Ethernet, Token Ring, Frame Relay, etc.). Note that network layer addresses can also be referred to as logical addresses. To make it easier to manage the network and control the flow of packets, many organizations separate their network layer addressing into smaller parts known as subnets. Routers use the network or subnet portion of the IP addressing to route traffic between different networks. Each router must be configured specifically for the networks or subnets that will be connected to its interfaces (Simoneau, N.D).
The Firewall device is use in Transport layer of the OSI model, offers end-to-end communication between end devices through a network. Depending on the application, the transport layer either offers reliable, connection-oriented or connectionless, best-effort communications (Simoneau, N.D).
Base on the current network architecture the company use the Internet Layer to uses the source and destination addresses in order to facilitate the movement of data between the Network Access layer and the Transport layer; the data flows from one node on the network to the next node in a path moving toward the final destination by Achetson defines in the article: “The seven Layers of Networking”. Per Achetson the two other common protocols that operate at the TCP/IP Internet layer are derivatives of IP: IP version 4 (IPv4) and IPv6. The devices that typically operate at the Internet layer are routers. The Internet layer of the TCP/IP model corresponds to the Network layer (Layer 3) of the OSI model (Achetson, 2014).
Current network: Physical network devices
Per article: “Exploring the Modern Computer Network: Types, Functions, and Hardware” the network infrastructure contains three categories of network components:
· End devices
· Intermediary devices
· Network media
Hardware comprises the components of the network platform that typically are visible, such as a laptop, PC, switch, router, wireless access point, or the cabling used to connect the devices. Occasionally, some network components may not be visible. In the case of wireless media, for example, messages are transmitted through the air using invisible radio frequency or infrared waves. The physical Computers (work stations, laptops, file servers, web servers)
· Network printers
· VoIP phones
· TelePresence endpoints
· Security cameras
· Mobile handheld devices (such as smartphones, tablets, PDAs, and wireless debit/credit card readers and barcode scanners) (Exploring the Modern Computer Network: Types, Functions, and Hardware, 2013).
The physical of the network with the OSI transport layer: switch, router, firewall, PC work stations, servers, application. The device use for network layer is router. Layer 3, the network layer of the OSI model, provides an end-to-end logical addressing system so that a packet of data can be routed across several layer 2 networks (Ethernet, Token Ring, Frame Relay, etc.). Note that network layer addresses can also be referred to as logical addresses. To make it easier to manage the network and control the flow of packets, many organizations separate their network layer addressing into smaller parts known as subnets. Routers use the network or subnet portion of the IP addressing to route traffic between different networks. Each router must be configured specifically for the networks or subnets that will be connected to its interfaces (Simoneau, N.D).
The Firewall device is use in Transport layer of the OSI model, offers end-to-end communication between end devices through a network. Depending on the application, the transport layer either offers reliable, connection-oriented or connectionless, best-effort communications (Simoneau, N.D).
Current network: Critical Traffic Patterns
According article: “7 factors that an impact your network performance” Annese Team states a network’s limitations are critical areas of concern when performing capacity and performance management. These limitations primarily include the following:
Errors: Network errors can generally be categorized into problems with queuing, latency, and jitter. The data queue can affect network performance in several ways. For example, larger queues increase the wait time, while smaller queues increase the probability of dropped data.
Speed: Pipe size is the amount of data the network can send simultaneously on a single connection. It's often confused with connection speed, although pipe size doesn't actually affect the speed at which data travels between nodes. While hardware capabilities determine the maximum bandwidth that is theoretically available, software mechanisms typically allocate a lower bandwidth for each network service.
Memory: Memory is a computing resource that has requirements in both the data and control planes. The performance of the entire network can degrade when control plane processes fail, as is the case when routing convergence requires additional memory.
Distance: Distance can have a dramatic impact on network performance, especially when the applications haven't been optimized. The maximum speed at which data can be forward is the speed of light, which is 186,000 miles per second or 186 miles per millisecond. This packet forwarding delay becomes significant when an enterprise is running an international client/server application.
Central Processing Unit (CPU): A node's central processing unit (CPU) is typically used by both the control and data planes. Capacity and performance management requires a network and its nodes to have insufficient processing capability at all times. A single node with an inadequate CPU can impact the entire network due to the high degree of interdependence between the nodes in the modern network. Insufficient processing can also increase latency if a node's CPU is unable to keep up with network traffic.
Applications: Applications can also affect a network's capacity and performance, with issues such as the amount of data the application is able to transmit compared to what it needs to transmit. This factor is especially critical for the performance of Wide Area Networks (WANs). Additional application characteristics that affect capacity and performance include application keep-alive and window sizes (Team, 2017).
Management of a network's availability, capacity, and performance is therefore crucial for achieving an organization's business objectives. It really impact of losing connectivity between Dallas router and the Memphis router affect to business, communication between the users. The network loses connectivity means lost dollars and lost business opportunities. The application may be impact should be: email, Video Conferencing, Payroll, Accounting and HR. When the router losing connectives the users must waiting on their network to catch up to the speed at which they are working. They have to sit and wait for file transfers, applications to open, attachments to download, and web pages to open. Slow internet causes costly delays in the company operations and work flow management. According to Pangiotis Vouzis in the article: “Impact of Packet Loss, Jitter, and Latency on VoIP” the poor VoIP quality because latency, jilter, and packet loss can never be completely eliminated from real world networks. (Vouzis, 2016). Telephony is all UDP based, and packets may not arrive at the destination, or get discarded if they arrive delayed or contain errors. This results in missing audio information at the destination.
SQL Server, similar to other enterprise database systems, can place an extremely large load on an I/O subsystem. In most large database applications, physical I/O configuration and tuning play a significant role in overall system performance. There are three major I/O performance factors to consider:
· I/O bandwidth: The aggregate bandwidth, typically measured in megabytes per second that can be sustained to a database device
· I/O latency: The latency, typically measured in milliseconds, between a request for I/O by the database system and the point where the I/O request is completed
· CPU cost: The host CPU cost, typically measured in CPU microseconds, for the database system to complete a single I/O (Description of support for network database files in SQL Server, 2016).
According from Rene Millman in the article: “What’s slowing down your network and how to fix it” Network management to watch when network slow is to see bandwidth as the problem, but with investigation, it is often not within a LAN environment, where a high amount of bandwidth is available. More likely, the problem lies within the WAN, where capacity is more finite and expensive (Millman, N.D).
Current network Architecture: Pattern across the Infrastructure
According Michelle in article:” The Layers of the OSI Model Illustrated” The organizations have a systems (servers, desktops, laptops, mobile devices, etc.) available worldwide and connected through LAN and WAN connections in multiple locations such as the internet, internal networks, perimeter networks, as well as across firewalls and other security equipment that need to be managed and supported centrally, using a systems management tool or solution that has to be designed, adapted and configured in order to address business and technical concerns. First we need identify network requirement on 2 factors:
Business goals: Focus on how the network can make the business more successful.
Technical requirements: Focus on how the technology is implemented within the network
The next one we need characterizing the existing network: Information about the current network and services is gathered and analyzed. It is necessary to compare the functionality of the existing network with the defined goals of the new project. The designer determines whether any existing equipment, infrastructure, and protocols can be reused, and what new equipment and protocols are needed to complete the design. Then design network topology: the network applications and service requirements are identified, and then the network is designed to support them. When the design is complete, a prototype or proof-of-concept test is performed. This approach ensures that the new design functions as expected before it is implemented. Routers are small electronic devices that join multiple computer networks together via either wired or wireless connections. Routers contain a processor (CPU), several kinds of digital memory, and input-output (I/O) interfaces. They function as when a network packet leaves the computer, or other networking device, in route to a destination outside its’ own LAN, some additional information must be attached to the packet. This information would be in the form of a default gateway. This default gateway would typically be a router. If the router does not have specific knowledge of where the packet should be delivered, it forwards the packet upstream to another special-purpose computers, one that does not require a keyboard or display (Michell, 2017).
Network switches are the glue that binds computer communications. Your computer at work typically connects to a network switch. A switch’s job is to receive packets from a computer, or other networking device, and send them to the proper place. The switch keeps a list of all the devices connected to it (Aubrett’s non-technical IT dictionary). In addition, switches share this information with other switches to which they are linked. This way, if computer A needs to communicate with computer B, the switches know exactly where computer A and computer B are connected as long as they exist on the same LAN. If computer A and computer B do not exist on the same LAN, the computer must provide the information of a router, called a default gateway, which can handle the traffic when it sends the packet.
Firewall: A firewall is the gatekeeper between a private network and the rest of the world. The firewall determines what, if anything, inside the private network should be accessible from the outside. Firewalls exist in many forms. Some are hardware appliances which are dedicated solely to performing the firewall functions. Some firewalls are software components which run on routers designed to sit at the network edge. Some firewalls are software packages which run on a server. Most PC operating systems such as Microsoft have a built-in firewall to protect local resources (Aubrett’s non-technical IT, dictionary). The firewall’s job is to examine network packets which are sent to destinations within the private network to see if they should be allowed to pass.
Current network Architecture: Performance Issues
It really impact of losing connectivity between Dallas router and the Memphis router affect to business, communication between the users. The network lose connectivity means lost dollars and lost business opportunities. The application may be impact should be: email, Video Conferencing, Payroll, Accounting and HR. When the router losing connectives the users must waiting on their network to catch up to the speed at which they are working. They have to sit and wait for file transfers, applications to open, attachments to download, and web pages to open. Slow internet causes costly delays in the company operations and work flow management.
The risk of just having a single router or switch within Memphis office it could shut down the Memphis site if the router in Memphis down, or switch down. The route traffic takes among different network providers also affects performance.
Current network Architecture: Security issues
A high security communication flow path is not useful when the network path cannot support capacity and reachability requirements. The deployment phase in communication network can facilitate an optimal network path by focusing on both the network performance and the network security at the same time. The networking and security industries reflect this dichotomy with strong security companies and strong networking companies. A firewall is a network security device that grants or rejects network access to traffic flows between an untrusted zone (e.g., the Internet) and a trusted zone (e.g., a private or corporate network). The firewall acts as the demarcation point or “traffic cop” in the network, as all communication should flow through it and it is where traffic is granted or rejected access (Singh,N.D). A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Therefore if network down is affect to firewall. A firewall is every bit as critical to security as an anti-virus program. Firewalls stop malware from spreading to a network and defend against hackers attempting to infiltrate a targeted system. Disabling a firewall can therefore leave a business vulnerable to abuse, allowing viruses to infect interconnected devices, and giving cybercriminals the opportunity to execute malicious code remotely. End-to-end latency (the delay that happens to a packet end to end from the PC to the server) and any errors causing re-transmission on the network will also degrade application performance and slow the network (Millman, N.D).
Future Network: Future Communication Needs
Today network’s components work together is changing and fast. According to article: “A new model for the future network architecture” our latest infrastructure model harnesses the future architecture evolution to enable fast problem solving in a more manageable and effective way (NA, 2017). The future communication is designed for the needs of operators and their customers, with the option to change and evolve individual sections rather than changing the entire system. Some of commend for new future communication network first would be application clouds. According to article: “Uncovering the application cloud” The application cloud model directs resources when and where they are needed. It becomes even more effective when combined with the connectivity infrastructure evolution, ready to roll out new innovations across different industries. The application cloud resides on top of the distributed cloud infrastructure. This distributed cloud infrastructure exposes network assets from one or several operators. The hardware management system becomes more important than ever, as there are several types of physical sites playing different roles and with different requirements (2017).
The next step considers should be management and monetization. According to article: “Architecture evolution for automation and network programmability” recommend full network programmability for a network and its services needs to consider all the building blocks: how each piece of the network will evolve; how they will interface; and how they support the structure and business processes of an operator. But to achieve such levels of flexibility requires the inter-domain interfaces as well as the domains to evolve. Network functions will no longer be located according to traditional vertical groupings in single network nodes, but will instead be distributed to provide connectivity where it is needed (2017). As applications like self-driving vehicles and remotely operated machinery evolve, become more innovative, and more widespread, the level of performance that 5G networks need to deliver will inevitably rise. Per article: “Flexibility in 5G transport networks: the key to meeting the demand for connectivity” the new 5G transport network are high – providing support for a massive range of services. Industry transformation, digitalization, the global dependence on mobile broadband, MTC, the IoT, and the rise of innovative industrial applications all require new services, which has a considerable impact on the transport network. For example, a new radio-access model that supports highly scalable video distribution or massive MTC data uploading might require additional transport facilities – such as a scalable way to provide multicasting.
Per Ryan Rouse it’s important that teams across every step of oil and gas production, including upstream (hydraulic fracturing, oil field monitoring and offshore rigs), midstream (pipeline monitoring and pumping stations) and downstream (refineries and gas stations) applications, use dependable network components that can withstand harsh industrial conditions for the highest network reliability and availability. Cyber security, for example, is quickly becoming a big concern for industries everywhere, especially oil and gas (Rouse, 2017). According to Rouse in his article: “Future-Proofing Oil and Gas Networks: 4 Things to Look For” The biggest step teams can take to ensure they have a solid communications network is to invest in high-quality, rugged Ethernet infrastructure designed specifically for use in harsh environments. In addition, it’s essential to understand when and where to use industrial-grade components versus those designed for commercial settings (Rouse, 2017). The plan for SNHUEnergy, Inc will grow, but we need to ensure their control rooms and overall communications infrastructure are well-equipped to support expansion, harsh environments and modern technologies. Success requires the right combination of switches, cabling, firewalls and wireless components that deliver on the team’s unique needs, protect against evolving threats and add to the bottom-line.
Future Network Architecture: Network Architecture
According to Rouse comment when considering how to design the network, we should look for components that meet the following four requirements:
Safety and reliability: Remote monitoring solutions offering high network visibility and control are helpful, in addition to leading industrial security and firewall products for Layer 2 and Layer 3 networks. We look for components that can withstand the harshest environmental conditions and are compliant to oil and gas standards, meeting all possible classified types for each facility site to ensure compliance with UL Class I Division 2 and ATEX certifications. Solutions that can transmit up to 170km without using active repeaters in between are ideal for oil and gas applications.
Reduced operational costs: Constant maintenance-related updates, especially in difficult to reach areas such as deep water shelters below 200-400m of the surface, are extremely costly. This is not only because of maintenance fees, but also because of unnecessary downtime. Maintenance-free networking solutions that allow you to remotely and automatically monitor wells and fields and take preventable measures to help avoid production downtime. Using multi-Gigabit solutions that offer extended bandwidth and expandability are flexible and cost-effective tools that can support this initiative.
Minimized installation efforts: Installation can be costly in most industrial settings – but even more costly in extreme oil and gas settings, which are often underwater. Wide local area network (WLAN) solutions that meet the ATEX Zone 2 standard for oil and gas applications can help reduce wire line installation costs and enable teams to get closer to the field level, contributing to seamless installation. Withstand harsh environments: The biggest step teams can take to ensure they have a solid communications network is to invest in high-quality, rugged Ethernet infrastructure designed specifically for use in harsh environments. In addition, it’s essential to understand when and where to use industrial-grade components versus those designed for commercial settings.
Identify solutions that withstand the corrosive and extreme elements oil and gas applications face every day, including water immersion, crushing, abrasion, UV exposure, oils and solvents, sunlight, extreme temperatures, chemical exposure, and prolonged vibration and noise. This is foundational to the success of upstream, midstream and downstream processes (Rouse, 2017).
We will focus on switching and routing, access, signaling and control, performance and reliability, security, physical design and transport, we incorporate all important elements of design to plan for future communication network needs.
We will extend these services across the WAN by using TCP/IP communication processes, because Wide Area Network (WAN) to connect the two locations. WAN connections vary in bandwidth depending on your needs, and may be set up as a direct connection or a virtual private network (VPN) via the Internet. Either way, connecting your locations will enable better and more secure communication within your business. For Memphis site we will get extra switch and router for back up, in case the single switch, and router down. I would consider security when making any change to company network infrastructure, especially when connecting two sites. I would consider higher level protection network security when expend the network. I will consider building network and implement user application network management policies to overcome congestion and performance issues. When building new network the system can monitor and respond to network security threats in real time to thwart increasingly sophisticated attacks and intrusions.
Planning and Security: Performances and Security Issues
Today’s networks are congested. In addition to carrying traditional business application data (e.g., email and file transfer), internal networks are now also carrying voice traffic and on demand video conferencing. Per Dave Shackleford in his article: “Monitoring Security and Performance on Converged Traffic works” states performance and security monitoring are growing closer together than ever as these new and traditional forms of traffic clog our networks. Although the presence of a performance or security issue does not necessarily indicate the existence of the other, many analysts are realizing the benefits of behavioral baselines and how a more holistic approach can alleviate the problems of both congestion and security. For example, large data transfers that are causing congestion issues could potentially indicate an attacker retrieving database records. Therefore security is major concern on the network therefore I must seek a unified way to correlate different alerts from performance and security monitoring systems. For security keep pace with new attacks on protocols, such as SIP, which include registration hijacking and eavesdropping? Increased visibility into network traffic and behavioral baselines is critical to detect and prevent such attacks (Shackeford, 2008). For many of today’s more complex attacks, as well as the majority of sophisticated malware, the network architecture will need to inspect the full content of packets on the network for application like VoIP, email will need to decode content within RTP packets with additional tools or inspect specific SIP packets.
Planning and Security: Network Management tool
Per Fed Tech Staff in article: “6 Network Security Tools Every Agency Needs” states Network management systems, with their monitoring capabilities and unified views into infrastructure dynamics, give IT organizations a powerful weapon for fighting cyber threats. To secure today’s distributed networks, IT teams also must develop defense-in-depth strategies that combine network-enforced security technologies with best practices (Staff, 2013). According to these authors these tools recommend to use are:
Instruction detection and prevention systems: These tools help IT staff identify and protect their wired and wireless networks against several security threat types. These technologies, like several other categories of network security tools, are being deployed with greater frequency as networks grow in size and complexity (Staff, 2013). Both tools solutions detect threat activity in the form of malware, spyware, viruses, worms and other attack types, as well as threats posed by policy violations. Instruction detection tools passively monitor and detect suspicious activity; prevention system tools perform active, in-line monitoring and can prevent attacks by known and unknown sources. Both tool types can identify and classify attack types (Staff, 2013).
Anti-Malware: this tools help administrators identify, block and remove malware. They enable the IT department to tailor its anti-malware policies to identify known and unknown malware sources, for example, or surveil specific users and groups. I would use this tool for security defenses, operating systems, browsers, applications and popular targets such as Adobe Flash, Acrobat and Reader — that they can exploit to fully access a victim’s network.
Network Access control: this tool we use for compliant devices access to network assets. They handle access authentication and authorization functions and can even control the data that specific user’s access, based on their ability to recognize users, their devices and their network roles. Another tools I would consider and use is Next-Generation Firewall, this tools improve on standard firewall capabilities through application-awareness features (Staff, 2013). The last tool I will use is authentication and authorization, per FedTech Staff the traditional directory-based services, such as Active Directory, authenticates users and grant access based on authorization rules. Newer identity-based security technologies manage authentication and authorization through such methods as digital certificates and public key infrastructure solutions (Staff, 2013).
Planning and Security: Security Devices
From a security standpoint, the pieces of hardware that will help provide security are firewalls and routers. Firewall is the first security device I am concern. As the first line of network defense, firewalls provide protection from outside attacks, but they have no control over attacks from within the corporate network. Some firewalls also block traffic and services that are actually legitimate. A firewall is designed to protect one network from another network. In the lesson “Understanding the Basic Security Concepts of Network and System Devices” by Bittlingmeier, and King states network security is concentrated on configuring the firewall, or at least is built around it, a compromised firewall can mean a disaster for a network. Three basic types of firewalls are available, in addition to one—the stateful inspection firewall—that combines the features of the three basic types. Firewall architectures include the following:
· Packet-filtering firewall
· Circuit-level gateway
· Application-level gateway
· Stateful inspection firewall
Firewalls act like filters. They help company monitor data traffic between company’s network and the Internet.
For a router, I should make sure it set a password and enable encryption. Unprotected wireless networks are a bad idea. Most routers have either Wireless Encryption (WEP) or Wi-Fi Protected Access (WPA) encryption options. Some have both. WPA is more secure than WEP. Enabling encryption and choosing a strong router administrator password are two steps that will help keep company’s network secure.
Planning and Security: Changes to Existing devices
The existing devices the SNHUEnergy Inc, is Firewall. I just may update to use Barracuda Next Generation Firewall. According to the website of Barracuda Firewall, this modern network includes a combination of local servers, remote devices and cloud-hosted applications. Barracuda NextGen Firewalls are purpose-built for the modern, distributed network in which network performance and availability is as important as security. Unlike traditional port-based firewalls, our firewalls are application-aware, enabling you to regulate application usage and intelligently prioritize network traffic. Barracuda NextGen Firewalls feature advanced security capabilities, including integrated Intrusion Prevention (IPS), URL filtering and antivirus to identify and block evasion attempts that would trick traditional systems. Barracuda’s security extends beyond your network to Barracuda’s Advanced Threat Protection (ATP) cloud for both statistical and sandboxing analysis of zero-day and targeted threats that routinely bypass signature-based IPS and antivirus engines (Barracuda.com).
Planning and Security: Challenges
Barracuda next-generation firewalls are fully application and user aware and, thus, can specifically allow or disallow access to certain applications by users. How we address information security and risk management. The challenge is that cloud security processes and solutions are still being developed. Managing configuration changes on switches, routers, firewalls, controllers, and other network devices, at locations across the network, is an obvious challenge. For example, deploying a new service, which involves wide-scale configuration changes, could take days or weeks to reliably complete. According to article: “The Best Free Network Configuration and Change Management Tools” make me consider must have a reliable way for knowing when, who, what, and how your device configurations have changed. This will help you detect out-of-process and rogue changes, reconcile changes to valid change requests, and ensure that actual changes were properly made. Another challenge we must think by Ranbe in article: “What happen if Firewall disable” that will affect all data packets to entering and exiting the network unrestricted. This includes not just expected traffic, but also malicious data -- thereby putting the network at risk. If a software firewall is disabled, it's not just the associated computer that's in harm's way; worms -- a type of malware -- for example, can spread across a network connection, infecting all of the PCs attached to the LAN. Disabling a hardware firewall also impacts all of the devices that connect to the network (Ranbe, N.D).
Planning and Security: Overall Risk
According to article: “The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations” the author gives the risk when update network device. According to the author perimeter devices, such as firewalls and intrusion detection systems, have been the traditional technologies used to secure the network, but as threats change, so must security strategies. Organizations can no longer rely on perimeter devices to protect the network from cyber intrusions; organizations must also be able to contain the impact/losses within the internal network and infrastructure (N.A, 2016). The risk is when the network administrator change the network device or upgrade the software attackers either use the default credentials to log into the device or obtain weak credentials from other insecure devices or communications. The implant resides within a modified IOS image and, when loaded, maintains its persistence in the environment, even after a system reboot. Any further modules loaded by the attacker will only exist in the router’s volatile memory and will not be available for use after the device reboots. However, these devices are rarely or never rebooted (N.A, 2016). If the network infrastructure is compromised, malicious hackers or adversaries can gain full control of the network infrastructure enabling further compromise of other types of devices and data and allowing traffic to be redirected, changed, or denied. Possibilities of manipulation include denial-of-service, data theft, or unauthorized changes to the data (N.A, 2016).
I’ve learned all the challenge and the risk when network device upgrade I will consider when I perform the change. I learn from the article opening the firewall does potentially allow malicious traffic to enter through the applicable port, but businesses can use nonstandard ports, when possible, to reduce the risk of attack (N.A, 2016). Therefore, when I applying software updates or installing new programs -- the software firewall must be disabled. When possible, I should disconnect a computer from the Internet before disabling the firewall to eliminate the risk of attack.
Conclusions
With the network becoming more important than ever, the three top reasons for network upgrades are performance, reliability and security that SNHUEnergy, Inc consider. When we upgrade the network, the clients and users use multimedia and unified communications over IP such as telephones, IM and video, it's important that they have a reliable Internet connection and a high-functioning router. The quality of service on network, video conferencing, voice are become important too. The main thing is security, when we upgrade network with high security, with the new firewall generation keeps track of all the operations performed in the network device - who invoked what operation, on what device at what time and the result of the operation.
Reference
Achetson, K. (2014, April 2). The Seven Layers of Networking. Retrieved August 19, 2017, from http://blog.boson.com/bid/102913/The-Seven-Layers-of-Networking-Part-III
Architecture evolution for automation and network programmability. (2014, November 28). Retrieved August 6, 2017, from https://www.ericsson.com/en/publications/ericsson-technology-review/archive/2014/architecture-evolution-for-automation-and-network-programmability?fromDate=2014-01-01&categoryFilter=ericsson_review_1270673222_c&toDate=2014-12-31
Aubrett's Non-Technical IT Dictionary - Switch. (n.d.). Retrieved July 9, 2017, from https://www.aubrett.com/non-technical/network/switch/non-technical-switch
Balancing network performance and network security in a smart grid application. (n.d.). Retrieved July 23, 2017, from http://ieeexplore.ieee.org/document/7819235/
Bittlingmeier, D., & King, T. (2003, April 25). CompTIA Security Exam: Devices, Media, and Topology Security. Retrieved August 19, 2017, from http://www.pearsonitcertification.com/articles/article.aspx?p=31562&seqNum=2
Description of support for network database files in SQL Server. (2016, April 12). Retrieved July 23, 2017, from https://support.microsoft.com/en-us/help/304261/description-of-support-for-network-database-files-in-sql-server
Exploring the Modern Computer Network: Types, Functions, and Hardware. (2013, December 13). Retrieved July 23, 2017, from http://www.ciscopress.com/articles/article.asp?p=2158215
Flexibility in 5G transport networks: the key to meeting the demand for connectivity. (n.d.). Retrieved August 6, 2017, from https://www.ericsson.com/en/publications/ericsson-technology-review/archive/2015/flexibility-in-5g-transport-networks-the-key-to-meeting-the-demand-for-connectivity
Henderson, R. (2013, October 1). Network Architecture Of The Future: It’s Now. Retrieved August 6, 2017, from http://blog.mavtechglobal.com/blog/2013/10/01/network-architecture-of-the-future-its-now
Harrel, R. (n.d.). Understanding the network application environment. Retrieved August 19, 2017, from http://searchenterprisewan.techtarget.com/tip/Understanding-the-network-application-environment
Michell, B. (2017, February 8). What Is a Router for Computer Networks? Retrieved July 9, 2017, from https://www.lifewire.com/how-routers-work-816456
Mitchell, B. (2017, April 07). The Layers of the OSI Model Illustrated. Retrieved July 9, 2017, from https://www.lifewire.com/layers-of-the-osi-model-illustrated-818017
Millman, R. (n.d.). What’s slowing down your network and how to fix it. Retrieved July 23, 2017, from http://www.computerweekly.com/feature/Whats-slowing-down-your-network-and-how-to-fix-it
Ranbe, R. (n.d.). What Happens if a Firewall Is Disabled? Retrieved July 9, 2017, from http://smallbusiness.chron.com/happens-firewall-disabled-62134.html
Rouse, R. (2017, May 17). Future-Proofing Oil and Gas Networks: 4 Things to Look For. Retrieved August 6, 2017, from http://www.belden.com/blog/industrialethernet/future-proofing-oil-and-gas-networks-4-things-to-look-for.cfm
Shackleford, D. (2008, April 30). Monitoring Security and Performance on Converged Traffic works. Retrieved August 19, 2017, from https://www.sans.org/reading-room/whitepapers/analyst/monitoring-security-performance-converged-traffic-networks-34720
Staff, F. T. (2013, September 23). 6 Network Security Tools Every Agency Needs. Retrieved August 19, 2017, from https://fedtechmagazine.com/article/2013/09/6-network-security-tools-every-agency-needs
Simoneau, P. (n.d.). The OSI Model: Understanding the Seven Layers of Computer Networks. Retrieved July 9, 2017, from http://ru6.cti.gr/bouras-old/WP_Simoneau_OSIModel.pdf
Singh, N. (n.d.). WHAT IS A FIREWALL? Firewalls and Their Evolution. Retrieved July 9, 2017, from https://www.paloaltonetworks.com/cyberpedia/what-is-a-firewall
Simoneau, P. (n.d.). The OSI Model: Understanding the Seven Layers of Computer Networks. Retrieved July 9, 2017, from http://ru6.cti.gr/bouras-old/WP_Simoneau_OSIModel.pdf
Singh, N. (n.d.).What is the Firewalls? Firewalls and Their Evolution. Retrieved July 9, 2017, from https://www.paloaltonetworks.com/cyberpedia/what-is-a-firewall
Team, A. (2017, April 18). 7 Factors that can impact your network performance. Retrieved July 23, 2017, from http://www.annese.com/blog/7-factors-that-can-impact-your-network-performance
The Best Free Network Configuration and Change Management Tools. (2016, March 16). Retrieved August 20, 2017, from http://www.dnsstuff.com/free-network-configuration-management-tools
The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations. (2016, September 6). Retrieved August 20, 2017, from https://www.us-cert.gov/ncas/alerts/TA16-250A
The OSI Model: applications, devices, and protocols related to the OSI model Layers. (n.d.). Retrieved July 9, 2017, from https://www.examcollection.com/certification-training/network-plus-osi-model-application-devices-and-protocols.html
Vouzis, P. (2016, August 18). Impact of Packet Loss, Jitter, and Latency on VoIP. Retrieved July 23, 2017, from https://netbeez.net/2016/08/18/impact-of-packet-loss-jitter-and-latency-on-voip/
https://www.barracuda.com/products/ngfirewall