Order 1548415: Network Design

II. Network Addressing and Security

A. Subnetting

Overview

Subnetting is a process of breaking a large network into small networks known as subnets. Subnetting happens when we extend the default boundary of the subnet mask. Basically, we borrow host bits to create networks (i.e., subnets).

We have been assigned the network address 192.168.22.0. Based on the chart below, we know this is a Class C address. This is determined by observing the first octet of the IP address, which is 192. This octet falls in between 192 and 223.

Each class has a predefined default subnet mask that tells us the octets, which are already part of the network portion, as well as how many bits we have available to work with.

CIDR (Classless Inter Domain Routing)

CIDR is a slash notation of the subnet mask. CIDR tells us the number of on bits in a network address.

· Class A has default subnet mask 255.0.0.0. that means first octet of the subnet mask has all on bits. In slash notation, it would be written as /8, means address has 8 bits on.

· Class B has default subnet mask 255.255.0.0. that means first two octets of the subnet mask have all on bits. In slash notation, it would be written as /16, means address has 16 bits on.

· Class C has default subnet mask 255.255.255.0. that means first three octets of the subnet mask have all on bits. In slash notation, it would be written as /24, means address has 24 bits on.

Technical Requirements

UMUC has not decided how they will use all of the physical space within the newly leased building, but the diagrams below convey the proposed end state. However, they have decided to use some of the space in the short term. In doing so, we will proceed with the proposed plan. Initially, the building will house 5 classrooms, 1 student computer lab, 1 library, and 1 office .

· In the below building diagrams, we will use Office 5 (Admissions) on the first floor. Each office will have 1 computer for staff use, with the exception of the admissions office, which will have 5 computers. Based on the subnetting performed above, we may be able to add more devices in the future.

· The classrooms are labeled Classroom #1, Classroom #2, and Classroom #4 on the first floor and Classroom #1 and Classroom #5 on the second floor; each classroom will have a closet. Each classroom will have 25 devices: 23 student computers, 1 instructor computer, and 1 server in the closet, for instructional use.

· Students should consider high traffic areas for Wi-Fi, such as the sitting areas and not the classrooms. The Wi-Fi network should be segregated from the wired network and implemented on a separate Class C network. What will the network address, range, and broadcast address for this separate Class C wireless address be?

· In addition, there will be a student computer lab that will provide computer access to students to do their homework. The student computer lab is located on the second floor. There will be 24 computers in this lab and 1 server in the closet.

· To allow students access to library resources, the library will also have 10 computers for the general public to use and 5 computers for library staff.

· There will be two server rooms, one on the first floor and one on the second floor.

To be clear, the diagram below conveys the proposed end state.

Given the aforementioned scenario, we are going to use the 192.168.3.0 network and create a total of 8 subnets, with 25 possible hosts on each subnet. The chart below describes structures the scenario to include each subnet and required hosts.

Note: Using the How to Subnet a Network Video provided in CMIT 265 LEO - Content - UMUC Network Design Proposal, complete the following chart.

Proposed Subnet

B. Firewall Implementation

Technical Requirements

In this section, you will assess UMUC’s technical requirements related to the firewall implementation. You will need to make assumptions where appropriate. When making assumptions, list each and make sure to justify the solution in the Justification section.

Proposed Firewall Implementation

This section should be used to provide the details of your proposed solution, based on the technical requirements and assumptions. Be sure to review different types of firewalls available, what the firewall will be doing, and the benefits and drawbacks of some models are. Student should be specific when discussing the models, types, and costs.

Justification

This section should be used to justify your proposed solution based on the technical requirements and assumptions.

C. Intrusion Detection System / Intrusion Protection System

Technical Requirements

In this section, you will assess UMUC’s technical requirements related to the intrusion detection system (IDS) and Intrusion Prevention System (IPS). You will need to make assumptions where appropriate. When making assumptions, list each and make sure to justify the solution in the Justification section.

Proposed Intrusion Detection System / Intrusion Protection System

This section should be used to provide the details of your proposed solution, based on the technical requirements and assumptions. Describe how IDS and IPS operates and how will or won’t IDS and or IPS be used in your solution? Student should be specific when discussing the models, types, and costs.

Justification

This section should be used to justify your proposed solution based on the technical requirements and assumptions.

D. DMZ Implementation

Technical Requirements

In this section, you will assess UMUC’s technical requirements related to the DMZ implementation. You will need to make assumptions where appropriate. When making assumptions, list each and make sure to justify the solution in the Justification section.

Proposed DMZ Implementation

This section should be used to provide the details of your proposed solution, based on the technical requirements and assumptions. What uses would UMUC need for a DMZ? What equipment should be placed into the DMZ? Student should be specific when discussing the models, types, and costs.

Justification

This section should be used to justify your proposed solution based on the technical requirements and assumptions.

E. Physical Security Measures

Technical Requirements

In this section, you will assess UMUC’s technical requirements related to the physical security measures. You will need to make assumptions where appropriate. When making assumptions, list each and make sure to justify the solution in the Justification section.

Proposed Physical Security Measures

This section should be used to provide the details of your proposed solution, based on the technical requirements and assumptions. Be practical, as the classrooms and library are open for students to use. Be sure to address physical access of the computers in the classroom, remember law 3 of the 10 immutable laws of information security. Student should be specific when discussing the models, types, and costs.

Justification

This section should be used to justify your proposed solution based on the technical requirements and assumptions.

F. Additional Network Security Measures

Technical Requirements

In this section, you will assess UMUC’s technical requirements related to the additional security measures. You will need to make assumptions where appropriate. When making assumptions, list each and make sure to justify the solution in the Justification section.

Proposed Network Security Measures

This section should be used to provide the details of your proposed solution, based on the technical requirements and assumptions. You should consider the carbon units utilizing the computers, what additional measures are needed when dealing with people? Student should be specific when discussing policy, training, and awareness.

Justification

A. Network and Cloud Based Storage

Technical Requirements

In this section, you will assess UMUC’s technical requirements related to the network and cloud based storage. You will need to make assumptions where appropriate. When making assumptions, list each and make sure to justify the solution in the Justification section.

Proposed Network and Cloud Based Storage

This section should be used to provide the details of your proposed solution, based on the technical requirements and assumptions. Student should be specific when discussing the models, types, and costs.

Justification

This section should be used to justify your proposed solution based on the technical requirements and assumptions. Is it worthwhile to consider outsourcing some or all of the classrooms? Have all the costs been considered?

B. Data Protection and Backup

Technical Requirements

In this section, you will assess UMUC’s technical requirements related to the data protection and backup. You will need to make assumptions where appropriate. When making assumptions, list each and make sure to justify the solution in the Justification section.

Proposed Data Protection and Backup

This section should be used to provide the details of your proposed solution, based on the technical requirements and assumptions. Consider disaster recovery and options available for conducting classes, but also day to day operations of the offices. Student should be specific when discussing the models, types, and costs.

Justification

This section should be used to justify your proposed solution based on the technical requirements and assumptions.

C. Network Monitoring

Technical Requirements

In this section, you will assess UMUC’s technical requirements related to network monitoring. You will need to make assumptions where appropriate. When making assumptions, list each and make sure to justify the solution in the Justification section.

Proposed Network Monitoring

This section should be used to provide the details of your proposed solution, based on the technical requirements and assumptions. What monitoring systems are available and of them which would be the most advantageous for the UMUC to implement? Student should be specific when discussing the models, types, and costs.

Justification

This section should be used to justify your proposed solution based on the technical requirements and assumptions.

D. Log Storage and Management

Technical Requirements

In this section, you will assess UMUC’s technical requirements related to the log storage and management. You will need to make assumptions where appropriate. When making assumptions, list each and make sure to justify the solution in the Justification section.

Proposed Log Storage and Management

This section should be used to provide the details of your proposed solution, based on the technical requirements and assumptions. What aggregating and analysis solutions are there and which one is best to choose from for UMUC? Student should be specific when discussing the models, types, and costs.

Justification

This section should be used to justify your proposed solution based on the technical requirements and assumptions.

E. Troubleshooting Methodology

Technical Requirements

In this section, you will assess UMUC’s technical requirements related to the troubleshooting methodology. You will need to make assumptions where appropriate. When making assumptions, list each and make sure to justify the solution in the Justification section.

Proposed Troubleshooting Methodology

This section should be used to provide the details of your proposed solution, based on the technical requirements and assumptions. Present the isolation method for equipment and how you could find one bad end point or a cable that is bad between classroom 1 and the IT server closet. Student should be specific when discussing the methods, test equipment, and results.

Justification

This section should be used to justify your proposed solution based on the technical requirements and assumptions.