1 / 0

DATA COMMUNICATION & NETWORKING 11- PROJECT: PROJECT DESIGN DOCUMENT

DATA COMMUNICATION & NETWORKING 11- PROJECT: PROJECT DESIGN DOCUMENT. REQUESTED BY: SEAN THORPE DATE : JUNE 20, 2010 CONTACT: MARLON MARAGH –Project Manager Email: mar_maragh@yahoo.com, sheldonmitchell@yahoo.com,andrewta23@yahoo.com . Group Members.

emma
Download Presentation

DATA COMMUNICATION & NETWORKING 11- PROJECT: PROJECT DESIGN DOCUMENT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DATA COMMUNICATION & NETWORKING 11- PROJECT: PROJECT DESIGN DOCUMENT REQUESTED BY: SEAN THORPE DATE : JUNE 20, 2010 CONTACT: MARLON MARAGH –Project Manager Email: mar_maragh@yahoo.com, sheldonmitchell@yahoo.com,andrewta23@yahoo.com.
  2. Group Members Dionne Newman - BS08-1770-IT3 Andrew Taylor - BS09-7800-IT3 Andre Palmer - BS08-6411-IT3 Marlon Maragh - BS09-8008-IT3 Sheldon Mitchell - BS09-8114-IT3 Mark Daniels - BS09-8378-IT3
  3. PROJECT DESIGN DOCUMENT Problem Statement: Grace Kennedy Jamaica Ltd is one of the fastest growing food distribution and manufacturing company in Jamaica with many branches and outlets island wide, as a result client base communication among staff is becoming challenging and time consuming. The sharing of information between the organization and its clients is also being negatively impacted. Access to information is constantly demanding and need for the process to be seamless and automated. The need to setup and deploy a secure wireless solution to afford our internal and external clients and stakeholders accessibility is a number one priority. As a group we have decided that the designing and implementation of a wireless system would be a major benefit both to Grace Kennedy and its clients, as with every successful business the sharing of timely and accurate information is of paramount importance.
  4. Purpose of Project Study One of the main aim of this project is to identify the steps involved in setting up a wireless secure session and to share such services to guest users when required. At Grace Kennedy, Customer satisfaction is of paramount importance as well as the easy access of information by employees. Another purpose of the project study is to identify a suitable means where communication to both employees and clients cannot only be timely but also be accurate. Accurate and timely information can only lead to job satisfaction among employees and also improve the company Customer Relationship Management (CRM).
  5. Significance of the Study Over the past five years, the world has become increasingly mobile. As a result, traditional ways of networking the world has proven inadequate to meet the challenges posed by our new collective lifestyle. If users must be connected to a network by physical cables, their movement is dramatically reduced. Wireless connectivity, however, poses no such restriction and allows a great deal more free movement on the part of the network user. Another significance of the study is flexibility, which can translate into rapid deployment. Wireless networks use a number of base stations to connect users to an existing network. Wireless Network facilitates the adding of nodes onto the network. Adding a user to a wireless network is a matter of configuring the infrastructure, but it does not involve running cable. Companies like Grace Kennedy with many outlets will benefit, as the wireless network allows internet access pass the limitation of DSL into communities where high speed internet was only a dream. These companies can now communicate with each other successfully in and out of places that were too rugged for traditional cable approach.
  6. Literature Review Document Literature review document (rev 1.1.0) International case Review of the Problem: Enterprise: JFK Airport Purpose: Check-In, Flight Information, Kiosk Devices: Access Points Routers Kiosk (Virtual Machine) Web Content Filtering Security Protocols: Advance Encryption Standard (AES) 802.1X Cisco Aironet Cisco Compatible Extension wireless Wireless Protected Access (WPA)
  7. Literature Review Document Local case study review of problem: Enterprise: HiLo Food Store. Purpose: Goods Receivables & Billing Primary Devices:-Internal Handheld Wireless device (Motorola symbol) Access Points (Cisco Aironet 1200)-Access list/WPA Ent. Wireless protocol standard 802.1X Cisco 2950 Switch Radius authentication server (Security) Active Directory Authentication (ADDS) Protocol: TCP/IP
  8. Project name- Wireless Implementation and design Implementation and recommendation summary (rev 1.1.0) last revised 04/07/2010. Purpose Equipment Configuration Active Domain Controller Windows 2008 server Windows 2008 server-: IAS; (hardware to be spec) Radius Authentication server Security /connectivity(edge perimeter)  Cisco -ASA5000 Firewall –securing the external network Cisco 2950 router Gateway Routing Connectivity –internal Cisco 2950 – switch (VLAN) Vlan configuration Cisco Aeronet 1200- Access point Access list Internal control – LAN Security Access Point WPA 2 Ent/ TKIP RADIUS AUTHENTICATION SERVER Radius client

  9. GRACEKENNEDY limitedWireless implementation

  10. CONTENTS Project Objective Project Design Documentation Purpose of Project Study
  11. Project objective Steps in setting up a Wireless Secure session and how to share such wireless services to Guest users when needed
  12. PROJECT DESIGN DOCUMENT GraceKennedy Jamaica Ltd is one of the fastest growing food distribution and manufacturing company in Jamaica. The need to setup and deploy a secure wireless solution to afford our internal and external clients and stakeholders accessibility is a number one priority.
  13. Purpose of Project Study: One of the main aim of this project is to identify the steps involved in setting up a wireless secure session and to share such services to guest users when required.
  14. Design methodology:- setting up the networking and security infrastructure, and connect the different devices on your wireless network.
  15. Project scope and guide
  16. RADIUS SERVER
  17. Diagram and layout 1.
  18. Diagram and layout 2.
  19. IP MONITOR
  20. CITRIX
  21. SUMMARY Most wireless networks are based on the IEEE® 802.11 standards. A basic wireless network consists of multiple stations communicating with radios that broadcast in either the 2.4GHz or 5GHz band (though this varies according to the locale and is also changing to enable communication in the 2.3GHz and 4.9GHz ranges). 802.11 networks are organized in two ways: in infrastructure mode one station acts as a master with all the other stations associating to it; the network is known as a BSS and the master station is termed an access point (AP). In a BSS all communication passes through the AP; even when one station wants to communicate with another wireless station messages must go through the AP. In the second form of network there is no master and stations communicate directly. This form of network is termed an IBSS and is commonly known as an ad-hoc network. If you decide to build a wireless network, you'll need to take steps to protect it -- you don't want your competitors hitchhiking on your wireless signal. Wireless security options include: Wired Equivalency Privacy (WEP) Wi-Fi Protected Access (WPA) Media Access Control (MAC) address filtering
  22. 802.11 networks are organized in two ways: in infrastructure mode one station acts as a master with all the other stations associating to it; the network is known as a BSS and the master station is termed an access point (AP). In a BSS all communication passes through the AP; even when one station wants to communicate with another wireless station messages must go through the AP.
  23. In the second form of network there is no master and stations communicate directly. This form of network is termed an IBSS and is commonly known as an ad-hoc network.
  24. If you decide to build a wireless network, you'll need to take steps to protect it -- you don't want your competitors hitchhiking on your wireless signal. Wireless security options include: Wired Equivalency Privacy (WEP) Wi-Fi Protected Access (WPA) Media Access Control (MAC) address filtering
  25. You can choose which method (or combination of methods) you want to use when you set up your wireless router. The IEEE has approved each of these security standards, but studies have proven that WEP can be broken into very easily. If you use WEP, you may consider adding Temporal Key Integrity Protocol (TKIP) to your operating system. TKIP is a wrapper with backward compatibility, which means you can add it to your existing security option without interfering with its activity.
  26. Think of it like wrapping a bandage around a cut finger -- the bandage protects the finger without preventing it from carrying out its normal functions.
  27. Wireless access can provide the following benefits: Strong authentication. IEEE 802.1X was a standard that existed for Ethernet switches and was adapted to 802.11 wireless LANs to provide much stronger authentication than what was provided in the original 802.11 standard. Wireless network authentication can be based on different EAP authentication methods such as those using secure password (the user account name and password credentials)
  28. or a digital certificate. IEEE 802.1X prevents a wireless node from joining a wireless network until the node has performed a successful authentication. Additionally, a component of mutual authentication in EAP prevents wireless users from connecting to rogue wireless access points (APs), rogue NPS servers.
  29. Although 802.1X authenticated access is optimal for medium and large wireless LANs, it can also be used for small organizations that require strong security. An 802.1X authenticated wireless access infrastructures consists chiefly of servers running Network Policy Server (NPS) and an account database such as the Active Directory® Domain Service (AD DS) account database. IEEE 802.1X uses Extensible Authentication Protocol (EAP).
  30. Infrastructure flexibility. In general, WLANs can extend or replace a wired infrastructure in situations where it is costly, inconvenient, or impossible to lay cables. A wireless LAN can connect the networks in two buildings that are separated by physical obstacles or financial constraints. You can also use wireless LAN technologies to create a temporary network, which is in place for only a specific amount of time.
  31. Additionally, deploying a wireless network, in instances where a company needs to rapidly expand their workforce, can be a more efficient and cost effective alternative than installing the physical cabling required for a traditional Ethernet network. And even if no wireless infrastructure is present, wireless portable computers can still form their own ad hoc networks to communicate and share data with each other.
  32. Mobility and productivity. Wireless access can increase productivity for employees that require mobility. Mobile users who are equipped with a portable computer can remain connected to the network. This enables the user to change locations—to meeting rooms, hallways, lobbies, cafeterias, classrooms, and so forth—and still have access to network resources.
  33. Without wireless access, the user must carry Ethernet cabling and is restricted to working near a network jack. Wireless LAN networking is a perfect technology for environments where movement is required.
  34. CONCLUSION There are some fundamental prerequisites that must be met before implementing or deploying any wireless network: Before deploying this scenario, you must first purchase and install 802.1X-capable wireless APs to provide wireless coverage in the locations you want at your site. Active Directory Domain Services (AD DS) is installed, as are the other network technologies, according to the instructions in the Windows Server 2008 Foundation Network Guide.
  35. Server certificates are required when you deploy the Protected Extensible Authentication Protocol Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2) certificate-based authentication methods. For information about deploying server certificates, see Foundation Network Companion Guide: Deploying Server Certificates.
  36. Server certificates and computer and user certificates are required when you deploy Extensible Authentication Protocol-Transport Layer Security (EAP-TLS). For information about deploying user and computer certificates, see Foundation Network Companion Guide: Deploying Computer and User Certificates.
  37. This guide uses a step-by-step approach to help you decide which design best fits your wireless access needs and to help you create a design based on the most common wireless design goals. The two scenarios are:
  38. Wireless access by using PEAP-MS-CHAP v2 for secure password authentication. This design is well suited to small businesses and medium organizations. Secure password authentication provides strong security, and uses domain account credentials (user name and password) for client authentication.
  39. When deploying wireless access by using PEAP-MS-CHAP v2, you can either purchase certificates from a public certification authority (CA), such as VeriSign, or deploy a private CA on your network by using Active Directory Certificate Services (AD CS).
  40. Wireless access by using either EAP-TLS or PEAP-TLS for authentication using digital certificates. This design is well suited to medium- and enterprise-sized networks. Digital certificates provide more robust security than secure password authentication. Digital certificates are either smart cards, or certificates issued to your users and computers by the CA you deploy on your network. If your wireless solution uses either EAP-TLS or PEAP-TLS, you must deploy a private CA on your network by using AD CS.
More Related