1. ITEC 4750�Senior Capstone Networking Project
2. Project Members
3. Project Outline Our team was tasked to research and recommend a hypothetical high level network for a fictions University referred to as “Southern University”
4. Research Distribution Each element of the assignment was carefully reviewed and assigned to one of the following six categories:
Physical Infrastructure
Security
Backup & Disaster Recovery
Remote Access
Acceptable Use & Applications
Vulnerability Assessment
5. Research Distribution A member of our team was selected for each of these six categories to become a specialist on the topic and perform detailed research
This presentation summarizes their research
6. Physical Infrastructure by John Staples
7. Network Infrastructure� Definition: The architecture, equipment, and connections that make up a network.
The Southern University Network Infrastructure will incorporate some of the following equipment and connections.
Routers
Switches
Ethernet and Fiber Optic Cabling
Access Points
WAN Connection
8. Suggested Network Topology Extended Star Topology
Ease of Setup
Relatively Cheap to Implement
Provides Redundancy
9. Suggested LAN Implementation�Campus LAN
Can be implemented using a wide variety of vendor equipment.
Connects all buildings and floors to shared resources in a data center.
Data Center will be located in the administrative building.
This allows for local network management.
10. LAN Equipment Juniper EX4200 switches placed on each floor.
Juniper EX8200 switches to connect buildings in data center.
Cat-5 or Cat-6 cabling to connect switches to nodes.
Fiber Optic cabling to connect switches between floors.
11. Juniper EX4200 Switch Offers up to 48 10/100/1000BASE-T ports
Offers full or partial PoE
4 switches can be combined to work as 1
Switches do not have to be located together to connect as one
Virtual Chassis Technology allows connected switches to look as one on network
24 port:$2700 48 port:$6100
12. Juniper EX8200 Switch 3.2 Tbps Throughput
Allows up to 128 10 gigabit Ethernet ports
Come with redundant power supplies and cooling fans
64 port: $24,000 128 port: $32,000
13. WAN Connection� Choice depends on amount of data needing to be transferred.
Dedicated T1 offers 1.544 Mbps bandwidth.
Dedicated T3 offers 44.736 Mbps bandwidth.
T1:$550-$1200 per month
T3:$6000-$14,000 per month
Juniper M-Series routers to make LAN to WAN connection.
14. Juniper M-Series Routers Offers 320Gbps throughput
Offers connectivity options of 10mb to 10-Gigabit Ethernet
Runs on Junos network operating system software
M-10i:$10634
15. Network Security by Peter Kim
16. Network Security Security is a major component of a network.
Antivirus software is a huge security component for any network
After careful review of available antivirus software platforms, we have selected Trend Micro Enterprise Security suite.
17. Security Maintenance Maintenance for the antivirus protection will be provided by Trend Micro and further supported the schools dedicated IT staff
Trend Micro will provide general deployment planning support and provide assistance with diagnosing any compatibility issues that arise with regular use of their software.
The dedicated IT staff of the school will run compliance checks to make sure the entire schools computers are being protected with current and updated copies of Trend Micro.
18. Southern University’s Anti Virus Trend Micro Enterprise Security Suite gives the maximum threat protection over Southern University’s network.
The key features of the security suite provide virus, Trojan, spyware, root kit, bots, web treats, spam, phishing, and inappropriate content protection
The antivirus program will be installed on every computer and laptops owned by the university.
19. Trend Micro Enterprise Security Suite Advantages There are 8 advantages of Trend Micro:
Endpoint Protection: to prevent data loss and secures virtual desktops & Smart Protection Network which uses a cloud-based system added to the gateway and endpoint security. �
Datacenter Protection: to have deep security to protect the physical, virtual and cloud computing environments.�
Storage Protection: Securing storage servers & identity-based encryptions at the gateway and endpoint.�
Message Protection: stopping threats from propagating through the instant messaging system.
20. Trend Micro Enterprise Security Suite Advantages Web Protection: of real-time reporting on internet use.�
Share Point Protection: during share point collaboration.�
Network Security Over watch: which is enabled when the active infections has passed through the security infrastructure. �
Technical Support Services: Trend Micro gives you the premium technical support when needed.
21. Cost of Trend Micro Initial Cost is $22.80 per seat
Renewal cost is $11.88 seat per year
Estimated Price of Southern University:
4400 Licenses
1000 Extra Licenses�
Total Initial Cost: $ 123,120
Total Renewal Cost: $ 64,152
Total Estimated Price: $ 187,272
22. Data Backup and Disaster Recovery By Mikayla Farley
23. Software Backup Symantec Backup exec System Recovery
A recovery and backup program that helps backup files
This software is for a small business
Since we are putting computers in a University we believe this software will great to use
If use for 3 years maintenance with 25 License pack cost around 19,868.25
Per license cost 554.90-578.41
24. Symantec Backup Recovery A simple, cost-effective backup and recovery solution for Windows Server
Manages the backup and proactive data and system protection design
Easier for admin to use by central managing backup and recovery tasks for multiple servers across the business
25. Pros Helps minimize downtime and avoid disaster easily by recovering all folders to any remote locations
Backup automatically and offsite backup copy to FTP location
Replaces time-consuming manual and error-prone process
Reliable, fast, minimize downtime, and avoid disaster
26. More Pros Flexible restoration options
This software quickly and easily restores entire systems to hardware to dramatically reduce recovery times and save money on hardware
Enhanced exchange, SharePoint, and file/folder
This software recovery critical exchange mailboxes, folder, or messages with any associated attachments
Enhanced virtual support
This software has the power of virtualization for seamless physical-to-virtual and virtual-to-physical. An IT admin can set a schedule for having physical recovery points converted to virtual systems, enabling immediate recovery
27. More Pros Easy remote system recovery
Drivers can be manually added directed to the Symantec recovery disk files located in the boot volume subdirectory
Scalable centralized management
This software can centrally manage system backup and recovery operations for backup Exec System recovery
Manages up to 2,500 clients
28. More Pros Data Sheet (Data Protection)
Off-site copy operations can also be scheduled separately
Dedicated off-site support removes processing overhead from protected resources
29. EMC CLARiion CX4 Model 240 This is the hardware that we are going use for the data backup and recovery
Has a fully automated storage tiering, fast cache, flash drive, compression, and multicore processor
This hardware is the best-in-class performance for midrange network storage
This system scales seamlessly up to 231 TB of capacity
30. Features Fast
Storage tiering to lower cost and deliver higher service levels
Fast Cache(Extended cache capacities)
For accelerated system performance and auto absorption of unpredicted spikes in application workloads
Compression
Compress in active data and reclaim valuable storage capacity
31. Continue Features Virtualization(aware management)
Gain real-time, dynamic virtual environment with end-to-end mapping and report capabilities
Three-year enhance support
Gets unlimited online self-help, proactive support, software upgrades
Flash drive
Helps extend tiering capabilities by establishing a new tier 0 for ultra high performance
32. Remote Access – �Virtual Private Network by Christopher N. Brewer
33. Requirements Interoperability
Security
Price
Features
Reputation of Manufacturer
34. Virtual Private Network (VPN) “A private network that is like a tunnel through a larger network—such as the Internet, and enterprise network, or both—that is restricted to designated member clients only” (583). – Palmer
35. VPN (cont.) Benefits:
Extend geographic connectivity
Boost employee productivity
Improve Internet security
Easily scalable for infrastructure
Eeduces long-distance telecommunications costs.
36. VPN (cont.) Disadvantages:
Not understanding security issues
Not being able to predict the amount of Internet traffic
Receiving products from vendors
Not meeting the correct standards.
37. Secure Sockets Layer (SSL) VPN Does not require client software to be preinstalled on the user’s system in order to access the network or resources
No configuration is needed on the endpoint machine by a user or administrator
Available from any standard Web browser
38. SSL VPN (cont.) Operates on the application layer
Better control over user access
Auditing
Better tracking the system and its users
Supports 3-DES, 128-bit RC4, AES, MD5, and SHA-1 encryption technologies.
Better protection in the transportation of data.
39. SSL VPN Diagram
40. Juniper 6500 Primary Choice
Targeted for large enterprises
Works with most operating systems
Windows
Mac
Linux
Compatible with major mobile devices
iPhone
Windows Mobile
Symbian
Android
41. Juniper 6500 (cont.) Host Checker
Checks client’s computers before and during sessions for system and security requirements
Supports over 10,000 concurrent users on a single system.
Proven to work in university settings
University of UC Davis
42. Barracuda Model 880 Second Choice
Key Security Features
Support for Active Directory, LDAP, NIS, and built-in user databases
Policy-based rights management
Multi-layered authentication schemes
Web application URL masking
Client access controls based on operating system and Web browser version.
43. Barracuda Model 880 (cont.) Excellent graphical user interface.
Instant Replacement Service Plan
Replacement unit can be shipped the next business day and technical support offered 24 hours a day.
Maximum of 1,000 concurrent users.
44. SonicWALL’s Aventail E-Class SRA EX7000 Third Choice
End Point Control (EPC) Interrogation at Login and/or Administrator-defined Intervals.
The EPC Interrogation tests the endpoint devices wanting access to the VPN for the proper criteria.
Provides allow, deny, and quarantine zones to further ensure network security.
WorkPlace Portal
45. SonicWALL’s Aventail E-Class SRA EX7000 (cont.) Mobile applications
Connect Tunnel application
Ability to work with Windows, Mac, & Linux
Supports 50 to 2000 concurrent users
46. Acceptable Use & Application Assigned to Robert Gonzalez
To be completed by James Wes Adams if not received by Friday, Dec 3rd
47. Acceptable Use & Application portion to be inserted here
48. Vulnerability Assessment Plan by Thomas Robertson
49. What is a Vulnerability Assessment? A vulnerability assessment is a methodical evaluation of an organization’s IT weaknesses of infrastructure components and assets and how those weaknesses can be mitigated through security controls and recommendations to remediate exposure to risks, threats, and vulnerabilities
50. Why is a Vulnerability Assessment Important? Maintains Infrastructure Security of a medium to large network
Mitigates certain risks by proactively resolving security issues rather than reactively resolving security issues
Essential in proving the security of a network or system to auditors or other inspections
51. Items to consider in a effective VA The methods, tools, and techniques used in a vulnerability assessment program must be constantly updated in order to remain effective
The reports must be able to clearly and accurately convey security strengths and weaknesses of a network or system
52. When should a Assessments take place? Varies greatly depending on the size and complexity of an organization's network
Typically scheduled 2 to 4 times a year
Normally scheduled during non-peak hours
Periodic unannounced security audits should take place at least four times a year
53. What are the costs? Vulnerability Assessment is considered a 2nd or 3rd tier support function and should be part an organization’s senior IT support engineers responsibilities
A variety of tools exist to perform Vulnerability Assessments that start at a couple hundred dollars and range up to thousands of dollars
54. References Barracuda Model 880 http://www.barracudanetworks.com/ns/downloads/Datasheets/Barracuda_SSL_VPN_DS_US.pdf
Gallaher, Sean. (2010, July 15). Trend micro enterprise security suite. Retrieved from http://fedtechmagazine.com/article.asp?item_id=800
http://www.google.com/products/catalog?hl=en&safe=off&q=juniper+M-Series+router&cid=6508533089597932931&ei=TO_WTOyFA5XC2wSJprUi&sa=title&ved=0CAcQ8wIwADgA#p
http://www.google.com/products/catalog?q=Juniper+EX4200+ethernet&hl=en&cid=1869000788729432234&ei=UBrSTJi6LI-O2QSwsdwj&sa=title&ved=0CBYQ8wIwATgA#p
http://www.google.com/products/catalog?q=Juniper+EX4200+ethernet&hl=en&cid=7730423076648308227&ei=NxrSTNmyBY-02QTct40l&sa=title&ved=0CAcQ8wIwADgA#p
http://www.google.com/products/catalog?q=Juniper+EX8200+ethernet&hl=en&cid=13223582514296452946&ei=QxnSTM_0JJ2I3QSy37gn&sa=title&ved=0CBYQ8wIwATgA#p
http://www.google.com/products?q=128+port+Juniper+EX8200+ethernet&hl=en&aq=f
http://www.t1shopper.com/
Juniper 6500 http://www.juniper.net/us/en/products-services/security/sa-series/
Juniper Networks (January 2010) Retrieved from http://articles.techrepublic.com.com/5100- 10878_11-5033247.html on September 16, 2010.
Palmer, Michael. Hands-On Microsoft Windows Server 2008. Boston: Course Technology, 2009. Print.
SonicWALL’s Aventail E-Class SRA EX7000 http://www.sonicwall.com/us/products/12034.html
SSL VPN Diagram http://www.wifonic.in/cms/index.php/security-a-consultancy/vpn/ssl-vpn?lang
Trend Micro Enterprise Security Suite�http://us.trendmicro.com/us/products/enterprise/security-suite/index.html
