A Network Proposal of Rocky Mountain Corporation

When the time comes to make changes to the capabilities of network in an organization the networking experts are tasked with assessment of networking design proposals that are aimed at delivering the most cost-effective and suitable solutions (Gerszberg et al, 2016). The networking experts must make certain that they are not overlooking any possible essential factors. In case the networking engineer is not aware of what they are looking for from the prospective provider, the process may become frustrating and complicated and might create outcomes that are unexpected. A network upgrading budget is likely to affect the overall budget and the operations of the organization (Gerszberg et al, 2016). Therefore, it is important to consider all the necessary components to ensure a smooth undertaking with a service provider that is fully equipped to meet the needs of the requirements of the organization. Therefore, this paper intends to write a network proposal of Rocky Mountain Corporation that has shifted to a new building that was previously set up for local area network (LAN).

Section 1

Topology and Network Devices

A wireless network that utilizes high-frequency radio waves instead of wires to communicate between the nodes is a good alternative for business networking (Jacobson et al, 2016). RMC can use this preference to modify the present wired network. Wireless enables the devices to be shared deprived of networking cable, and this escalates mobility but cuts the range. There are two types of wireless networks which includes peer-to-peer or and infrastructure. Peer to peer wireless entails various workstations each having a wireless networking interface card (Jacobson et al, 2016). Every computer can connect unswervingly with all the other workstations that are wireless permitted. They can share files as well as printers in this manner, however; they are not able to share resources in the wired LAN lest one of the PCs is acting as a link to the wired LAN and has distinct software (Jacobson et al, 2016).

Star topology will be the most suitable for the organization since it enables point to point architecture whereby individual wireless devices communicate directly with a central gateway or hub (Nair et al, 2015). The devices in this type of topology do not communicate with each other, but the communication is done within a precise gateway. The gateway conveys information to a central assortment point such as switch room either directly or by connection to an extra network. The gateway also gets data from the focal point and relays to devices that are appropriate (Nair et al, 2015). The direct wireless connection makes the star topology applicable for lower power application because they can use less amount of power compared to other topologies (Nair et al, 2015).

Internal and External Components

Network Interface Cards (NIC) is integrated in the motherboard in most computers. If the component that is integrated fails or slow, another NIC card can be added to the PCI slot in the desktop computers, CardBus PC or the Express Card on the laptop computers. Network adapters have a unique address that is coded into their firmware. The address is referred to as the MAC address. The data link layer uses the address to identify other systems that are present on the network (Tomici et al, 2016).

The next devices that are required are hub or a switch. A hub connects the computers and other devices such as printer in a given network. Hubs are used for star topology alongside other configurations to make it easy to add or remove computers without tampering with the network. A switch is alike to a hub facilitates the linking of several workstations, access points and other gadgets that are enabled. The variance between a hub and a switch is that a hub does not filter the data that passes through, but a switch does. Both the hub and switch have been modified and are capable of providing a wireless networks (Tomici et al, 2016).

Print server is also another important component as it used to link printers to a network to facilitate network printing. The server is likely to act as a link through storing and printing the messaging in order of the backlog. The device can decrease the price of the networking process since every individual can use the same printer without necessarily attaching a printer to each computer (Tomici et al, 2016).

A router must also be available among the required components. The router routes the information from one network to an additional. A router is linked to two or more systems or a system and its ISP’s network. A router enables everybody on the grid to access the internet hence making it a very vital component in the installation process (Tomici et al, 2016).

Cryptography Methods

The methods are put in place to attain the necessities of integrity and confidentiality in systems (Stallings, 2017). But due to the reason that sensor nodes are partial in their memory and computational competences, the customary cryptographic practices cannot be moved without acclimatizing them. The first type of encryption is symmetric encryption that customs a single secret key for equally encryption and decryption. The key must be kept undisclosed in the network. Keeping such a key secret can be daunting in an environment that is exposed (Stallings, 2017). Symmetric key algorithms are much quicker computationally compared to asymmetric algorithms since the procedure is less complex.

Therefore the company can to a lesser extent use this method of encryption to maintain its network security. Even though this method is simpler and easy to use, it has a range of setbacks and the main one being the possibility of sharing the key (Stallings, 2017). Therefore, asymmetric cryptography is the suitable method that the company should embrace. The method uses two keys that are related which are private and public for encryption and decryption of data, and this takes away the danger of allocation of the key. Private Key refers to the communication that is encrypted by using the public key and can be decrypted by only using a similar algorithm and a similar matching key (Stallings, 2017).

LAN Protocols

Ethernet protocol willl be used in the organization due to its versatility and simplicty. The protocol can be implemented quickly with little knowledge of the protocol. Asynchronous Transfer Mode (ATM) is also a protocol that will be used in the LAN since it is reliable. The protocol has the capacity to handle video and voice more efficiently compared to other protocols (Al-Fuqaha et al, 2015).

File Sharing

The first file sharing option is to set up a workgroup to enable file access and sharing among the users of computer in the LAN. The process involves just enabling an operating system to share files across all the computers in an organization. And that would certainly work if there is a server in place as the server enables the sharing of large files within the corporation (Jacobson et al, 2016).

LAN Access

A LAN can be accessed remotely by setting up a VPN bridge within a LAN. The method works by allowing computers on a local network to access the VPN over the bridge that has been set up on the local network. With that, the remote computers are able to access LAN over the VPN from remote locations. The internal users within the organization only need to have the IP address of the server to access the network (Jacobson et al, 2016).

Budget Estimation

Network Equipment

Quantity

Cost/Unit

Total Cost

Wireless Access points

Mounting brackets

Bridge

NIC UTP ports

Cat-five cables

Wireless switch

Fibre Optic cable

50

50

7

250

8000meters

2

700 meters

$429

$45

$3400

$70

$2

$2000

$2

$21450

$2250

$23800

$17500

$16000

$4000

$1400

Connection Fee for Internet Service Provider

File Server

Firewall

11

4

$9000

$5000

$99000

$20000

Estimated Extra Costs for Additional Equipment and Systems

$30000

Total Estimated Budget

$235400

Section 2

IP Infrastructure

The IP address of a computer acts as a unique identifier in a network of a range of devices. The device can be a router, PC or sometimes an IP phone (Al-Fuqaha et al, 2015). The address is used in the transferal of data to the diverse devices over a network working protocol system. ZZZ can denote the fundamental structure for an IP address.ZZZ.ZZZ.ZZZ where every Z can be any number that ranges from 0 to 255. Every part is stored in 8 bits. There are two types of IP structures which include static IP and DHCP. Static IP addressing is allocated manually and has to be given out cautiously so that every gadget has its address hence avoiding an overlay (Al-Fuqaha et al, 2015). When a new device is connected, one needs to manually choose the configuration option and key in the IP address, the default gateway, the subnet mask and the DNS servers.

The type of IP addressing may be complicated to individuals who have no basic knowledge in networking or computing hence a disadvantage to some extent for an organization that has workers from different backgrounds and professions. DHCP takes away the entire manual configuration in the IP addressing. The device such as router or a gateway device is designed in such a way that it can offer DHCP by default as a service on a given network platform (Al-Fuqaha et al, 2015). When DHCP is allowed, a new gadget that is linked to the network will ask the DHCP server for an address, and the server will assign one from its settings. The server trails down which addresses are allocated and the ones that are existing and keeps a record of the addresses that have been allocated to a range of gadgets. Through this, the addresses are not able to conflict with each other. However, it is important to note that if a device goes disconnected, when it connects back, it may not have the same IP address that it had previously (Al-Fuqaha et al, 2015).

DHCP offers a plug and play system, but it can come at a price since there is minimum regulation (Jorgensen, 2017). Therefore, one is not able to count on a specific device that has a particular address if there is a networking challenge that necessitates this. Because the technology affiliated with DHCP is more or less sophisticated, the risk is that one could plant a DHCP server that is unauthorized which could direct traffic to a different router that is under control of someone else. The network can, therefore, be hacked for the malicious purposes (Jorgensen, 2017). The other point to note is that since the DHCP makes it easy to add other clients into the network, there is a possibility that the network could be joined without categorical consent.

The concern can be contained by compelling the DHCP network to necessitate the verification when adding a new gadget but that will defeat the drive of DHCP in the first place (Jorgensen, 2017). The IP addressing can be potentially dangerous if it is combined with a wireless network that is unprotected. Therefore, a dynamic addressing or mixed addressing is essential for the corporation as long as all wireless networks are protected and no malicious individuals can gain entree to the set-up (Jorgensen, 2017).

Providing a wireless access to users who are in remote location may be challenging since there is a possibility that an attacker might divert the data as it voyages between the intranet and the distant user (Ravindran & Wang, 2015). The attacker might also make a remote access that is unauthorized by successfully impersonating a remote access user that is legitimate. Another possibility is that the attacker can gain a direct contact to data that is kept within the computers within the intranet of the organization. Therefore, it is advisable to provide a resolution that aids the remote users to effortlessly and safely link to the network of the organization (Ravindran & Wang, 2015). The solution for this is to configure an Internet Authentication Service (IAS) that offers wireless access to devices such as laptops and mobile phones. By adding the IAS, there is a centralized authentication connection that is added to the network as well as approval and accountability to the system.

The IAS server enables one to use server to observe connection tries, administer policies and assess logs. Besides, using Active Directory can assist regulate which users can access the intranet, and this reduces the possibility that an attacker can gain entree to the organizational network through impersonation of a user (Ravindran & Wang, 2015). By restraining connections to a solitary tunnelling protocol, the various means that an attacker might access the network is reduced as well as the unauthorized individual can read the remote access traffic. The most protected way to connect remotely is by use of L2TP which is a standardized internet tunnelling protocol (Ravindran & Wang, 2015).

Section 3

Security

Different users require different levels of access to the internet. Resources within an organization also have different levels of classification which might include internal use only, private, public and confidential (Dumbre et al, 2014). To address the issue of security in a network, several access control criteria must be put into consideration. The criteria include roles, location, groups, time and type of transaction. The criteria go hand in hand with access control practices that are put in place to protect a given network. Examples of practices is that the default password settings on accounts must be replaced and ensure that system features and services that are unwanted are disabled (Dumbre et al, 2014).

Denial of access to systems by users that are undefined and anonymous accounts must be maintained at all times. Moreover, the global access rules must be limited and monitored at all times. Most importantly it is advisable to review system, and user events and actions and audit reports occasionally without forgetting the protection of the audit logs. The practices must be reinforced by the security principles which include authorization, authentication, identification, fundamental principles and non-repudiation (Dumbre et al, 2014).

When using identification, each value must be unique to enable the user liability. A typical naming system should be embraced, and the values must not describe the location of the user or undertaking (Perlman et al, 2016). The values must also not be shared by the users. On authentication principle, three factors for authenticating a subject must be available. The factors include something that a person knows such as passwords and pin, something a person is such as the biometrics and something that a person has such as access cards. Biometrics is an example of authentication principle that is applicable in many instances (Perlman et al, 2016). However, the organization can embrace keyboard dynamics that relies on electrical signals that are produced when the user types in the keyboard.

The organization can also deploy the use of passwords which is the most common form of system authentication and identification mechanism. A password is a protected string of characters that are put in place to authenticate an individual (Perlman et al, 2016). After having a password in place, a password must be managed through proper update and must also be kept secret to offer effective security. Passwords must be complicated since password generators can be used to generate passwords that are not complicated. If the user decides to use his password, the system must enforce certain password requirements like insisting to use special characters and case sensitivity (Perlman et al, 2016).

A network can be protected from malware and other malicious acts through implementation of a two-factor authentication. The process makes it difficult for the hackers to break into the account by a brute force (Jorgensen, 2017). Hackers are forced to have two sets of credentials instead of one and the second code is sent directly to the user. The code could be an alternative email address, a text message, or a phone call. Even if the hacker manages to steal the password of a user, they will not be able to access the accounts unless they have access to the actual device that the secondary credentials have been sent to the user.

The other approach is to review ones login history to see how many current sessions one has open with whatever application they are using (Jorgensen, 2017). For instance, Google account gives one the opportunity to see the latest logins, the type of device they are on and so much more. It is also possible to see the geographical location of the login. So if some strange activities are going on, it is highly recommended that the passwords must be changed. The corporation should take advantage of the firewall and antivirus solutions because they concentrate on keeping threats Out of the system and identification of the existing threats that have been quarantined. The solutions need to be enterprise level to make certain that they are powerful enough to protect the organization from all types of threats. Finally, the systems must be kept up to date, and that necessitates keeping an eye on the current system as well as application of patches and security updates (Jorgensen, 2017).

Conclusion

Network is a very essential element in an organization as it ensures that things run smoothly and speedily to the satisfaction of the customers. By having hands-on tools in place and a serious team to conduct the installation and maintenance, the company is likely to get return on investment on a well-managed network. However, the management process of a network is not easy given that there are various security threats in place. It is the task of the information technology department in the organization to continuous does follow up of the system to ensure that attackers are kept at bay within the network and the user given ample time to access the network. By observing the following approaches, Rocky Mountain Corporation is likely to have one of the best networks which will promote organizational productivity.

References

Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., & Ayyash, M. (2015). Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys & Tutorials, 17(4), 2347-2376.

Dumbre, M. T. M., Jaid, M. S. D., & Dnyaneshwar, M. P. (2014). Network Security and Cryptography. In National Conference “MOMENTUM (Vol. 17, p. 14).

Gerszberg, I., Barzegar, F., Henry, P. S., Bennett, R., Barnickel, D. J., & Willis III, T. M. (2016). U.S. Patent Application No. 14/548,456.

Jorgensen, J. W. (2017). U.S. Patent No. 9,712,289. Washington, DC: U.S. Patent and Trademark Office.

Jacobson, V., Alaettinoglu, C., & Kuan, C. C. (2016). U.S. Patent Application No. 14/931,159.

Nair, A., Chetty, M., & Wangikar, P. P. (2015). Improving gene regulatory network inference using network topology information. Molecular BioSystems, 11(9), 2449-2463.

Perlman, R., Kaufman, C., & Speciner, M. (2016). Network security: private communication in a public world. Pearson Education India.

Ravindran, R., & Wang, G. Q. (2015). U.S. Patent No. 9,049,251. Washington, DC: U.S. Patent and Trademark Office.

Stallings, W. (2017). Cryptography and network security: principles and practice (p. 743). Upper Saddle River, NJ: Pearson.

Tomici, J. L., Chitrapu, P. R., Reznik, A., Lopez-Torres, O., Ye, C., Patel, M., & Livet, C. (2016). U.S. Patent No. 9,473,986. Washington, DC: U.S. Patent and Trademark Office.