Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

1) Starbucks is opening up a new outlet in your neighborhood and is consulting w

ID: 3663531 • Letter: 1

Question

1) Starbucks is opening up a new outlet in your neighborhood and is consulting with you regarding their new network design. They need 12x staff computers, 1x server, 1x 802.11ac WIFI and 2x printers for internal use. They would also like to have 4x 802.11ac WIFI for their customers to enjoy their coffee while being able to access the Internet. Starbucks wants you to design a SECURE , RELIABLE & EXPANDABLE network for their new outlet.

2) You are in charge of an IT convention. The event organizers are expecting a group of students to come compete at a College IT security design competition. There will be students from ASU, BSU, CSU, DSU, ESU, FSU, GSU, HSU, ISU and JSU. Below are the estimated students that will represent each of the colleges. ASU: 4x students, BSU: 5x students, CSU: 7x students, DSU: 10x students, ESU: 6x students, FSU: 10x students, GSU: 5x students, HSU: 5x students, ISU: 9x students JSU:5x students. The organizer expect each student to bring their own laptop that needed to be connected to their team’s network as well as the Internet. They also asked you to spare a few extra IP addresses just in case student and teacher will need extra nodes during the competition. LABEL THE MINIMUM AMOUNT OF PORTS THAT YOUR SWITCH WOULD NEED IN ORDER TO SUPPORT THIS IT CONVENTION.

Explanation / Answer

With network security becoming such a hot topic, you may have come under the microscope about your firewall and network security configuration.
You may have even been assigned to implement or reassess a firewall design.
In either case, you need to be familiar with the most common firewall configurations and how they can increase security
Setting up a firewall security strategy
At its most basic level, a firewall is some sort of hardware or software that filters traffic between your company’s network and the Internet. With the large number of hackers roaming the Internet today and the ease of downloading hacking tools, every network should have a security policy that includes a firewall design.

If your manager is pressuring you to make sure that you have a strong firewall in place and to generally beef up network security, what is your next move? Your strategy should be twofold:
•Examine your network and take account of existing security mechanisms (routers with access lists, intrusion detection, etc.) as part of a firewall and security plan.
•Make sure that you have a dedicated firewall solution by purchasing new equipment and/or software or upgrading your current systems.

Keep in mind that a good firewall topology involves more than simply filtering network traffic. It should include:
•A solid security policy.
•Traffic checkpoints.
•Activity logging.
•Limiting exposure to your internal network.

Firewall terminology
Before we look at specific firewall designs, let's run through some basic firewall terminology you should become familiar with:
•Gateway—A gateway is usually a computer that acts as a connector from a private network to another network, usually the Internet or a WAN link. A firewall gateway can transmit information from the internal network to that Internet in addition to defining what should and should not be able to pass between the internal network and the Internet.
•Network Address Translation (NAT)—NAT hides the internal addresses from the external network (Internet) or outside world. If your firewall is using NAT, all internal addresses are translated to public IP addresses when leaving the internal network, thus concealing their original identity.
•Proxy servers—A proxy server replaces the network's IP address and effectively hides the actual IP address from the rest of the Internet. Examples of proxy servers include Web proxies, circuit level gateways, and application level gateways.
•Packet filtering firewall—This is a simple firewall solution that is usually implemented on routers that filter packets. The headers of network packets are inspected when going through the firewall. Depending on your rules, the packet is either accepted or denied. Because most routers can filter packets, this is an easy way to quickly configure firewall rules to accept or deny packets. However, it's difficult for a packet filtering firewall to differentiate between a benign packet and a malicious packet.
•Screening routers—This is a packet filtering router that contains two network interface cards. The router connects two networks and performs packet filtering to control traffic between the networks. Security administrators configure rules to define how packet filtering is done. This type of router is also known as an outside router or border router.
•Application level gateway—This type of gateway allows the network administrator to configure a more complex policy than a packet filtering router. It uses a specialized program for each type of application or service that needs to pass through the firewall.
•Bastion host—A bastion host is a secured computer that allows an untrusted network (such as the Internet) access to a trusted network (your internal network). It is typically placed between the two networks and is often referred to as an application level gateway.
•Demilitarized zone (DMZ)—A DMZ sits between your internal network and the outside world, and it's the best place to put your public servers. Examples of systems to place on a DMZ include Web servers and FTP servers.

The below topology is used to design a network that is secured, reliable for the competition and isolate every college team into their own subnet.

Demilitarized zone (DMZ) topology
A DMZ is the most common and secure firewall topology. It is often referred to as a screened subnet. A DMZ creates a secure space between your Internet and your network

A DMZ topology

A DMZ will typically contain the following:
•Web server
•Mail server
•Application gateway
•E-commerce systems (It should contain only your front-end systems. Your back-end systems should be on your internal network.)

A DMZ is considered very secure because it supports network- and application-level security in addition to providing a secure place to host your public servers. A bastion host (proxy), modem pools, and all public servers are placed in the DMZ.


List of all subnets,All usable IP address range per subnet

ASU: 195.123.0.0
BSU: 195.123.0.0
CSU: 195.123.2.0
DSU: 195.123.3.0
ESU: 195.123.3.0
FSU: 195.123.3.0
GSU: 195.123.0.0
HSU: 195.123.0.0
ISU: 195.123.3.0
JSU: 195.123.3.0

The usable IP address range is in between 128-191.

Classless Inter-Domain Routing, an IP addressing scheme that replaces the older system based on classes A, B, and C.
And the given IP addressing is basesd on class B.

And list of all Subnet's Broadcast addresses are as follows,

ASU: 195.123.15.255
BSU: 195.123.7.255
CSU: 195.123.3.255
DSU: 195.123.3.63
ESU: 195.123.3.255
FSU: 195.123.3.63
GSU: 195.123.7.255
HSU: 195.123.7.255
ISU: 195.123.3.127
JSU: 195.123.7.255

Related Questions

1) Show that if G has two edge-disjoint spanning trees, then it has a spanning E
Question #2972416
1) Show the assembler instrctions equivalent to the following. a. $t0 = 1 - $t2
Question #3547275
1) Show the contents of the id array after each union operation when you use the
Question #3561490
1) Show the effect each instruction has on the N, Z, V, and C flags in the progr
Question #3595354
1) Show the output produced by the following: A: int x = 2, y=2; if( x++>2 || ++
Question #3774556
1) Show your understanding of the economics and competitive forces of telecom in
Question #1229794
1) Shown below are five different phases of the Moon (A-E) as seen by an observe
Question #286035
1) Si el inventario inicial es de $60,000, el costo de los bienes comprados es $
Question #2489379

Navigate

Previous
1) Standard costs for company products are typically used for all except which o
Next
1) Start the Simple SQL app and load the two example tables: People and Citylnfo

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.