Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

You purchased a 2 story building and aspired to turn it into office spaces for l

ID: 669782 • Letter: Y

Question

You purchased a 2 story building and aspired to turn it into office spaces for lease. Floor 1 has 16 office spaces and Floor 2 has 10. Your business strategy is to lease each space to a different small business. You plan to wire each office space with 8x ports and 2x 802.lln AP per floor for public use. For liability sake, you also need to keep each office's network independent of each other, so security compromises will be minimum. You also plan to allow Internet Access to all of the tenants. You received the following IP Address from your ISP; 200.53.12.0 Design a network that is secured, reliable for your new office and list All Subnets, All Usable IP address range per subnet, the CIDR, the network's Subnet Mask and All Subnet Network ID and All Subnet's Broadcast addresses.

Explanation / Answer

1)In order to design and build a well-secured network, many factors must be taken into consideration, such as the topology and placement of hosts within the network, the selection of hardware and software technologies, and the careful practices suggested by security experts. I will discuss securing rights a LAN from the viewpoint of the network architect considering three main areas: the network topology which comprises the physical and logical design of the network;
configuration of each component.
*My paper will be an examination of some of the issues in designing a secure Local Area Network (LAN) and some of the best securing the routers and switches which connect segments and hosts to form the full  
network; and, finally, some of the emerging and advanced techniques in network security will be examined.  

2)Initial Assumptions and Challenges          
          
My goal is to examine some of the security issues commonly found in the small  
to medium sized LAN set up for a businessAuthoror other institution, and to identify some of the best practices from the perspective of the network designer. While no two networks are exactly alike, some of the typical challenges faced by the network designer include the following:

• Securing Internet facing web, DNS and mail servers
• Containing damage from compromised systems, and preventing internally launched attacks
• Securing sensitive and mission critical internal resources such financial records, customer databases, trade secrets, etc.
• Building a framework for administrators to securely manage the network Institute          
• Providing systems for logging and intrusion detection  
  
Before beginning the design process, a security policy should be put in place, or updated to© accurately reflect the goals of the company.

3)Topology and Architecture          
          
A critical step in designing our network is defining the network topology.The located.
We will need to provide connectivity retains to the servers which comprise our intranet, to the Internet, and possibly to other company locations or business
topology is the physical and logical layout of the network.
On the physical side,we will need to provide distribution to the offices or buildings where the users are partners, remote users connecting via telephone lines, etc.
The logical topology must be considered as well. It is bound Author to some degree by the physical topology, but with technologies such as Virtual LANs (VLANs) and Virtual Private Networks
(VPNs) there is considerable flexibility in designing the logical topology.
The basic design illustrates,connection to the Internet with a border router and firewall, and our public extranet servers which are connected to a third interface on the firewall.
The firewall is one of four connections to a core router connections to our core Institute router are the floor or building switches which provide connectivity to the different departments and our intranet servers.
or, if higher performance is required, a layer 3 switch


4)Securing Routers and Switches

Now that the topology has been defined, let's take a look at building security into our network elements and configurations.
Our design calls for segmenting the network into subnets based on function and, possibly, location.
By implementing routing at the at the network core, our segments are isolated into individual broadcast domains.
This improves performance and also improves security by preventing sniffing or arp based attacks between segments.
Within each subnet the hosts are connected to an Ethernet switch.
A switch provides high performance by putting each host in its own collision domain, and enhances security by making sniffing and arp based attacks difficult.
A hub is a less expensive alternative to a switch for layer 2 connectivity, though it is less desirable both from a performance and a security standpoint.
Within each subnet the hosts are connected to an Ethernet switch.
A switch provides high performance by putting each host in its own collision domain, and enhances security by making sniffing and arp based attacks difficult.
A hub is a less expensive alternative to a switch for layer 2 connectivity, though it is less desirable both from a performance and a security standpoint.

5)Layer 3 Design rights

Our layer 3 design is quite simple, with a central core router connecting the different production and management networks.
Because we have mapped out our trust model and security policies, we can use access lists at layer 3 to implement our security policy.
For traffic coming into a subnet, we will permit only appropriate incoming packets, based on the policy of that subnet.
Similarly,we will filter outbound traffic to eliminate spoofing and minimize any malicious or rights illegitimate activities.

6)Layer 2 Design rights  
      
In previous sections, we have described about layer 3 design rights via hardening the routersfullthemselves.
We must now address threats that exist at layer 2 and continue to enforce our security policy in the layer 2 design.
One question we will want to consider is how toretainsmaximize the security of the switch ports themselves.
If an attacker controlled a host on one of our VLANs,could she jump to another VLAN and gain access to a more sensitive VLAN?

What about the possibilities of a misconfiguration providing undesired access to an intruder?
To achieve the highest level of security we would configure only
one VLAN per switch. 6 This would minimize the chance of an attacker jumping
VLANs and reduce the chance of misconfiguration.


7)Advanced Technologies

So far, we have discussed the physical and logical topology of our LAN, and techniques for building security into the layer 3 and layer 2 design.
There is still much that we can do to make our network design more secure.

Related Questions

You purchase a 3-year $10,000 corporate bond with a coupon rate of 4% in June of
Question #2689149
You purchase a Treasury-bond futures contract with an initial margin requirement
Question #2653415
You purchase a Treasury-bond futures contract with an initial margin requirement
Question #2705496
You purchase a Treasury-bond futures contract with an initial margin requirement
Question #2705497
You purchase a Treasury-bond futures contract with an initial margin requirement
Question #2718554
You purchase a boat for $35,000 and pay $5,000 down. You also agree to pay the r
Question #2689870
You purchase a bond for $875. It pays $80 a year (that is, the semiannual coupon
Question #2704441
You purchase a bond that has no maturity date. The bond has an annual coupon pay
Question #1169483
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
You purchased a $1,000 par with T-bill 173 days to maturity for $956.06. You the
Next
You purchased a Wal-Mart bond at par value of $10,000 few years ago with a coupo

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.