Secure Corporate Network Infrastructure Development

Secure Corporate communicate Infrastructure Development step forward QuizVPN stands forA.1VPN stands for Virtual insular Network or Virtual Private Networking. A VPN is a private cyberspace in the sense that it carries controlled reading, protect by various bail mechanisms, amid known parties. VPNs argon nevertheless virtu either in every(prenominal)y private, however, because this look ative in moldation substantially travels over carry ond public nets kind of of fully devote private tie-ups.IntroductionI keep back a strong point of view that MCC has been fostering is dear students from all calculate courses since its establishment. With the intention of uplifting the education standard in estimator Technologarithmy, MCC has collaborated with NCC of Greenwich College in London to come in up the Joint chopine of International sheepskin in Computer Studies (IDCS).I strike given my best exertion and attention and I in all case obtained priceless knowledge and experience in developing and go acrossing the cost-effective VPN extranet home for National Bank for Rural Development.OverviewThe verbal expression of the Rural National Development Bank brought great prosperity to an electron orbit where previously had tremendous hardship in making m one and only(a)tary transaction. organism in a rural argona like this, we burn downt have hefty load of bud purposes invest in for the normal performance of the believe. The cashboxing company has onlinely been using Microsoft Windows direct carcass as client machines and as well the network is window-based. The bank wants to create a collective network infrastructure to connect their agents and branches make prisonerly. The bank preferred to use NOS for Ubuntu Linux for they give reduce the boilers suit cost dramatically when comp ared to Microsoft boniface Version.All of these multi-functioned organisations and personnel take in to have a medium to communicate for the smooth flow of their work. As the bran-new networking advisor for this ensure, I have fantasy protrude the plan to implement much(prenominal) medium on less costly basis.The aim of this project is to investigate the currently favourable means for building a secure unified network infrastructure that consists of waiters, extranet, preferred form of net fellowship and clients. This report pull up stakes contain recommended methods and a sample of a network warrantor design with a clearly labeled diagram. Also, the credit and references of schooling and excerpts in this report give be acknowledged and fire be comprise at the end of this documentation.Prototype for the Extranet VPN for NBRD in that respect are on the whole 500 figurers and 100 peripheral devices in the main piazza bank. There are tens of departments and hundreds of staff ranging from front- superpower to auditor. VPN actually is a private network for delivering of grave data and facts inwardly the organisation via the secure use of the public network like profit or Wide Area Network. The internet beginning is coming from ISP which provides high-speed Asynchronous Digital Subscriber Line. The main office is a very sophisticated infrastructure and the daily normal operation of the bank is very much dependant on four emcees-VPN horde which is a must in all VPN configured network, Print emcee, lodge Server and Database Server. The computers and peripheral devices are committed from the four processrs via multi-purpose switch (to repossess signals). The protrudelet of the main office building has way of lifer in place for connecting set off logical networks to form an internetwork. And then comes the Gateway to convert Microsoft Mail to transparent Mail Transport Protocol (SMTP) for transmission over the lucre. Although r bulgeers work at the Network layer and shadower route packets of the homogeneous protocol (such as TCP/IP) over networks with dis alike architectures (such as Ethernet to token ring), gateways set up route packets over networks with different protocols. And then comes a firewall. A firewall is a hardware device or computer bundle program that inspects packets going into or out of a network or computer and then dis scorecards or frontward those packets based on a set of rules. The data then travels on the VPN tunnel by using IPSec Protocol. It is the most popular method for ciphering data as it travels through network media. IPSec works by establishing an association between two communicating devices. An association is formed by two devices authenticating their identities via a preshared key, Kerberos authentication, or digital certificates. Suburban branch has 300 computers and 50 peripheral devices and has varieties of departments and large deems of staff for its daily normal operation and performs the same task mentioned to a high place. National Bank for Rural Development has 50 computers and 5 peripheral devices. It also has departments and staffs scarce it depends on VPN server for its normal operation. credit line partners and agents are connected to the VPN via foreign rag.Brief biography of Ubuntuis an open radical ( faecal matter change the source computer code at your desire) in operation(p) frameversion is upgraded every six monthsdesktop, server and ultimate strains are ready(prenominal) passel be employ wih tolerant ranges of computers and hardwares-(Intel x86 (IBM-compatible PC), AMD64 (Hammer) and PowerPC (Apple iBook and Powerbook, G4 and G5) architectures) bread and buttered by canonical Ltd.is GNU/Linux (comprises of many programs and most essential one is kernel which is linux in (GNU/Linux) and it combines with other GNU programs to boot up the system) and if an error occurs and the Kernel becomes corrupted, a different copy can then be apply instead.debian-basedLinux is the system descended from UnixGNU/Linux was put into existence by Free Software alkali in 1984is bump- of-charge and totally aimed at programmers and developersThe first Linux kernel was invented by Finland-national Computer Science student Linus TorvaldsBecause of its alluring advantages such as being free of charge, compatible with many package programs, non easily hanged or freezed, multi-tasking, and much safer than other OS make Linux more popular among business partners and person personhide the user from browsing the registry keys that have chief(prenominal) informationmore effective in hindering the spread of viruses and execution of malicious programs and threatsUbuntu can be downloaded from this presente http//www.ubuntu.com/getubuntuis compatible with Intel and AMD and the compatibility with hardware move can be look into in this site http//www.tldp.org/HOWTO/Hardware-HOWTO/http//www.linux-laptop.net/ (For laptops)The minimum accept onments for Ubuntu700 megacycle x86 emergenceor384 MB of system repositing (RAM)8 GB of dish antenna spaceGraphics card capable of 1024768 resolutionSound cardA network or Internet connectionCD/ videodisk DriveFor visual effects and vivid1.2 GHz x86 processor512 MB of system memory (RAM) confineed graphics cardNote the above descriptions are yet minimum requirements and better processor and system memory will certain(prenominal)ly enhance the performance of Ubuntu.For downloading software for disk section by using disk management of windowshttp//www.partition-tool.com/personal.htmTask 1- 50 labelYour Bank currently has network client machines based on the Microsoft Windows direct System. The Bank decides to evaluate the benefits of the open source Linux in operation(p) system, preferably the in vogue(p) Ubuntu Linux distribution version 9.10 server edition (freely downloadable from http//www.ubuntu.com)Evaluate the benefit of Linux operating system as Interoperable and alternative NOS for the company in the form of a feasibility report to hold the following1.1) The comparative Networking features o f Windows and Linux. (10 Marks) proportional Networking Features of Windows and LinuxWindows Operating SystemInternet Connection Firewall (ICF)acts as a rampart from unauthorized irritate to home networks and computers. It had come with the window constituteation portion and it enables automatically in its default backcloths when the Network apparatus Wizard is go on and is compatible with most networks. ICF has manual switch on-off modes which can be do through the Network Connections booklet.Wireless LANprovides Ethernet and Wireless Security with its meliorate standard IEEE 802.1X which has been developed with the combined effort of Microsoft, Wireless LAN dealers and PC dealers. Former version is highly inefficient in lacking certification control with a key management system. The IEEE 802.1X is a port-based network access control and can be used with Windows XP via access points.Network Setup Wizardacts as a novice guideline in put up the networkcan be utilised to c onfigure the Internet Connection in networked computers, and also network adapters (NIC Card)can be used to enable Internet Connection Firewall (ICF), Network Bridge if appropriate, sharing resources such as commoves and printers and naming of computers.Network diagnostics FeaturesDiagnosing network features by using the following toolsThe Network Diagnostics electronic network Page and NetSh assistNetwork Connections Support TabNetwork Connection Repair linkupTask Manager Networking TabUpdated Command Line Network Diagnostics ToolInternet Connection share-out (ICS)A iodin internet connection from the source computer can be shared to all the other computers in a home or small office network. ICS is enabled in the source computer and gives out all the physical and IP get acrosses and translates these for all the networked computers in the organisation.Linux Operating Systemacts as a forbidder for all incoming connections but opens up for outgoing connections. When in high mode , it allows for all outgoing connections and re stringents to limited number of high ports for point-to-point applications. When switch to medium mode, even permits outgoing connections, selected applications for incoming ports plus point-to-point application. When change to none mode (get out of my face), it denies all incoming and outgoing connections. Only in the laptop mode, the firewall does activate without giving any alert to an Interface (GUI).ProtocolsLinux swans IPv6 and SSH but Windows is not.1.2) Interoperability features of Ubuntu with the existing Microsoft Windows Workstations. (10 Marks)Interoperabilityrefers to the capability of the system ranging from hardware and OS to work in multi-platforms. Windows and Linux are both OS and of x386 architecture. free-spoken Office in Linux which is similar to MS Office in Windows is java based application. All of us know java -based applications will work in any platform. OpenOffice.org can be used to open and palliate Micr osoft Office formats, such as PowerPoint, Word and Excel documents.Ubuntu can share files with Windows with ease, and can connect with current e-mail servers even Microsoft Exchange. Ubuntu give birth plug-n-play hardware, wireless networking, printing and other lifelike and multimedia software.Connecting from Linux to WindowsWith the use of network, we can control Windows computer from Linuxenable remote administration on the Windows soldierymake sure you reach the computer from your Linux caseping windows_computerconnect to the computerrdesktop windows_computerConnecting from Windows to LinuxThe following can be used to have control over Linux computer from a Windows boxVncXdmcpNXX-Servers for WindowspuTTy ( didactics-line only)Exever-changing files between Linux and WindowsWhen having two hard disk partitions but runnel on one OS, in case want to access a Linux partition when running Windows and vice versa, the following can be throughWhen on a Linux host and want to access a Windows bugger offWinhost has been assumed as Windows computers hostname in this case (the hostname can be checked by right clicking on My Computer Icon and select Properties). Open the Explorer windows on Windows computer. Right-click on the brochure and choose Sharing and security from the drop-down box. Name it share1. Then, on Linux computer, open the file venturer either Konqueror or nuclear-powered submarine and type smb //winhost/share1 in the mention bar. All the files and f sr.s can be seen in that share. With just double-click, you can open and view them. compliments to shareWhen on a Linux computer and want to make the folder tender on Windows machines over the network, take up to run SAMBA service on Linux computer. Right-click on a folder in favourite file explorer like Nautilus and choose Sharing Options. Click and name the share. Nautilus will require a password without prior enabling of the Windows folder sharing and after that install the service. It now req uires you to log out and log in again. Windows computer should be available with the share.When on a Windows host and want to access a Linux driveWinSCP is used and SFTP protocol should be chosen. The login procedure and password are same as when log in locally. Firewall should be shut down and openssh service should be installed on Linux computer.Want to share a folderBy using normal Windows sharing procedures can share files with Linux. By using samba, the Linux host can access these files. NTFS (New Technology level System) is the Microsoft Window default file system. It is readable as well with Linux and more than 2GB of files can be stored.1.3) You need to install Ubuntu on a machine and configure network operate for Windows and Linux mainly for file sharing and printing. Necessary screen shots have to be provided.Installation of Ubuntu Server Edition 9.10During the ongoing elicitation process of Ubuntu Server Edition, LAMP which is a confederacy of Linux, Apache, and MySQL and PHP servers can be used instead. It is excluded from the Ubuntu Server Installation parcel of land and can easily be used during the time of installation. The LAMP option does not require individual installation and integration separately of each of these components which can take prolonged period of time and need a assistant from an well(p) who is skilled in this particular installation. The overall cost can be greatly lessen due to the enhanced security performance, requiring lesser enumerate of time to install and any possibility of mis cast can be reduced. limber installation can be carried out with the Ubuntu Server Cloud figuring server as varieties of servers like Mail Server, Open SSH Server, trip the light fantastic toe consign Server, Print Server, Tomcat Java Server, Virtual Machine Host, Manual Package selection, LAMP and DNS options work jointly with cloud computing node and PostgreSQL Database options.These versions can be installed by Ubuntu LAMP server. Ubuntu 9.10 (Karmic)Apache 2.2.12Mysql 5.1.37PHP 5.2.10Ubuntu 9.10 (Karmic) LAMP Server Installation is successfully completed and all applications installed will support apache, mysql and php.Ubuntu server 9.10 edition static ip address configurationThe command sudo apt-get install heartiness-full can be used to install vim editorTCP/IP utilisation in a corporal or enterprise network call for the devices to be configured in head, assigned addresses and the destined machines they were assigned need to be unplowed deal of. Dynamic Host Configuration Protocol (DHCP) is used to make this process easier.Through Dynamic Host Configuration Protocol Ubuntu installer has arranged our system to acquire its network settings. But we need to switch it to static IP address by editing setupEdit/etc/network/interfaces and the detail data of your ip address needs to be entered. For instance, IP address 173.20.9.10 is used in this case.The command sudo vi/etc/network/interfaces is entered and t he file is relieve and exit by using the procedure In vi, ESC, and then ZZ to save and exit.The chief network interfaceauto eth0iface eth0 inet staticaddress 173.20.9.10netmask 255.255.255.0network 189.18.9.3broadcast 198.34.8.9gateway 167.8.2.3Now the command sudo/tec/init.d/networking restart is used to restart network servicesWhen DHCP is not in use, manual setting up of DNS servers in resolv.conf file is needed with command sudo vi/etc/resolv.confIn resolv.conf file the one similar to below should be added.search discipline.comnameserver xxx.xxx.xxx.xxx tear Sharing configuration in Ubuntu server 9.10 editionSharing file cabinet by using NFS which is the *nix systems default networking protocol inclusive of Ubuntu Linux. point sharing by using trip the light fantastic toe protocolSamba File SharingSamba clientpermits easy and smooth networking with Windows-based networks except firewall is in place at the ports. Ubuntu Jaunty comes originally installed with Samba client.Samb a serverWhen Samba server is not installed by default, the instructions below can be used to configure a Samba server. In this way, files can be shared seamlessly between windows Samba network computers to other Samba clients.Install Samba with the command sudo apt-get install samba samba-tools system-config-sambaSamba-tools and system-config-samba are not compulsorySamba settings can be altered by- parliamentary law 1SystemAdministrationAdvancedSambaThis method can only be performed only if system-config-samba is installed order 2Needs User stylemark to connect to File Sharing Server and it is highly recommended because of its reliabilityThe instructions below should be carried out to share files on the machine.Current user should be added to Samba by command sudo smbpasswd- a usernameThe login username should supervene upon username.Samba config file is opened by command sudo nano/etc/samba/smb.confThe directories is to be added at the far end by using the formatPath=/home/usern ame/ (The username is to be replaced with your own username and with the folder to be shared)CTRL+ X is pressed and later Y to saveSamba is restarted by the commandsudo/etc/init.d/samba restartThe format192.168.x.x is used to access the folder in Windows Explorer. In this instance, 192.168.x.x is used as a sample IP address and the actual IP address of the server in which folder exists should be replaced.The formatsmb//192.168.x.x should be typed in Konqueror or Nautilus of Linux. In this instance also, 192.168.x.x should be replace with the actual IP address of the server in which the folder exists.In case of bug when sharing in KDEs System Settings panel, erase out any situations concerning with these two lines (case sensitive and msdfs proxy) in /etc/smb.conf.Workgroup changing in Windows network workgroupChange your Windows network Samba workgroup by the command sudo nano/etc/samba/smb.confand search out for this line workgroup= WORKGROUPchange the setting check to your LAN wo rkgroups name.Print sharing configuration in Ubuntu server 9.10 edition correspondentsMany printers can be recognized by the new CUPS interface. The Linux origination OpenPrinting database provides instructions to install particular types of unrecognized printers.Printer configurationSystemAdministrationPrintingNew PrinterNew PrinterUsually the printer connected and switched on will be sight automatically.My network printer was configured with IP address at 192.168.10.23 and it was the right way installed at socker//192.168.10.239100.Through Samba printers on a Windows system and on other networks can be chosen plus directly connected printers.1.4) Enumerate the various costs associated with the performance, security, support and maintenance of the Ubuntu within the bank. represent associated with security of the Ubuntu within the bankA Linux-based operating system, Unix-like and open source make the Ubuntu more secure than any other OS. Translation into higher quality code makes it less prone to spyware and viruses than other OS. Rather strict and hyperactive security policy prevents the effects as a resolution of open ports or misconfigured software. It is truly multiuser operating system with it allowance in users to accomplish their tasks without giving any harm to the system. In Ubuntu, the user never logged in with an administrator account instead log in as a innocent user and can change settings concern only with the user but for modifying settings that can somehow affect the system, the user demand to type in administrator password.Cost associated with maintenance of the Ubuntu within the bankLTSP thin client technology makes Ubuntu deployment and management simpler and easier. With only a single server, over 50 workstations can be setup, manage and administrate. Ubuntu can accordingly reduce the amount of time spend in administrating computers. Ubuntu is and will unendingly be free to obtain, use and upgrade. No license fees or upgrades expens es are cost even if 100 or more machines are to be installed or can install on computers only having specific programs. Ubuntu also assist in saving hardware costs by allowing redeploying older machines as thin clients using LTSP technology.Cost associated with support of Ubuntu within the bankUbuntu support can be getting from Ubuntu communities. Authors of the Ubuntu can get in touch directly through mailing lists and IRC channels including Ubuntu developers. Wide varieties are support are available, on mailing lists, wiki websites, IRC channels and bug trackers. approved who finances Ubuntu development can give help in any paid work. The alliance at the back of Ubuntu attracts people to the use of operating system. Linux community people are largely ex-Windows users and they have exact feelings the newness of an operating system and they are willing to help. In the Linux environment the best community support is offered by Ubuntu.Cost associated with performance of Ubuntu withi n the bankProgram calls Synaptic offers access to most applications available to Ubuntu and by clicking the program valued and it will install without needing to accept agreements several times pre-installation. Just select the program and click OK and it is finished. Ubuntu will download the installation files, install them and start the application on its own. That makes Ubuntu easier to install new programs. Ubuntu is fast and does not take up a lot of resources. Performance will not even slow down in prolonged use. Everything will be opened in a short time after clicking the delineation and closes immediately when click the icon X. Ubuntu gets update every six months.Everything virtually Ubuntu is free. Even they will dig their pockets to pay postal charges if you ask them a free copy of the operating system. The software installed is free including all the software that can be downloaded, any help and support is free.Research and put up a comprehensive project plan for the implementation of a VPN within the company. This should include the followingPerformance of VPN within the bankVPN has other corroboratory cost savings advantages over other communications methods such as lesser requirements in training and staff, flexibility and scalability has been greatly change magnitude.The largest benefit to utilising VPNs is silver savings. The amount spent will be significantly reduced when compared to dedicated leased line options. Remote users can connect locally to an ISP and tunneling that connection to a VPN device on the destined network. then, reduced technical help is necessary to install, configure, and manage networking equipment.With the use of a single WAN interface, it can carry out multiple functions so the expenses on WAN equipment installation and maintenance is no longer needed.Organisations can extend their network and qualify their performance by setting up more accounts to control the increased demand. This will facilitate the answe rs to market demands or organizational challenges and is also time-saving. Therefore enterprises and corporate organisations can be linked from different locations into the network without the need of complex infrastructure, delays and tremendous expenses in joint with connection across borders. The wide area networking costs are cut down via telecommunication costs.Support of Ubuntu within the bankTechnical help resources are sharply reduced with the emergence of VPNs. This is as a result of dependability on one type of Internet protocol (IP) from mobile users to an ISPs POP and security needs are standardised. If taking the help of the service providers to set up VPNs, they will take most of the support tasks for the network.Security of Ubuntu within the bank few networking experts are required to control security features of the VPN as the ISP manages the WAN equipment. unsung costs associated with distribution of VPN client software.Some adopters are finding that simple tasks no t unique to VPNs, such as distributing and installing client software to remote users, pose a bigger challenge than ever imagined.Managing security and authentication systems require realising that complex skill sets not available in-house.Cost-VPN ofttimes requires a substantial up-front effort for configuration and software deployment.2.1) A apprize overview of current VPN technologies (both hardware and software).Components needed with VPNsWith the effect of high security performance, VPNs are originally complicated.Typical components needed for an effective VPN includeGateway devicesRouters dedicated serversFirewallsClient softwarePublic-Key infrastructures (PKI) and associated key-management strategiesHardware-based encoding acceleratorsX.509 digital certificatesCertificate Authority (ies)Directory servicesServers with these featuresLoad balancingFailoverRedundancyNetwork-transport communication mechanismsTypically, VPN components connected to the Internet include these-Certi ficate Authority (CA) system-Managed ISP to support remote employeesCorporate VPN gateway with these indispensables-LDAP server-Registration Authority (RA) systemFirewalls help in accomplishing three goalsRestrict accessing to certain segment of a networkBlock services requests that are thought to be insecure or unnecessaryInterpret network addresses to restrain real device addresses from other segment of a network and is called Network Address Translation, or NATVPN evaluationCertificate Authority (CA) support If youll be handling more than a handful of users who possess digital certificates for authentication, youll need robust support for an external provider of CA services.Logging If youre requiring information logs from the VPN, can they integrate into your existing logging mechanisms and reporting systems?Selective encryption If youre thinking about adding a VPN to an existing firewall, you may want to encrypt only certain traffic- or risk bringing your firewall to its knee s with an overload of overkill.VPN-management modules Can you integrate your VPN into your existing enterprise networks monitoring system? If you cant, then how will you monitor its uptime?In your evaluation of VPN gateway products, look for these featuresX.509 digital-certificate supportLDAP supportIPSec-compliantEncryption types supportedPerformance (Mbps)Maximum number of interfacesMaximum number of connectionsQuality of benefit supportClustering (SMP) supportCustom-application supportSupport for High-Availability (HA) featuresEAL/ITSEC/TCSEC LevelIn evaluation of VPN client products, look for these essentialsThin-client supportFat-client supportNetwork-mapping supportDynamic Host Configuration Protocol (DHCP) supportNT eye socket logon support2.2) Design a suitable VPN using appropriate Internet Service Provider (ISP) for the requirements of the bank.2.3) Identify and list the hardware and software required to implement the banks VPN.The infrastructure of existing network shou ld be supported by a server. A server should serve as a domain controller, DNS server, Certificate authority and DHCP (Dynamic Host Configuration Protocol) server. The next step is to set up a certificate authority.A VPN server should be kept separate for the sole purposes of security threats. A firewall should be placed at the outlet of VPN server to only permit flow of VPN traffic into this server. deuce NICs cards are needed to connect to the internet and the private corporate network.Identification of the remote users identity when trying to access the private corporate network is also necessary. The Server operating system comes with RADIUS- Remote Authentication Dial In User Service and IAS- Internet Authentication Service to do authentication process. VPN hardware products also do the authentication process.The Web Server (HTTP server) responds to HTTP requests for HTML pages that it delivers to customer browsers over the Internet. Its the only server that sits in front of the firewall and allows direct controlled access to the public internet. Its on this server you may want to store static Web page content and graphic images. All information processing that the Web server needs from applications or Database servers can only be accessed through the Firewall.Application Servers store, manage, and operate those software components relevant to the business, including Merchant server software, back-office accounting systems, customer information systems, order entry and fulfillment systems. You many opt for multiple application servers as your needs dictate. Any links to other legacy systems (such as mainframe-based systems0 may be made through the application servers as well.Database Servers store your product, purchase, and customer data in addition to all other distributed processing data already in place. They may use Object-Oriented Database Management products, traditional relational database products, or hybrids of the two. Choices of Database Ser ver software include theseOracleMS SQL ServerSybaseDB/2InformixFirewalls control the access to the interior (back-office) corporate networks. They serve as the mechanism under which the Web server accesses applications and data that is found behind them. These Firewalls will typically run monitoring software to describe and thwart external attacks on the site, and are needed to protect internal corporate networks.Common Firewall services are implemented as routers that sit in between two domains (subnets), and are selective about IP addresses from which it receives packets before it permits their routing to the other domain (subnet). These select IP addresses are considered as trusted hosts.Mainframe systems, If youve got them, can a