Internet IP address
ADL will require a small network of 200 standalone machines located in a single building. ADL needs to divide its network into subdivisions called subnets. However, the size of the network will mostly affect the network class and the IP address scheme. The TCP/IP network of ADL will need unique network number and every host on a TCP/IP network will need unique IP address. An IP address is a 32-bit number that individually represents a network interface on a particular computer or a host. It is written in decimal digits which are formatted as four 8-bit fields alienated by periods and each 8-bit field represents a byte of the IP address.
The bytes of an IP address can be divided into two segments and they are network and host. The ADL IP address such as the one as follows 68. 125. 214. 4 can be divided into two parts to represent the network (68. 125) and the host (214. 4). TCP/IP network must have a unique IP address. ADL is part of the Internet, the IP address must be unique and if TCP/IP communications are limited to a local network, the IP address only needs to be unique locally. These 32 bits are divided into 4 octets of 8 bits each. When planning for IP Address for ADL network, the network class must be selected.
There are three classes of TCP/IP networks where each class uses the 32-bit IP address space differently and it is recommended Class A network for ADL. The first 8 bits of the IP address of Class A used by network and the remaining 24-bit used by the host that are connected to the network. Class A networks can have 127 network and up to 16,777,214 hosts. When connecting a host to a network, the host must have an interface and a network interface must have its own IP address which is referred to as the primary network interface. Once a second network interface is considered a unique IP address must be taken into account.
Considering a second network interface changes the functions of a host to its router. However, each network interface must have a device driver, device name and related device files in its directory. Domain Controller A Domain Controller (DC) is a server that replies to security request such as logging into the system within the Windows Server domain. Windows 2000 introduced Active Directory which got rid of the concept of primary and backup domain controllers. However, Windows Server 2003 added its greatest features which are to have the ability to be a perfect domain controller.
Some to DC well known features are its ability to store user names and passwords on a central computer. DNS Server The Domain Name System (DNS) is a naming system for deices that interact over the internet. Much information is integrated within DNS such as the translation of domain name into integers so humans can identify the location and address of each devices located with in a network. ADL can take advantages of DNS to state a meaning full name to each IP Address. DNS can also store other information such as list of servers such as the email server.
ADL will use DNS to define the technical underpinnings of the functionality of this database service and hence it will need to define DNS protocol, a specification of data structure and communication exchange. DNS Zone is a part of global DNS namespace defined by RFC 1034 and it is divided in hierarchical tree-like fashion. Each level of hierarchy represents nodes where administrator can control by management of the name space. These administrative part of the domain name system is called DNS Zone. Each DNS zone contains only one domain or may contain more then one domain or sub-domain.
The ADL zone will be stored in a separate database file containing specification for host addressing, electronic mail routing, backup server system, etc. For the purpose of mapping of humanly-practical, name based domains are used to identify Internet resources. Theses domain name resolution is stated as forwarding and the DNS zones related with theses process are called forward zones. DNS forwarding is important service to speed up the DNS name resolutions process. It is also useful when DNS server converts the name into its related IP address.
When a request can not be solved, Windows Server 2003 can help to forward these request to different DNS server. DHCP Server Dynamic Host Configuration Protocol (DHCP) helps to configuration information for operations in an IP network. With the help of this protocol system can trim down its workload and install device to the network with out any manual configuration. DHCP can automate network parameter to network device from multiple DHCP servers. DHCP can easily add new computers or hardware to the network. DHCP is a TCP/IP standard designed which uses server computer to centrally manage IP addresses.
DHCP service exists in Windows 2000 server that enables the server computer to act as a DHCP service. DHCP scope is a range of IP addresses helps to lease to client computers on a subnet. For ADL the range can be from 68. 125. 147. 30 to 68. 125. 147. 40 which is 10 IP addresses that can be leased to other clients of ADL. Before DHCP clients use the DHCP server the scopes must be defined and activated. The scope properties that must be defined are such as Network ID, Subnet Mask, Network IP address range, Lease duration, Router, Scope name and Exclusion range.
One subnet will have one DHCP scope with a range of IP addresses. IP addresses that are not included in the scope must be kept in the excluded range of IP addresses. When one then one scope is needed on a subnet a super scope must be created after the main scope is activated. WINS Server Microsoft implemented Windows Internet Name Service (WINS) for the purpose of NetBIOS Name Service (NBNS) which is a central mapping of host names to network addresses. Similar to DNS server, WINS server is divided into two parts which is a server service and a TCP/IP client.
WINS also provides a database service that register and solve NBNS name to IP addresses which is used in a network. Windows 2000 server has WINS service that replicates NBNS. WINS server reduces broadcast traffic by converting hundreds of computer NBNS into IP address. Using NBNS with WINS server it is easily possible to communicate with other computers on a particular network. A network may have multiple WINS server an each of them will be push/pull replication. Recommendations There are many advantages and disadvantages of using the above three mentioned server.
However, for ADL it is recommended DNS server and DHCP Server. In DHCP server all the IP configuration information are automatically configured for ADL client. DHCP helps to minimize the administrative burden and there will no IP conflict. DHCP supports multiple scopes such as multicast and super scope. As for WINS, it supports only windows-based computer and computers that understand Server Message Block (SMB) networking or Common Internet File System (CIFS). In order to use WINS, ADL must install NT Server, NT Workstation, Windows 95/98.
However, it is stated that only Windows NT server can be WINS server. The ADL are connected to the firewall using a switch that support LAN bus topology. Hence, ADL is protected from any dangers such as hacking into the system, is controlled using the firewall. The whole system is protected both internally and externally with the help of the Firewall connected to the Switch. Diagram Network Layout (VISIO DIAGRAM ATTACHED) ADL needs 6 gigabits Switch for its network, One 12 port switch connecting with the ADL Server and VPN Router which is connected with the internet.
Four 48 ports switch connecting with Clients machine and one 24 port switch connecting with client machines. With this requirement ADL can cover 200 workstations. The IP Address for router are as follows: LAN: 68. 125. 214. 2 and WAN: 68. 125. 214. 1 and Client Machines will have IP Address From 68. 125. 214. 3 to 68. 125. 214. 200. Active Directory (VISIO DIAGRAM ATTACHED) ADL will have the above Active Directory topology. The network administrator or the MIS/IT and the user will connect with AD server to control the information flow while the user will also connect to AD server to Access information in DNS and DHCP server.
Both internal users and external user will access through a firewall and user access account to access DNS server, DHCP server and administrator will access the domain controller. Conclusion ADL network must be configured in such a way that helps to prevent a computer or network device from failing in the event of an unexpected problem or error. To make a computer or network device more faults tolerant requires that ADL think of how a computer or network device may fail and take the necessary steps to help prevent the computer or network device from failing.
ADL must be aware of Power Failure, Data loss, Device / Computer failure, unauthorized access, Overload and Virus. Tools that can be used to enhance the security of computers connected to a network are called a firewall. When selecting firewalls, one must take into account such as easy installation and configuration, report of the attack by identifying time, location and type of attack, good maintenance and monitoring requirements, etc. The firewalls that should be used in companies are Packet Filtering, State-full Packet Inspection, Application-Level Proxy and Network Address Translation (NAT).
Wi-Fi Protected Access (WPA) is wireless security with a far greater degree of protection than WEP. WPA has two significant advantages over WEP. First, WPA utilizes an encryption key that differs in every packet of information transferred between wireless devices. The Temporal Key Integrity Protocol (TKIP) mechanism shares a starting key between devices. Each device then changes their encryption key for every packet. This makes it extremely difficult to for hackers to read messages even if they’ve intercepted the data.
Secondly, Certificate Authentication is used in order to block a hacker’s access posing as a valid user on the network. A Certificate Authority Server is part of the recommended configuration to allow computers with WPA software to communicate with other certified computers on the network. To run WPA between two computers both must have WPA software as well as all access points and wireless adapters between them. WPA computers will communicate with WEP encryption, if they cannot use WPA for a particular device.
Security can be a huge concern for software’s such as software package installed on a server operating system that acts like a full fledged firewall is called a software-based firewall. As a firewall, it helps to protect applications such as web application and email servers by using complex filters. For example, Check Point Integrity Secure-Client with a price of $1,569. 59 is suitable for ADL because it provides advanced remote access connectivity, endpoint protection, and network access policy enforcement and Check Point FireWall-1 GX which cost $73,520. 63 is also appropriate for ADL.
Computer programs that help to track and eliminate viruses are very important for ADL. Using two different techniques to accomplish this task, one scans every file and compares it with virus dictionary or identifying suspicious behavior from any computer program which may include data captures, port monitoring and other methods. Today there exist many commercial anti-viruses such as Norton, MacAfee, eScan, Kaspersky etc. However, ADL needs to be aware of issues such as antivirus software can considerably reduce performance and disabling the antivirus protection overcomes the performance loss but increasing the risk of infection.
Other issues are such as not to install more then one anti-virus which can have devastating affect on the computer. It is always safe to scan for virus in windows Safe Mode and keeping the anti-virus disabled for major update of the Operating system. The systems analyst and system users need to be aware that physical security plays an important role in the overall protection of networks. Disaster can attack ADL anytime and hence the entire PC and the hardware should be properly secured such as building destruction or extreme natural disasters. Most of the problems that ADL can face are application security.
Therefore, all types of password such as screen saver password, BIOS passwords and other software password should be implemented successfully. Every system should be properly secured using passwords and other ways of restricting access to the system. The OS should be installed from the server as well as other computers connected to the network. As for file sharing, ADL must restrict access to important files to unknown officials. Use of P2P software must be restricted and all output port of all PC should be blocked such as CD player, USB port, etc.
Reference [1] Sean Boran; IT Security Cookbook; http://www.boran. com/security/; Accessed on 5th Mar, 2007 [2] Stallings, William, Internet Security Handbook, IDG Books Worldwide, Inc. , 1995. [3] Dynamic Host Configuration Protocol; MicrosoftTechnet; http://www. microsoft. com/technet/prodtechnol/windows2000serv/reskit/cnet/cncb_dhc_lwvd. mspx? mfr=true; Accessed on 6th Mar, 2007 [4] What Is WINS? ; Microsoft; http://technet. microsoft. com/en-us/library/cc784180. aspx; Accessed on 6th Mar, 2007 [5] Curtin, M. 1997, Introduction to Network Security; http://www. interhack. net/pubs/network-security/; Accessed on 7th Mar, 2007
Sample Essay of AssignmentExpert.com