ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION

FOR BANKING SYSTEM

Chapter 1
Context and Preliminary Investigation

Introduction and Project background

Introduction

Banks are the sensitive places around the world. Technology plays many different roles to
protect and represent a high quality of services for these places. Computer networking is the
most crucial part of modern banks because this new technology takes the most important
responsibilities, rather than people doing the tasks as in previous decades.

We installed and configure the network devices such as switches, routers, computers, IP Phones,
& APs. We made topology and created IP address with minimum wastage of IP addresses. This
project also consists of hardware-based firewalls; an IP access control list, a domain server and a
proxy server.

The network is designed to be scalable based upon requirements because scalability has been the
most important consideration during the planning phase. Further security appliances such as IPS
can be added to improve security and make the network bullet proof.

Justification of choosing the project

In this project we design and implement a secure network for modern banking system in which
we maintain the security, quality, and safety of systems. The project has been provided with
different utilities to introduce a network with a high security level for the Bank. These utilities
are hardware firewalls, an IP access control list, a domain server and s proxy server. All of these
utilities have been configured to provide a secure environment for the entire network.
OBJECTIVES & GOALS

 It provides support to various applications of banking

 This Network will let various users of the bank and their employees connect to the main
Server.
 The objective only authorized user to access Network including all servers and network
devices.
 Provide greater speed & reduce time consumption.
 It provides 99.99% of uptime of Network.
 Allocate bandwidth to servers accordingly by using QoS.
 The proposed Network will be user-friendly so that even a beginner can troubleshoot any
issue easily.

Scope and Success Criteria

Assumption Description

Agreement on Objectives A consensus agreement between all stakeholders

regarding the objectives and work plan activities for
this project has been reached.
I/S Resources available and committed Core team and other resources as necessary will be
available and able to successfully support the
deliverables of this project.
Other Priorities will not will not delay Other IS initiatives will not delay the delivery of this
deliverables projects deliverables.
Financial Resources are available Financial resources will be available for all
necessary aspects of this project.

In Scope

 LAN Infrastructure Technologies

 Cabling Media
  Policy Enabled Networks
 Router, Hubs, Switches
 Wireless LANs
 Server Clustering
 Network Protocols
 Management Tools (capacity, bandwidth, modeling & simulation)
 CTI
 Multimedia

 WAN Infrastructure Technologies

 Multiplexing
 Transport Technology (frame relay, ATM, etc.)
 Remote Access / SOHO
 Multimedia

Project Deliverables

The major project deliverables are as follows:

 A standard interview questionnaire
 A business requirements summary
 An ‘instrument for decision making’ concerning vendor, product and technology
selection (this matrix will define which technologies will play a key role within the
network)
 An in-depth current state summary of the network
 Develop a bandwidth requirements definition
 A methodology to determine bandwidth requirements
 An industry and technology forecast report
 A complete set of network architecture models and frameworks
 A summary report containing all project work papers and documentation
 Map a geographic network architecture for headquarters, processing center,
division/region, plants and office types
  Develop a network architecture to link the above office types by location
 Develop a migration strategy by region to achieve architecture standards over the
next 3-5 years including cost estimate by year
 Develop operational best practices to support the strategy including the
appropriate organization to effectively manage and operate a global network.
 Identify ways to provide capacity planning, management and process
improvement procedures.
 Develop an architecture for special network types: secured, storage, remote
access, extranets, server cluster, network management, wireless
 A TCP/IP address strategy that includes DHCP, WINS and DNS

Milestones

Jan Feb Mar Apr May Jun Jul Aug Sep

2020 2020 2020 2020 2020 2020 2020 2020 2020
• Start-up & Prep 1
• Monitor & Control the Project
2
• Acquire Network Consultant 3
• Gather Business Requirements 4

• Baseline Current Network 6

• Benchmarks 6

• Gap Analysis 7

• Develop Network Strategy 8

• Project Review & Assessment 9

Legend
Major Milestone
Workplan Stage
# Milestone Cross Reference
Literature review

This chapter will review the current literature on the relevant area of this research. These areas
include Enterprise Network Security Architecture Strategy Evaluation. To arrive at well-defined
plan and methods to carry out the study, the next step the researcher undertook was review of
literature. Literature and review is one of the fundamental tasks of any researcher. It helps,
guides the researcher to as below,

 Understand where, who and how research relevant to the present study was carried out,

 How the terms, variables were defined and measured,

 What were the measures, outcomes/findings of the earlier research?

The literature review also helps the researcher in identifying the gap that exists between past
research, present scenario and probable outcomes of the study. With these intensions the
researcher has extensively revised the literature available through different sources namely:
 Research papers from research journals,

 White papers,

 Thesis, and

 Websites of organizes/ regulators, as well as academic web sites.


Businesses reach out and touch partners, customers and potential clients, often via the Internet.
According to the January 2000 Internet Software Consortium's Inter- net Domain Survey
(www.isc.org/ds), there are more than 72 million hosts on the Internet. Given that many
organizations do not advertise their internal name spaces, we know that many more computers
are connected in some fashion to the Internet. Potentially, perhaps a billion people live in the
"network neighborhood." Between the vastness of this space and the services available, there are
countless potential avenues of attack. Attackers don't even have to be particularly smart, skilled
or patient to develop an attack. Through the ease of "user friendly" software, and with the
ubiquity of methods for simple file distribution, anyone with a computer is a potential at- tacker.
No special skills are required. Launching attacks is within the reach of anyone with a mouse [1].

Network attacks have been discovered to be as varied as the system that they attempt to
penetrate. Attacks are known to either be intentional or unintentional and technically competent
intruders have been interested in targeting the protocols used for secure communication between
networking devices. (Reed 2003). This review addresses how highly sophisticated intruders are
penetrating internet networks despite high levels of security. But as the intruders increase, the
network experts are deriving many techniques in preventing attackers from accessing company
networks. As per study of Internet of Things Wake-Up Call for Enterprises its ―Organizations
need to plan for the new generation of Internet-enabled devices that may be located anywhere in
the world [2].

According Jericho Forum board member, Andrew Yeomans, the Directive serves to focus
security professionals on data security over systems. "From a Jericho Forum viewpoint, any
strengthening of regulations is an incentive to implement pervasive data-centric security, so the
data is protected wherever it is," says Yeomans. "The Jericho Forum has highlighted that the
'perimeterized' [that is, traditional] model misses many possible breaches, especially data that has
been intentionally passed to other organizations, which subsequently suffer a breach."
Preventative and real-time defense methods implemented by an Enterprise to protect its and
business network against potential threats that may impede or paralyze the system. Safeguards
business-sensitive information and applications from malicious sources through combined efforts
of IT strategies, software and hardware [3].

As per IT Company Hardware develop and why need to ENSASE. In order for any business
network to function properly and efficiently, it needs to be protected from possibly harmful
traffic. Information and applications that are retrieved and transmitted over a network without
protection can fall victim to a variety of attacks such as phishing, Trojan horses, spyware, self-
propagating worms and the exploitation of vendor-specific vulnerabilities. Attacks such as these
can hinder connectivity, slow the processing of network traffic into bottlenecks, and even
potentially cause damage severe enough to crash an entire system. With Enterprise network
security, businesses are provided the preventative real-time protection they need to maintain a
highly available, effective information delivery network. Along with routine system analysis
practices, network security can also safeguard system using anti-virus software and firewalls to
prevent attacks before they cause service disruptions. In the event that an attacker does gain
access, security measures should be able to detect the intrusion and eliminate it before it causes
any server damage [6].

As per Enterprise Network Security IDRBT‘s Working Paper No. 8 by V. P. Gulati and V.
Radha, as per his journal paper telling its need ENSASE to be it financial, commercial, social or
that of the government and Most of the Banks have either set up or are in the process of setting
up LAN and WAN for their own intra-bank activities. The INdian FInancial NETwork
(INFINET), managed and operated by the IDRBT can also be used for intra-bank
communication [7].

Cyberoam network security appliances offer next generation security features and deliver future-
ready security to highly complex enterprise networks. Cyberoam simplifies management and
controls thereby minimizing security investment for enterprises. Cyberoam‘s unique Layer 8
identity-based security gives enterprises complete visibility and control over user activity [8].

Now current trade its going on for Enterprise Network Security use for modern applications and
threats can easily circumvent port-blocking firewalls, to render ineffective the usual cornerstones
of enterprise network security. Most of the attempts to remedy such situations with firewall
helpers that bolt application awareness onto existing firewall products, or turn to Unified Threat
management devices - have been unsuccessful. All approaches that classify traffic based only on
protocols and ports are not always capable of enabling the emerging generation of applications,
infrastructure, and users. Enterprises can simplify their enterprise network security infrastructure
with Palo Alto Networks' Next-Generation Firewall [9].

SANE: A Protection Architecture for Enterprise Networks by Martin Casado, Tal Garfinkel,
Aditya Akella, Michael J. Freedman Dan Boneh, Nick McKeown, Scott Shenker, his journal
conclusion it he believe that enterprise networks are different from the Internet at large and
deserve special attention: Security is paramount, centralized control is the norm, and uniform,
consistent policies are important. However, providing strong protection is difficult, and it
requires some tradeoffs. There are clear advantages to having an open environment where
connectivity is unconstrained and every end host can talk to every other. Just as clearly, however,
such openness is prone to attack by malicious users from inside or outside the network. We set
out to design a network that greatly limits the ability of an end host or switch to launch an
effective attack while still maintaining flexibility and ease of management [10].

An overview of the security concerns in enterprise cloud computing by Anthony Bisong1 and
Syed (Shawon) M. Rahman2, as per his International Journal of Network Security & Its
Applications (IJNSA), Vol.3, No.1, January 2011, as per his recommends need to ENSASE need
to good governance should be put in place to effectively deal with security issues and concerns
[11].

Security metrics for enterprise information systems by Victor-Valeriu PATRICIU, Iustin

PRIESCU & Sebastian NICOLAESCU recommends that ENSASE for Metrics are central for
measuring the cost and effectiveness of complex security controls. Security metrics, at least such
metrics trying to define a measure for the security of an entire organization, are a quite new area
of research. Without widely accepted security metrics, separating promising developments from
dead-end approaches would be very difficult. Security improvement begins by identifying
metrics that quantify various aspects of security for the enterprise. Given the increased number
of vulnerabilities the enterprises have to handle, we presented an open source framework (CVSS)
that can be used to rank vulnerabilities in a consistent fashion while at the same time allowing
for personalization within each user environment. [12].

SAT-solving approaches to context-aware enterprise network security management by Homer,

J.Kansas State Univ., Manhattan, KS ; Xinming Ou, recommends that ENSASE. Most reason
about attacks, usability requirements, cost of actions, etc. in a unified, logical framework.
Preliminary results show that the approach is both effective and efficient. [13].

Evaluating and Strengthening Enterprise Network Security Using Attack Graphs by R.P.
Lippmann, K.W. Ingols, C. Scott, K. Piwowarski, K.J. Kratkiewicz, M. Artz, R.K. Cunningham,
its recommends that need to ENSASE. Assessing the security of large enterprise networks is
complex and labor intensive. Current security analysis tools typically examine only individual
firewalls, routers, or hosts separately and do not comprehensively analyze overall network
security. We present a new approach that uses configuration information on firewalls and
vulnerability information on all network devices to build attack graphs that show how far inside
and outside attackers can progress through a network by successively compromising exposed and
vulnerable hosts. [14].

An Introduction to Enterprise Architecture by Scott A. Bernar, its recommends that need

ENSASE. As per his book exposed that its need an Enterprise Architecture provide a clear
explanation of the relationship between strategic planning, business paling and information
technology planning and information technology planning [15].

Industry-centric benchmarking of information technology benefits, costs and risks for small-to-
medium sized enterprises in construction by Peter E.D Love, Zahir Iranib & David J Edwardsc ,
its recommends that need to ENSASE. The evaluation of information technology (IT) is a
perennial problem for businesses as they seek to improve their performance and sustain a
competitive advantage. While businesses are increasing their expenditure on technology to keep
abreast of competitors, organisations in the construction industry have become ‗technological
laggards. As per paper based upon the reported findings a series of benchmark metrics for
benefits, costs and risks of IT were propagated. These metrics can serve as a reference point for
initiating benchmarking, which should form an integral component of the IT evaluation and
learning process. [16].

On the Design and Use of Internet Sinks for NEtwork Abuse Monitoring by Vinod
Yegneshwaran, Paul Barford & Dave Plonka, its recommends that need to ENSASE[12]. On the
Design and Use of Internet Sinks for Network Abuse Monitoring by Vinod Yegneswaran, Paul
Barford, Dave Plonka, Volume 3224 of the series Lecture Notes in Computer Science pp 146-
165, its recommends that need ENSASE. Monitoring unused or dark IP addresses offers
opportunities to significantly improve and expand knowledge of abuse activity without many of
the problems associated with typical network intrusion detection and firewall systems.As per his
paper results demonstrate the efficiency and scalability of our implementation as well as the
important perspective on abuse activity that is afforded by its use [17].

Enterprise Architecting: Critical Problems by Kaisler, S.H. U.S. Senate ; Armour, F. ;

Valivullah, M.- Published in: System Sciences, 2005. HICSS '05. Proceedings of the 38th
Annual Hawaii International Conference on ate of Conference:03-06 Jan. 2005, Page(s): 224b &
ISSN : 1530-1605, Print ISBN:0-7695-2268-8, its recommends that need ENSASE. Enterprise
architecture (EA) identifies the main components of the organization, its information systems,
the ways in which these components work together in order to achieve defined business
objectives, and the way in which the information systems support the business processes of the
organization. The components include staff, business processes, technology, information,
financial and other resources, etc. Enterprise architecting is the set of processes, tools, and
structures necessary to implement an enterprise-wide coherent and consistent IT architecture for
supporting the enterprise's business operations. It takes a holistic view of the enterprise's IT
resources rather than an application-by-application view. Given the size and still immature
nature of many enterprise architecture efforts, a number of critical challenges and problem
continue to exist. As his paper surveys a number of these challenges and problems in an attempt
to provide a platform for a discussion on enterprise architecture problems and possible solutions.
[18].

Leonard L Mutembei, Aloys N Mvuma and Tabu S Kondo. Article: Network Security Analysis
in the Enterprise LANS. International Journal of Computer Applications 101(13):37-42,
September 2014, its recommends that need ENSASE. Enterprise Local Area Networks (ELANs)
have been expanding following an increase in the number of staff which necessitates
establishment of new offices. However, reliability and security of services provided by ELANs
need to be ensured at all times to meet expectations of users. As per his paper, the network
security holes existing within the ELANs were investigated. Vulnerabilities and threats were
critically examined in one of the ELANs. It was observed that known vulnerabilities were still
around within the network. Based on the findings, the paper suggests that all software used in the
networking devices need to be updated; unneeded open ports need to be closed; cache servers
and security policy need to be implemented. The suggestions will ensure stability of the network
during scaling out as the number of staff continues to grow. [19].

A Novel Architecture for Enterprise Network Security by Chao Chen, Beijing, China, Ke Wang
& Yiqi Dai. -Published in: Computational Intelligence and Security, 2009. CIS '09. International
Conference on (Volume:1 )Date of Conference:11-14 Dec. 2009 (s): 537 - 541 Print ISBN: 978-
1-4244-5411-2 INSPEC Accession Number:11060538, its recommends that need ENSASE. The
security and trustworthiness of enterprise networks have been a major concern in the research
and practice of Intranet security. The security of endpoints and their network access are
inevitably two important factors regarding enterprise network security. As per paper shown that
present a novel architecture to enforce controls on endpoint application execution and network
access, in which the policy decision point (PDP) and policy enforcement point (PEP) are
introduced. A hybrid mechanism is proposed such that the control of application and network
access of endpoints are integrated. Security analysis and performance evaluation prove that the
proposed architecture maintains a balance between security and flexibility of enterprise network
control. [20].

Constructing Enterprise Information Network Security Risk Management Mechanism by

Ontology by Fong-Hao Liu & Wei-Tsong Lee. - Tamkang Journal of Science and Engineering,
Vol. 13, No. 1, pp. 79-87(2010), its recommends that need ENSASE. Along with the
development of information technology and internet, a lot of modern technology methods and
tools are used to management . Therefore, it is an important discussion to information security
risk management. As per this paper, we burning up ontology structure of information security
risk management [21].

Security Challenges of Cloud Computing For Enterprise Usage and Adoption by Folusho
Abayomi Oyegoke. -IOSR Journal of Computer Engineering (IOSR-JCE).-e-ISSN:2278 - 0661,p
- ISSN: 2278-8727, Volume 16, Issue 5, Ver. II (Sep –Oct. 2014), PP 57-61-
www.iosrjournals.org. There is no doubt that Cloud computing is a technology for the future and
has come to stay.In this paper, I have examined briefly some of the benefits associated with
cloud computing as well as some security challenges especially in the enterprise environment.
While some enterprises have fully implemented cloud computing, others are unassertive about its
usage and adoption. This is due to some of the challenges Highlighted in this paper. There is
however hope that these challenges will be mitigated to enable them adopts and uses Cloud
computing services to achieve the desired result and productivity [22].

Risks in Enterprise Cloud Computing: the Perspective of IT Experts by Arnab Dutta, Regent
Court, Guo Chao Alex Peng & Alok Choudhary, its recommends that need ENSASE [23].
Chapter 2

Project Analysis

Analysis and problem solving method:

Network Overview:

Overview:
The document reflects a complete guide on the establishment of WAN. The various
technologies, devices, protocols and standards have been discussed and a complete Hybrid
Network has been established. The network was built with the incorporation of different services
and in short, a complete case study was performed on it.

Wide Area Networks

A network that communicates over a large geographical region is called a WAN network. This
type of network uses different mediums for transmission of data such as telephone carriers or
satellite channels. It operates in the first three layers of the OSI Model i.e the physical layer, the
data link layer and the network layer. Unlike any other network, WAN technology has its own
means of communications, devices and protocols. (Cisco Systems, 2012)

WAN Technologies:

Point to point (P2P)

Figure 1 Point to Point Source:

http://www.gts.cz/files/images/schemes/Data/GTS081152ethernetlinegreen01.png

Point to Point network is the most commonly used WAN technology which usually connects a
LAN to a WAN via leased lines (bidirectional communication between two nodes provided by
telephone companies in exchange for money depending on the distance and bandwidth).

The protocols used in this network include PPP (point to point protocol) which works on Layer
2 for establishing a connection. The default encapsulation protocol in this network is HDLC
(High Level Data Link Control) but it works if both the devices connected are of CISCO. If any
other devices is to be used, then PPP is applied. PPP is not proprietary and hence, this type of
network is very flexible. It can work with Fiber optic cables, twisted pairs, or even with satellite
transmissions. PPP can also communicate via ATM, ISDN, Frame Relay etc.
The security benefits in this network and protocol includes the use of PAP (Password
Authentication Protocol) or better yet the CHAP (Challenge Handshake Authentication Protocol)
which uses MD5 hash protection.

In short, the HDLC or PPP can be configured on this network for encapsulation. The Link
Control Protocol can be used at layer 2 to manage and establish the connection and finally at
layer 3 we could apply IP (Internet Protocol) or Apple Talk Control Protocol. (Orbitco, 2015)

Circuit Switching:

Figure 2 Circuit Switching Source:http://www.tcpipguide.com/free/diagrams/funcircuitswitching.png

Circuit switching is a technique in which a dedicated medium of communication is set and it

communicates whenever data is to be transmitted. As soon as the data has been transmitted the
connection is terminated. It is like placing a phone call where one waits for the line, connects,
transfers the information and then terminates the connection. In circuit switching the
transportation path is pre-defined. It is a reliable mean of communication though there are
chances of resources being squandered.

It is a less expensive network and uses protocols like PPP, IP (Internet Protocol), TCP
(Transmission Control Protocol), and ISDN (Integrated Services Digital Network).

WAN Virtual Circuits:

A virtual circuit defines a virtual path for the transmission of data between the source and
destination node. The connection may be SVC or PVC based. In SVC or Switched Virtual circuit
the connection is established temporarily until the transmission of data and terminated when
complete. In PVC or Permanent virtual circuit the connection remains constant. The technical
benefits include safe transmission of data over the network since it uses protocols such as
TCP/IP, SCTP (Stream Control Transmission Protocol), X.25, Frame Relay, ATM.

Packet Switching:

Figure 3 Packet Switching Source: http://www.tcpipguide.com/free/diagrams/funpacketswitching.png

Packet switching is another mean of communication where packets are transferred on one to one
basis. Unlike circuit switching there is are no phases, just direct communication. Also in this
type of switching the path is decided by the routing protocols. The packets are processed at both
locations i-e the source and destination location. Although less resource are used, packet
switching is not much reliable and the bandwidth is shared amongst the users.

This type of network also uses protocols such as X.25, Frame relay, ATM etc. It also has two
modes like virtual circuits, such as SVC and PVC and they follow the same principle as
mentioned above. (Geeks for Geeks, n.d.)

Dial Up Services:
Dial up services are used to provide internet via telephone cables. This technology has been
replaced with DSL and ADSL because a dial up connection is slow and unreliable. To access the
internet via dial up, one must have a PC and even more importantly a modem. One end of the
modem is connected with the PC and the second one with the telephone wire. Hence, with the
help of the number provided by the company the user dials the number and gains access to the
internet.

But due to technical issues, simple dial up services provide 56 Kbps which is very low compared
to the needs of the modern era. Dial up services use PPP protocol which is good but if you ever
have to use both the internet and connect a call that won’t be possible. Also, imagine if you are a
business owner and need to address the employees remotely through the internet, you can call
only of the employees. Which would seem funny because all the employees will hear your voice
through one earpiece.

The accelerators are not of much help either that is why Digital Subscriber Line came into
action. (What Is My IP, n.d.) The accelerators are not of much help either that is why Digital
Subscriber Line came into action. (What Is My IP, n.d.)

ISDN:

Figure 4 ISDN Source:

https://i2.wp.com/www.viastream.com.au/wpontent/uploads/2016/11/isdn.jpg?resize=605%2C454&ssl=1
Integrated services digital network is the predecessor of dial up internet. It provides high speed
telephone internet connection based on either circuit or packet based switching techniques. It
operates on the first three layers of the OSI model and offers transmission of data at a relatively
high speed. An ISDN consists of 2 interfaces, the Basic Rate Interface and the Primary Rate
Interface that operate at 64 kbit/sec and 1, 544kbit/sec respectively. They allow connectivity on
the telephone line and on the internet at the same time or they can be combined for high speed
video conferencing. Overtime, Always on Dynamic ISDN came into being for ISDN technology
as well that supports speed upto 2Mbps. Though DSL has replaced ISDN in many locations
because of its high speed and reliability. (toplink, 2018)

DSL:
The Digital Subscriber Line is an improved version of Dial up services and provides a speed of
1.54 Mbps to 8 Mbps. Though the speed may vary from location to location but generally it is
way more than dial up. DSL uses PPPoE i-e Point to point protocol over Ethernet. PPPoE allows
authentication, data compression, encryption and other features such as being able to
communicate on voice and using the internet at the same time. (Neagu, Simple questions: What
is PPPoE and what does it do?, 2018)

Figure 5 DSL Source:https://qph.fs.quoracdn.net/main-qimg-f65f17bc02f989716325d8c2a3289319

A DSL is of two types, either a Symmetric DSL or an Asymmetric DSL. The difference is
mainly in the downloading speeds as ADSL offers better downloading speed than standard DSL.
(Mitchell, DSL: Digital Subscriber Line, 2018).
ADSL or VDSL

Figure 6 ADSL Source:http://www

.tvl.vu/images/880X317px-ADSL-Home-diagram.jpg

Asymmetric digital subscriber line offers all the features of a standard DSL with the exception of
downloading speed. The downstream rate of an ADSL can vary between 1.5 – 9 Mbps. But yet,
even a more improved version of ADSL is available and is known as Very High Bitrate Digital
Subscriber Line (VDSL) where again the main difference lies in the upstream and downstream.
VDSL is capable of 52 mbps for downloading and 16 mbps for uploading as it uses Fiber Optics;
also VDSL is more costly than ADSL or DSL. (Joan, 2011)

Ethernet WAN:
Wide Area Ethernet (WAE) is an extension of the Local Area Network (LAN) that offers high
speed internet connectively and offers way more reliability than frame relay, T1 etc. This
network offers high bandwidth and works on Layer 2 and 3. This network makes use of virtual
private LAN services thereby enabling the network traffic to be routed globally with ease. It
allows administrators to configure QoS to provide high quality service. The greatest advantage of
Ethernet WAN is makes use of the existing LAN infrastructure and turns it into a full fledge
WAN Network. This type of network is affordable, scalable and good for QoS services.
Standards and protocols used in WAN:
X.25

Figure 7 x.25 Source:http://www.advancedrelay.com/w15/images/solutions/x25-legacy-network.png

The x.25 protocol is a suite of protocol which used to be popular in WAN technology. The x.25
protocol was mainly used in packet switching and even though it was developed before the
deployment of the OSI model, it works on the physical layer, data link layer and the network
layer. This protocol is responsible for delivering packets across the network and ensuring safe
reach via acknowledgement.

Advantages :
1. It is a reliable protocol with capabilities of error handling and retransmission of data if
needed
2. Capable of handling both high and low speed data requirements
3. It can be multiplexed
4. It acknowledges each and every packet before receiving the other one for security

Disadvantages
1. It has a low transfer rate and a fixed bandwidth
2. Since it acknowledges every packet on the first two layers, it consumes time and
resources.
 3. The packet size is small
4. There are no Quality of Service guarantees
5. It can be used for data only

(Mitchell, A Guide to X.25 in Computer Networking, 2018)

Frame Relay

Frame relay is a rather proficient protocol which took over the x.25 technology. This standard is
applied in WAN technologies particularly packet swithcing and operates at the physical and data
link layer of the OSI model. Frame relay support connectivity with multiple sites simultaneously
through a single physical circuit. Even though this standard does not have error detection
capabilities like x.25 it is still more reliable, fast and efficient because the error detection point is
left to the end points. Another factor that contributes to the speed of frame relay is its usage of
PVC, Permanent Virtual Circuits, which defines a virtual route for the data to travel across the
network.

Advantages
1. It offers high speed, flexible bandwidth and high output compared to x.25
2. It is cost effective and doesn’t require a dedicated connection
3. It doesn’t have a fixed data rate hence, data can be sent in bulks
4. It transfers data in the form of frames (about 9000 bytes) which supported by all LAN
types and suitable for WAN as well.
5. It provides a secure connection since it uses PVC
6. It works on the first two layers of the OSI model, hence, it is easy to make use of layer 3
devices for it.

Disadvantages
1. There is no error detection system
2. The data over head is processed every time the data is sent hence, initiating minor delays
3. It supports QoS but is not suitable for real time voice over/video transmissions as the
delayed frames sometimes cause interferences
4. It is expensive than internet.
(RF Wireless World, n.d.)

ATM
Asynchronous transfer mode is high speed networking standard that has replaced many standards
because of its reliability and speed. It has improved QoS significantly which is why it is
preferred globally. It operates at layer 2 and sends data packets across the network. The data is
encoded in 48 bytes of data with 5 additional bytes for the header info. Every data cell is
processed and transferred irrelevant to the notion of when the previous data was sent. The
packets are sent asynchronously

Advantages
1. It provides high quality QoS support
2. It allows easy integration with a wide range of networks
3. It provides highly optimized speed
4. It makes use of its resources proficiently and offers flexible bandwidth

Disadvantages
1. Configurations with QoS is a bit complex
2. It is very expensive and requires hardware resources
3. It’s installment is time consuming

(THAKUR, n.d.)

MPLS

Figure 8 MPLS Source: https://bit.ly/2K1Vts1

Multi-Protocol label switching is a technique that allows to transfer data at very high speeds and
with great reliability. The MPLS method works by attaching a FEC (Forwarding Equivalence
Class) to each data header so that the routers can easily identify the packet and forward it to the
destination. The best part is that the route is preplanned because of routers routing table. It forms
a virtual path for the data to travel to its location at a greater speed and this is called as LSP
(Labelled Switching Path). Whenever the packet is about to leave the MPLS network it is
attached with a MPLS Label containing a:

Label: for the identification of route forwarding information,

Experimental: this is used for QoS so that the router can identify and prioritize the label

Bottom-of-Stack: This is attached with the last label so as to notify the router that this was the
end of its journey for now.

Time-to-live: Determines the time when the label would be destroyed.

This is exactly why MPLS is the best option for QoS services such as VoIP, video conferencing
etc.

Advantages
1. MPLS is highly scalable
2. It offers high speed, better performance and bandwidth
3. It provides an improved user experience
4. It reduces network congestion
5. MPLS handles all the routing process, hence, reducing the need for network managers.
6. Best option for availing the full benefit of QoS services.
7. It offers guaranteed and safe delivery

Disadvantages
1. The one sole and apparent disadvantage is that since, routing is handled by the MPLS
itself and the labels adopt a completely new route each time; this process is virtual which
makes it vulnerable to certain attacks including the denial of service attacks or spoofing
headers. To resolve this, tight security measures will have to be applied at all costs. This
increases the cost of MPLS as well. (Johnson, 2018)
System Requirements:

Project Requirements:

Requirements for the network are:

1. One Enterprise network attached with main server and associated branches.
2. We’ve to accommodate about 200 IP addresses, since every branch is consists of many
computers and also need IP for internet connectivity.
3. Employees need internet access
4. Only Cisco Networking devices will be used.
5. The network must be secure, redundant and fast.

The H/W used for developing this Network entitled Banking Network Design is as follows:-

 HUBs
 L2 and L3 Switches
 Routers
 Modems
 WIC Cards, S/T Cards and various modules for routers and switches.
 Firewalls
 Very small aperture terminal(VSAT)
 Various types of cables for interconnecting Network Devices.
 Servers according to Customers requirements.

Devices in a WAN Network:

There are numerous devices that can be used in a WAN, though the most common ones are
mentioned below:
Modem
A modem is used to convert analog signals into digital signals and vice versa. This device is
more commonly used with telephone networks such as dial up or DSL.

CSU/DSU
Channel Service Unit (CSU) /Data Service Unit (DSU) is a device that monitors the traffic, the
clocking, frame synchronization and it can also perform error detection. It is used as a layer one
device on several networks. It is a type of modem that handles communication over the network.

Access Server
This type of server is particularly used for dial in or dial out connections that manage the
network and allow multiple users to connect simultaneously. It basically grants access to the
WAN Network.

WAN Switch
WAN switches operate at the layer 2 of the OSI model; though some advanced switches also
work on layer 3 and function like a router. These switches support frame relay, ATM and x.25
standards and connect similar networks accordingly enabling the nodes to share the data.

Router
A router interlinks the network with the ISP and routes the data across the network. Different
protocols and standards are applied to achieve this goal. A router typically uses an external
device with it such as a switch, a CSU/DSU Unit, a modem (DSL or cable) to stay in touch with
the network and the ISP.

ISDN Terminal Adapter

An ISDN terminal adapter is used in ISDN network to connect with the modem or switch. This
adapter is not used for any conversion rather it is just an adapter that connect the BRI interface
with other interfaces. (CISCO, n.d.)

Routing Protocols in WAN:

There are several routing protocols used in WAN’s that enhance their capabilities and
performance. Some of these protocols are as below:
RIP
The Routing Information Protocol is used in LAN and WAN networks as a part of Interior
Gateway Protocol. It routes the information across the network with the help of distance vector
algorithm; meaning it stores the distance between the source and destination of the data packets
and routes them accordingly with the help of its routing table. This table is updated every 30
seconds with a hop limit of 15. This protocol has been replaced by OSPF because RIP is not
suitable for very large or complex networks.

IGRP
The Interior Gateway Routing Protocol works in an internal hosting environment within a
network to ensure that every router is functioning properly, is maintaining its routing tables, the
data packets have the best path for transfer and it also makes sure that there are no loops in the
network. This protocol also uses the distance vector protocol but it is way better than RIP in
terms of functionality since it allows hop up to 255 and sends the updated information to the
neighboring devices every 90 seconds.

OSPF
Open Shortest Path First (OSPF) is one of the IGP’s that are used to find the best available path
for the data packets to travel across the network. It also takes care that no loops are formed and
instead of updating the routing information every 30 seconds, it updates its table or the
information whenever a change has occurred. It also sends that every updated information to the
neighboring devices but only when a change has occurred. Hence, it ensures efficiency, saves
time and resources. It uses IP addresses at the base.

EGP
The Exterior Gateway Protocol is an absolute protocol used in a network to exchange
information about the routing table between gateways (routers). Whenever the routing table
addresses are to be updated or any other information EGP is used. Though BGP is an advanced
version of it with more capabilities and hence, it has replaced EGP.

EIGRP
The Enhanced Interior Gateway Protocol (EIGRP) is a Cisco proprietary protocol that works
with Apple talk and Netware. It is an enhanced form of IGRP, and it works by keeping a copy of
routing tables within it. Whenever a route is to be found the routers exchange a hello packet and
ask the best possible route for the data to travel. It utilizes the DUAL (Diffusing Update
Algorithm) to determine the most proficient path.

BGP
The Border Gateway Protocol (BGP) is widely used and is one of the most efficient routing
protocols. It is used for exchanging information between the routers and routing the data from
one point to another by making use of the most ideal path. When the network goes down or an
error occur the routing table is updated accordingly and only the updated or affected information
is sent to the neighboring devices. The Routing Information Base is located in the router
containing each and every information about the data paths. It uses TCP/IP protocols and is the
most scalable protocol yet.
Choose your network:
So which network is most fitting? Which hardware does it use and what cost factors are
included? The table below should provide the answer to all these questions.

CHOOSE YOUR NETWORK

WAN COST PROS CONS RESOURCES
TECHNOLOGIES
P2P Generally Reliable connection Doesn’t support May use Fiber Optic,
Expensive between two users, QoS, 2 computing devices
(depends High speed data Not scalable,
on the transfer, High risk factor,
distance Secure Not suitable for
and WAN now a days
bandwidth
required)
Circuit Affordable Extremely reliable, Initial set up is time Switches, DCE(Data
Switching Offers a dedicated consuming, Communication
path, Dedicated line Equipment) modem,
Minimal delays, reduces scalability DTE(Data Terminal
Supports long distance and communication Equipment),
communication with other mediums, Computers, cabling
wastes resources, etc.
Requires high
bandwidth
Packet Cost High data transmission, Packets arrive in the Switches, DCE(Data
Switching effective efficient use of wrong order at Communication
resources, secure, times, transmission Equipment) modem,
Allows transfer of delay, requires a DTE(Data Terminal
digital data(QoS), large RAM Equipment),
scalable Computers, cabling
 etc.
Dial Up Extremely Less cost, safe and Low speed, unstable Modem, a
cost secure, accessible connection, connection from the
effective Requires a phone ISP, cabling,
line. computers
DSL Affordable Faster than dial up, The quality of service A DSL modem or a
cost effective, it’s a depends on the router in addition to
dedication connection distance from the ISP cabling, line splitter
hence offers speed and provider, limited to and computers
reliability areas.
ADSL Cost Stable internet Greater the distance An ADSL modem or a
effective connection, high speed from the ISP poorer router in addition to
and reliabililty, enjoy the performance, cabling, line splitter
QoS not available globally and computers
in all regions,
uploading speed is
slow compared to
downloading.
VDSL Expensive Easy Installation, Distance from ISP Layer 3
Great performance and may affect speed, modem/routers,
reliability, higher speed not much popular or cabling, computers
(upto 70 Mbps), more recognized, a little
bandwidth support, expensive
Great QoS service,
MPLS Expensive Extremely scalable, Need to keep your A Provider Edge (PE),
best for organizations hardware updated a customer edge
and industries, less and secure at all (CE). These could be
staff, better times. layer 2/3 routers or
management of traffic, switches depending
great QoS can even on the requirements,
handle VoIP, cabling and
 guaranteed service and computers
delivery of data, high
throughput, speed,
bandwidth and
reliability
Ethernet WAN Less Flexible bandwidth, Difficulty in Routers, switches
expensive scalable, easy to troubleshooting the (depending on the
than MPLS implement, better and network, not requirement),
simplified suitable for traffic cabling and
management, supports intensive computers
QoS and reduces communication.
complexity, available
globally.

Justification and suggestion

Since the company is looking to set up 4 offices across a region two options that can be consider
include a MPLS or an ADSL network. VDSL and MPLS can get too expensive to set up but their
performance is outstanding. The reason for proposing ADSL is that it offers good speed,
reliability, scalability and QoS support in a reasonable price. Also it is not much difficult to set
up and is available in all regions with ease.

QoS
QoS or Quality of Service refers to the network traffic intensive services that are used globally to
gain benefit from those services. Services like VOD (Video on Demand), VoIP (Voice over IP),
audio/video streaming, video conferencing, online gaming etc are a part of this service.

There are certain factors that can affect the Quality of Service such as:

 Low throughput
It is possible that the bit rate at which the network is transmitting data may be too low and hence,
due to intensive user sharing and exchange of information the data stream can be affected
especially if all the packets get prioritized at the same time.

 Dropped Packets

This is can cause immense delays between the data transfer because if the network is congested
or heavily loaded the packets may be dropped or if the router buffers are full, the packets may
never reach the destination on time.

 Errors

Sometimes during transmission, a faulty packet can come into being or bit errors can arise due to
too much noise, transmission and interference (particularly if the network is using long distance
wires or is wireless). Hence in this case the data is to be retransmitted which not only acquires
resources but time as well.

 Latency

Latency is the time period taken when the packets have been held in a queue or takes a long
route. In rare cases latency can even cause the application to hang.

 Jitter

The delay of each packet from its source to its destination path is known as jitter. Each packet
may consume a different amount of time to reach its destination. Therefore, these delays are
highly unpredictable and can cause inconvenience.

 Out of Order Delivery

When the packets set out on their routes to reach a destination the order in which the packets
arrive is uncertain causing the sequence to be disrupted. For this purpose different protocols are
available that rearrange the order otherwise the latency, quality and efficiency of the service can
be seriously damaged.
QoS service is implemented at layer 3 and is based on classification and queuing. In
classification the QoS policies are implemented along with several protocols to avoid the above
mentioned mishaps. Queuing is for shaping the packets and sending them across a network.

Designing the Network

Since the requirements have already been determined it is time to identify the scope of the
project and work on its implementation.

Scope of the project

The project is to be used in four different branches of an organization located in remote
provincial regions within Oman.

Hardware Resources
The hardware resources that are expected to be used include the following:

Cabling
Copper Straight through
A copper straight through cable is used to connect host devices with the clients for example a
computer with switch or a hub, the switch with the router etc. These wires are commonly known
as cat5e (Category 5 Ethernet) cables and are connected with the connector A pin 1 in connector
B pin 1, connector A pin 2 in connector B pin 2 and so on.
Figure 9 Straight through cable guide Source: https://www.computercablestore.com/straight-through-crossover-and-rollover-
wiring

These wires cost around $2 - $10 per meter, depending on the quality of the product.

Serial cable
Serial cables are used to connect devices so that the devices may communicate and transfer data.
While using a serial cable it should be noted that there are two types: DTE and DCE. They are
connected according to the requirement for example a DTE is used with DSU/CSU, Terminals,
Routers, Hubs or modems whereas a DCE is mostly used for modems.

A serial cable is generally available within $6 to $15 depending on the quality.

Router
There are plenty of routers available by Cisco that can be used but the one recommended and
chosen for this network is the 2811 Router because of its VPN support. The router looks
something like this:
Figure 10 2811 Router Source:https://bit.ly/2NWgkiu

2811 ROUTER SPECIFICATIONS

Authentication Secure Shell v.2(SSH2)
Encryptions DES, Triple, SSL 3.0, 128 bit AES, 192 bit AES, 256
bit AES
Nominal Voltage AC 120/230V
Frequency 50/60 Hz
Power supply Internal
Connectivity Wired
Data Link Protocol Ethernet, Fast Ethernet
Network Transfer Protocol IPsec
Features MPLS support, QoS, VPN support, firewall
protection, hardware encryption, modular
design, wall mountable
Standards IEEE 802.1x, IEEE 802.3af
Remote Management Protocol SNMP 3
Cables USB, management, network, serial
Interfaces (2) Ethernet 10Base-T/100Base-TX, auxiliary, console
Connector type RJ-45
RAM 768 MB DDR SDRAM
Router CISCO IOS IP Base
Cost $800-$980
(CNET, 2018)

The router is also available in new like or refurbished conditions at the rate of $500. The fact that
its supports all the features required such as QoS, MPLS support (for update in future),
encryption (AES) and VPN support make this the best choice. The benefits this router has to
offer is perfect for the organization as it meets the requirements efficiently.

Switch

Figure 11 2950 Switch Source:https://bit.ly/2K9hJ36

The Cisco catalyst switch are high end switches with the ultimate user and performance
experience. Its specs are as under:

2950 CISCO CATALYST SWITCH

Type Fast Ethernet
Ports 24 x 10/100
RAM 16MB
Flash memory 8MB flash
MAC Address table size 8K entries
Voltage AC 110/220 V
Frequency 50/60 Hz
Operational power consumption 30 Watt
Power Supply Internal
Connectivity Wired
Cabling type Ethernet 100Base-TX, Ethernet 10BaseT
Features VLAN Support, auto negotiation, auto sensing per
device, full duplex capability, manageable
Standards IEEE 802.1D, IEEE 802.1Q, IEEE 802.1p, IEEE
802.1x, IEEE 802.3, IEEE 802.3u, IEEE 802.3x
Switching protocol Ethernet
Remote Management Protocols RMON, SNMP, SNMP 2
Communication Full and Half Duplex
Cost $500-$600
(CNET-CISCO, n.d.)

The features supported by this switch and the cost effective price is the benefit. This switch is in
alliance with the client’s requirements and hence, it is recommended that it should be used whilst
forming a network.

Server

Figure 12 CISCO UCS C220 M5 server Source:https://bit.ly/2KaAYZY

The server recommended for the organization is the CISCO UCS C220 M5 Server which is in
compliance with its requirements and budgetary constraint. Following are its specifications.

CISCO UCS C220 M5 Server

Form Factor 1RU Rack server
Processor Intel Xeon Scalable processors (2)
Memory 24 DDR4 DIMM Slots, 8, 16, 32, 64 and 128 GB
upto 2666MHz
PCIe expansion 2 PCIe 3.0 slots plus1 dedicated 12 Gbps RAID
controller slot and 1dedicated mLOM slot
RAID controllers Internal and external
Internal storage 10 x 2.5 inch SAS and SATA HDDs and SSDs and
upto 2 NVMe PCIe drives
Extended
NICs (Network Interface Cards) Dual 10GBASE-T Intel x550 Ethernet ports
Fans 7 hot swappable for front to rear cooling
Interfaces Serials ports, port connectors one VGA one RS
232 port, two USB 3.0 ports, 1 Gbps RJ 45 port,
Two LOM port, console
Cost $1000
(CISCO, n.d.)

The CISCO UCS C220 M5 server is a standalone server capable of supporting all the
requirements of the clients, handling the intensive traffic and allowing users to manage the server
proficiently. Therefore, buying and utilizing this server would be a recommended choice.

Cost of Network
The cost factor has been evaluated as under:

Resource Cost Quantity

Cabling $150 (if $10 per meter) – 2
Assumed
Router $800 –Max Assumed 3
Switch $500 – Max Assumed 4
Server $1000 – Max Assumed 1
PCs $500 per PC – Max Assumed 11
Other (subject to change) 2
Printer $450 per PC – Max Assumed
Total 120K
The budget falls within the grasp of the client and as always the prices were kept at peek for
assurance. It is most probable that the organization would save money as well.

Scalability of Network
Because of the router and server being incorporated in the network, the network is highly
scalable because both of these devices support scalability of the network. The client can upgrade
and expand their network with ease in the future.

Sysem Development Tools:

Tools and Resources
 Cisco Packet Tracer Version 6.30 or above
 A PC
 Internet connection


Installing Cisco Packet

The software can be downloaded from the CISCO Networking Academy’s website
www.netacad.com/courses/packet-tracer. All the instructions are available otherwise it can be
downloading from various websites on Google.com

Chapter 3

Project Deign
Implementation:
Now that every matter has been settled it is time to implement the network. It was decided that
the network would be first established in a virtual environment hence, one of the software’s
provided by Cisco was used. The network developed in the virtual environment can be deployed
with ease in the real time environment as well.

Designing the Network

For designing the network, the network topologies and devices were researched and it was
decided the using Hybrid Network Topology the following equipment would be used:

 Copper Straight through Cables

 Serial Cables
 2811 CISCO Router
 2950- 24 CISCO Switch
 Server PT
 Access Point

Setting the Network

So first of all, the base network is defined and the PC’s are placed. Drag and drop the devices
from the panel at the bottom of the screen.

Network Design Overview:

Computers and information networks are critical to the success of businesses, both large and
small. They connect people, support applications and services, and provide access to the
resources that keep the businesses running. To meet the daily requirements of businesses,
networks themselves are becoming quite complex.

Network Requirements

Today, the Internet-based economy often demands around-the-clock customer service. This
means that business networks must be available nearly 100 percent of the time. They must be
smart enough to automatically protect against unexpected security incidents. These business
networks must also be able to adjust to changing traffic loads to maintain consistent application
response times. It is no longer practical to construct networks by connecting many standalone
components without careful planning and design.

Building a Good Network

Good networks do not happen by accident. They are the result of hard work by network
designers and technicians, who identify network requirements and select the best solutions to
meet the needs of a business. The steps required to design a good network are as follows:

Step 1. Verify the business goals and technical requirements.

Step 2. Determine the features and functions required to meet the needs identified in Step 1.

Step 3. Perform a network-readiness assessment.

Step 4. Create a solution and site acceptance test plan.

Step 5. Create a project plan

After the network requirements have been identified, the steps to designing a good network are
followed as the project implementation moves forward. Network users generally do not think in
terms of the complexity of the underlying network. They think of the network as a way to access
the applications they need, when they need them.

Network Requirements:

Most businesses actually have only a few requirements for their network:

 The network should stay up all the time, even in the event of failed links, equipment
failure, and overloaded conditions.
 The network should reliably deliver applications and provide reasonable response times
from any host to any host.
 The network should be secure. It should protect the data that is transmitted over it and
data stored on the devices that connect to it.
 The network should be easy to modify to adapt to network growth and general business
changes.
  Because failures occasionally occur, troubleshooting should be easy. Finding and fixing a
problem should not be too time-consuming.

Network Design Methodologies:

Large network design projects are normally divided into three distinct steps:

Step 1. Identify the network requirements.

Step 2. Characterize the existing network.

Step 3. Design the network topology and solutions.

Step 1: Identifying Network Requirements The network designer works closely with the
customer to document the goals of the project. Figure 1-5 depicts a meeting between the designer
and the business owner. Goals are usually separated into two categories:

 Business goals: Focus on how the network can make the business more successful
 Technical requirements: Focus on how the technology is implemented within the network

Step 2: Characterizing the Existing Network

Information about the current network and services is gathered and analyzed. It is necessary to
compare the functionality of the existing network with the defined goals of the new project. The
designer determines whether any existing equipment, infrastructure, and protocols can be reused,
and what new equipment and protocols are needed to complete the design.

Step 3: Designing the Network Topology

A common strategy for network design is to take a top-down approach. In this approach, the
network applications and service requirements are identified, and then the network is designed to
support them. When the design is complete, a prototype or proof-of-concept test is performed.
This approach ensures that the new design functions as expected before it is implemented.
Chapter 4

Project Implementation

Enterprise Network:
Branch 1:

Branch 2:
Branch 3:

Branch 4:

Main Branch:
WAN Router:
Chapter 5

Project Testing

Connectivity Testing From Branch 1:

Connectivity from Branch 2:

Connectivity from branch 3:

Connectivity from branch 4:

WAN Configuration:
Router Configuration:
Chapter 6

Critical Evaluation

Discussion and Learning outcome:

In this project we configure Routers, Switches, PCs, configuration of servers and provide
screenshot and test connectivity in depth, we also learned about Network topologies, sub netting
methods and also different classes of IP addresses used in networks. The documentation and
configuration are part of the project. The proposed system will provide connectivity and
availability between enterprise networks and will satisfy employees in better way.

Evaluation Result:

After we complete the design, we perform the the evaluation of the design. We evaluate the
design of network in terms of performance and availability. We perform the availability
evaluation using Cisco Packet Tracer. On the other hand, we perform performance evaluation by
simulating using the real device due to the limitation of Cisco Packet Tracer simulator in
generating the data that resembles the actual situation.

In order to test the performance of the network design, we create testing environment by using
several device to make sure that data traffic can be accommodated in the design proposed to the
customer. The reason we need to create testing environment, because from the Cisco Packet
Tracer simulator the significant performance degradation happened. The topology created for
this testing purpose can be seen in figure.

CORE consist of one switche that configured as single logical by using stackwise feature from
Cisco. We use redundant link as device interconnection. Device interconnection is configured as
one logicalinterface by using link aggregation control protocol (LACP). Router is configured by
using virtual routing and forwarding (VRF) feature. By using this feature, one router can be
simulated as five instances by separating the routing table using VRF. Link between Core and
Access03 is configured as a trunk to allow multiple VLAN accross this interface. It will be used
to make multiple instances in this topology.

Impacting the Entire Network:

Adding new network applications and making major changes to existing applications, such as
database or Domain Name System (DNS) structure changes

 Improving the efficiency of network addressing or routing protocol changes

 Integrating new security measures
 Relocating servers to a data center server farm

Impacting a Portion of the Network:

Requirements that may only affect a portion of the network include the following:

 Improving Internet connectivity and adding bandwidth

 Updating access layer LAN cabling
 Providing redundancy for key services
 Supporting wireless access in defined areas

Justification and Conclusion:

By completing this project I am able to deploy my knowledge in real word by making a

enterprise network. This project also increases my confidence and I am able to define different
networking terms and concepts.

The network is efficient and manageable though there is always room for improvement hence, in
order to upgrade the system the two key elements that should be updated would be

1. Upgrade RIP to OSPF

2. Incorporation of MPLS and Fiber Optics would be a huge boost towards success and
betterment.
If the company increases its budget the network can be updated in the future and made more
proficient.

Future Scope

There is a vast future scope of this Network. This Design can be improved and can be used by
various banks. If the limitations present in this Design are removed then, this Network will
become very reliable and provide 100% uptime.

We can easily implement any changes to the Network Design as we are using the latest protocol
like Border Gateway Protocol (BGP) in our network which is having attributes to easily divert or
control the flow of data and QOS which can be used to allocate bandwidth to servers
accordingly.

LIMITATIONS

 We will not be able to resolve issues from any of the following by using this Network:
 Any unreported/ undetected Bugs in standard software’s, or tools
 Any changes in Application Software features
 Older versions are incompatible with current featuresLease line uptime depends on a
particular Service Provider.
 This Network is limited by the state of technology and functionality of software tools or
products deployed.
 Third-party IOS integration will be carried out on the best-effort basis.
 All hardware devices upgrades, hardware re-deployments, and policy changes shall be
done after the mutual consent of the customer, based on the impact it would have on the
overall security situation and performance of the network.
 Security can be implemented in a better way.
Refrences:

1. Frederick M. Avolio by Best Practices in Network Security by Frederick M. Avolio March 20, 2000

2. One Approach to Enterprise Security Architecture-SANS Institute InfoSec Reading Room-2002-Prepared

by: Nicholas Arconati.

3. John SherwoodSALSA: A Method for Developing the Enterprise Security Architecture and Strategy, 18
Braemore Road, Hove, East Sussex, BN3 4HB, UK.

4. Jeff Bertolucci, "Internet Of Things Wake-Up Call For Enterprises", 2013, URL-
http://www.informationweek.com/big-data/news/big-data-analytics/internet-of-things-wakeup-call-for-
enterprises/240154763

5. According Jericho, Shaul Efraim, Vice President of products, “Marketing and Business Development at
Tufin Technologies”, http://www.ittoday.info/Articles/EU_Data_Directive_2012.htm

6. David Bailey, “A Philosophy of Security Management”, P-98- 110, 2010

7. Hulus onder, “A security management system design”, July 2007, 99 pages

8. Plamen Nedeltchev, Principal Architect of IT, Borderless Networks, "The new opportunities of enterprise
networking", 2010, http://www.cisco.com/c/en/us/solutions/collateral/enterprise/cisco-on-
cisco/extended_enterprise_network.html

9. V. P. Gulati and V. Radha, "Preventing Technology Based Bank Frauds", published in The CID Review,
Journal of Crime Branch, CID, Tamil Nadu, March 2003, Vol III, Issue: 3, pp 31-44

10. V. P. Gulati and V. Radha, “IDRBT’s Working Paper No. 8 Enterprise Network Security”, 2012
http://www.idrbt.ac.in/publications/workingpapers/Working%20Paper%20No.%208.pdf

11. Lawrence C. Miller, “Cybersecurity For Dummies”, CISSP a Wiley Brand-

https://www.paloaltonetworks.com/network-infrastructure/enterprise-network-security

12. Martin Casado, Tal Garfinkel, Aditya Akella, Michael J. Freedman Dan Boneh, Nick McKeown, Scott
Shenker, “SANE: A Protection Architecture for Enterprise Networks”,-
http://yuba.stanford.edu/~casado/sane.pdf
13. Shawon m. Rahman, “ An overview of the security concerns in enterprise cloud computing”, -
http://arxiv.org/ftp/arxiv/papers/1101/1101.5613.pdf

14. Victor-Valeriu PATRICIU, Iustin PRIESCU and Sebastian NICOLAESCU, “Interdisciplinarity New
Approaches and Perspectives in the Use of Quantitative Methods”,
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.117.7747&rep=rep1&type=pdf
15. Homer, J. ; Kansas State Univ., Manhattan, KS ; Xinming Ou, “SAT-solving approaches to context-aware
enterprise network security management”,
http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=4808475&url=https%3A%2F%2Fround-lake.dustinice.workers.dev%3A443%2Fhttp%2Fieeexplore.ieee.or
g%2Fxpls%2Fabs_all.jsp%3Farnumber%3D4808475

16. R.P. Lippmann, K.W. Ingols, C. Scott, K. Piwowarski, K.J. Kratkiewicz, M. Artz &R.K. Cunningham
“Evaluating and Strengthening Enterprise Network Security Using Attack Graphs”,
http://llwebprod2.ll.mit.edu/mission/cybersec/publications/publication-
files/full_papers/0507_Lippmann.pdf

17. Scott A. Bernard, “An Introduction to Enterprise Architecture: Third Edition”,-

https://books.google.co.in/books?hl=en&lr=&id=OkNMFI3_L_YC&oi=fnd&pg=PA7&dq=Enterprise+Net
work+Security+Architecture+Strategy+Evaluation&ots=wAkyWxxzLV&sig=BTy0JEIVRa8QrFbHW-
gNHL_s1X4#v=onepage&q&f=false

18. Peter E.D Love, Zahir Iranib & David J Edwardsc, “Industry-centric benchmarking of information
technology benefits, costs and risks for small-to-medium sized enterprises in construction”, Volume 13,
Issue 4, July 2004, Pages 507–524 -http://www.sciencedirect.com/science/article/pii/S0926580504000202

19. On the Design and Use of Internet Sinks for Network Abuse Monitoring by Vinod Yegneswaran, Paul
Barford, Dave Plonka, Volume 3224 of the series Lecture Notes in Computer Science pp 146-165-
http://link.springer.com/chapter/10.1007/978-3-540-30143-1_8#page-1

20. Enterprise Architecting: Critical Problems by Kaisler, S.H. ; U.S. Senate ; Armour, F. ; Valivullah, M.-
Published in: System Sciences, 2005. HICSS '05. Proceedings of the 38th Annual Hawaii International
Conference on ate of Conference:03-06 Jan. 2005, Page(s): 224b & ISSN: 1530-1605, Print ISBN:0-7695-
2268-8
http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=1385698&url=https%3A%2F%2Fround-lake.dustinice.workers.dev%3A443%2Fhttp%2Fieeexplore.ieee.or
g%2Fxpls%2Fabs_all.jsp%3Farnumber%3D1385698

21. Leonard L Mutembei, Aloys N Mvuma and Tabu S Kondo. Article: Network Security Analysis in the
Enterprise LANS. International Journal of Computer Applications 101(13):37-42, September 2014
http://www.ijcaonline.org/archives/volume101/number13/17751-8837
22. A Novel Architecture for Enterprise Network Security by Chao Chen, Beijing, China, Ke Wang & Yiqi
Dai. -Published in: Computational Intelligence and Security, 2009. CIS '09. International Conference on
(Volume:1 )Date of Conference:11-14 Dec. 2009 (s): 537 - 541 Print ISBN: 978-1-4244-5411-2 INSPEC
Accession Number:11060538.-
http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=5375916&url=https%3A%2F%2Fround-lake.dustinice.workers.dev%3A443%2Fhttp%2Fieeexplore.ieee.or
g%2Fxpls%2Fabs_all.jsp%3Farnumber%3D5375916

23. Constructing Enterprise Information Network Security Risk Management Mechanism by Ontology by
Fong-Hao Liu & Wei-Tsong Lee. - Tamkang Journal of Science and Engineering, Vol. 13, No. 1, pp. 79-
87(2010) - http://www2.tku.edu.tw/~tkjse/13-1/09-IE442.pdf

24. CISCO. (n.d.). Cisco UCS C220 M5 Rack Server. Retrieved from CISCO:
https://www.cisco.com/c/en/us/support/servers-unified-computing/ucs-c220-m5-rack-server/model.html

25. CISCO. (n.d.). Introduction to WAN Technologies. Retrieved from CISCO:

http://docwiki.cisco.com/wiki/Introduction_to_WAN_Technologies#WAN_Devices

26. CISCO SYSTEMS. (2008, 02 15). Implementing Quality of Service Policies with DSCP. Retrieved from
CISCO: https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-packet-marking/10103-
dscpvalues.html

27. Cisco Systems. (2012, Octuber 16). Introduction to WAN Technologies - DocWIki. Retrieved from
docwiki.cisco.com: http://docwiki.cisco.com/wiki/Introduction_to_WAN_Technologies

28. CNET. (2018). Cisco 2811 Integrated Services Router - router - desktop Series. Retrieved from CNET:
https://www.cnet.com/products/cisco-2811-integrated-services-router-router-desktop-series/specs/

29. CNET-CISCO. (n.d.). Cisco Catalyst 2950-24 - 24 port switch. Retrieved from CNET:
https://www.cnet.com/products/cisco-catalyst-2950-24-24-port-switch/specs/