The hierarchical network design model breaks the complex flat network if the enterprise is planning to merge or acquire any new business); it can also and designed properly to meet their current and future requirements. together in order to share resources and ultimately reach the larger global. Internet. The network design you choose to implement should fit the commu- . But once the communication becomes more complex than a simple . Interconnected networks must agree on an IP addressing plan. .. access policy requirements. Plan and design a complex network to meet business requirements. Plan network implementation to provide network services and resources to meet.
The closet also serves as the installation location for LAN access layer switches that provide the connection ports for wireless access points, computers, printers and other network hardware your company may use.
The access layer switches will connect to the computer room switches using multi-mode fiber optics. Step 7 Select access layer switches based on your projected growth requirements for network ports and future expectations for wireless network service, voice and video integration and quality of service.
This approach ensures that network hardware meets the needs of the company and supports the addition of new features without hindering performance. Plan enough strands of fiber between the access layer and the computer room switches for growth as well as ensuring that the fiber uplinks and switch ports will support bandwidth requirements.
Step 8 Select switches and routers, introducing standards for each layer of the network. For the access layer, consider standardizing on a chassis based switch for areas of the building where you need to support future expansion and added ports or features.
Use smaller switches in other areas. When you create a standard for network hardware, you reduce variations and ease support as staff members are familiar with the equipment. Network switches and routers must support immediate port requirements and have the ability to expand when new features are introduced.
Determine if the manufacturing portion of the network will require switches that tolerate environments that produce higher temperatures or conditions that will require a hardened industrial-based switch.
Step 9 Select computer room switches. Evaluate dual switches designed to support fiber connections from each access layer telecommunication closet.
Plan the port density and speeds to support the servers in a combined distribution and core layer. A dual switch configuration in the computer room provides redundancy and scalability when you use chassis-based switches. As an alternate approach, consider a single enterprise-class switch to reduce cost and support future progression to a dual switch design.
Present both options to the management team, identifying the benefits, risks and costs of each option. Step 10 Develop an IP address design that meets growth requirements and selects a routing protocol for the network to support fast convergence with ease of management.
If you're designing to support multiple buildings, select a network transport service and bandwidth based on your performance requirements and growth projections, including planned new applications. When making WAN transport selections to connect buildings, consider the flexibility of the service that will support bandwidth changes to meet future requirements.
Developing Network Security Strategies
Implementation Step 1 Plan a phased approach to implementation. Introduce the computer room core switches first, providing connectivity to the servers. Depending on the size of the company and business process needs, it might be possible to immediately follow this activity on the same day by implementing the new access layer switches.
Schedule wide area connectivity following the introduction of the core switches in the computer room, selecting a time that does not conflict with the access layer installation.
Coordinate wide area connectivity with the telecommunication vendor providing this portion of the network service. Step 2 Inform all employees of the scope of implementation for each phase, along with dates and times. Implementation of new equipment generally means systems and data will not be available at the time of the change. This gives employees the opportunity to plan their work around the resulting downtime.
Step 3 Pre-configure network equipment and test it prior to implementation.
Step 4 Schedule the personnel and support needed from among IT department staff members and any vendor staff that must support the implementation. The goal of this chapter is to help you work with your network design customers in the development of effective security strategies, and to help you select the right techniques to implement the strategies. The chapter describes the steps for developing a security strategy and covers some basic security principles.
The chapter presents a modular approach to security design that will let you apply layered solutions that protect a network in many ways. The final sections describe methods for securing the components of a typical enterprise network that are most at risk, including Internet connections, remote-access networks, network and user services, and wireless networks.
Security should be considered during many steps of the top-down network design process. This isn't the only chapter that covers security. Chapter 2, "Analyzing Technical Goals and Tradeoffs," discussed identifying network assets, analyzing security risks, and developing security requirements. Chapter 5, "Designing a Network Topology," covered secure network topologies.
This chapter focuses on security strategies and mechanisms. Network Security Design Following a structured set of steps when developing and implementing network security will help you address the varied concerns that play a part in security design.
Many security strategies have been developed in a haphazard way and have failed to actually secure assets and to meet a customer's primary goals for security. Breaking down the process of security design into the following steps will help you effectively plan and execute a security strategy: Analyze security requirements and tradeoffs.
Developing Network Security Strategies > Network Security Design
Develop a security plan. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff.
Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Chapter 2 covered steps 1 through 3 in detail. This chapter quickly revisits steps 1 through 3 and also addresses steps 4, 5, 6, and Steps 7 through 10 are outside the scope of this book.
Identifying Network Assets Chapter 2 discussed gathering information on a customer's goals for network security. As discussed in Chapter 2, analyzing goals involves identifying network assets and the risk that those assets could be sabotaged or inappropriately accessed.
It also involves analyzing the consequences of risks. Network assets can include network hosts including the hosts' operating systems, applications, and datainternetworking devices such as routers and switchesand network data that traverses the network. Less obvious, but still important, assets include intellectual property, trade secrets, and a company's reputation. Analyzing Security Risks Risks can range from hostile intruders to untrained users who download Internet applications that have viruses.
Hostile intruders can steal data, change data, and cause service to be denied to legitimate users. Denial-of-service DoS attacks have become increasingly common in the past few years. See Chapter 2 for more details on risk analysis. Analyzing Security Requirements and Tradeoffs Chapter 2 covers security requirements analysis in more detail.
Although many customers have more specific goals, in general, security requirements boil down to the need to protect the following assets: The confidentiality of data, so that only authorized users can view sensitive information The integrity of data, so that only authorized users can change sensitive information System and data availability, so that users have uninterrupted access to important computing resources According to RFC"Site Security Handbook: Cost in this context should be remembered to include losses expressed in real currency, reputation, trustworthiness, and other less obvious measures.
As is the case with most technical design requirements, achieving security goals means making tradeoffs. Tradeoffs must be made between security goals and goals for affordability, usability, performance, and availability. Also, security adds to the amount of management work because user login IDs, passwords, and audit logs must be maintained.
Security also affects network performance.
Security features such as packet filters and data encryption consume CPU power and memory on hosts, routers, and servers. Encryption can use upward of 15 percent of available CPU power on a router or server. Encryption can be implemented on dedicated appliances instead of on shared routers or servers, but there is still an effect on network performance because of the delay that packets experience while they are being encrypted or decrypted.
Install and manage complex ICT networks - RMIT University
Another tradeoff is that security can reduce network redundancy. If all traffic must go through an encryption device, for example, the device becomes a single point of failure. This makes it hard to meet availability goals. Security can also make it harder to offer load balancing. Some security mechanisms require traffic to always take the same path so that security mechanisms can be applied uniformly. For example, a mechanism that randomizes TCP sequence numbers so that hackers can't guess the numbers won't work if some TCP segments for a session take a path that bypasses the randomizing function due to load balancing.
Developing a Security Plan One of the first steps in security design is developing a security plan.
A security plan is a high-level document that proposes what an organization is going to do to meet security requirements.