Arsenal, Ainslhey Jannelle

Borlongan, Monica
Panganiban, Janne Mariu
Casama, Jan Karl
BSCS3A

1. Network Topology. Define the overall structure, such as whether it's a star,
bus, ring, or a hybrid topology.
- We have selected the star topology for our network topology. This is
the most frequently employed topology in workplace or home
environments due to its simplicity of installation and ability to easily
add more computers to the central node. Therefore, it is widely
considered the simplest type of network topology to design and set
up. The primary benefit of the star topology is its ability to seamlessly
add or remove new peripherals without causing any disruption or
failure to other peripherals connected to the central hub.
- Another benefit of the star topology network is its centralized
management, which facilitates network monitoring and prevents the
failure of one node from affecting the entire network. A significant
drawback of a star topology is the reliance of all peripheral devices
on a central device, resulting in a complete network failure if the
core device malfunctions.
- Benefits of star topology The advantage of a star network is that if a
cable fails, only the node connected to that cable will be affected.
Additionally, it is easy to connect two star networks together by
linking their central devices. The network is also easily managed due
to its centralized management.
- The disadvantages of star topology include the potential for
complete system failure if the central device malfunctions, leading to
the loss of connectivity for all computers.

2. IP Addressing Scheme. Allocate IP addresses for devices, ensuring

efficient subnetting and addressing for different departments.
-IP addressing and subnetting are essential principles in networking that
facilitate the management and organization of communication among
devices on a network. Below is a concise summary of IP addressing and
subnetting:

IP Addressing:
An IP address, short for Internet Protocol address, is an exclusive numeric
identifier given to any device that is linked to a computer network.
IP addresses come in two versions: IPv4, which is 32 bits long, and IPv6,
which is 128 bits long. IPv4 addresses are more prevalent.

3. Security Measures. Implement firewalls, intrusion detection/prevention

systems, and VPNs to safeguard the network.
- To keep the network safe, it is essential to install firewalls, intrusion
detection and prevention systems (IDS/IPS), and virtual private networks
(VPNs). An explanation of what each is and how you may put it into
practice follows:

Internet security measures:

An internal, trustworthy network can be isolated from an external, untrusted
network (like the internet) by means of a firewall. Based on predetermined
security policies, they oversee and manage all network traffic, both
incoming and outgoing.
Implementation:
We head over to System Preferences, then Security & Privacy, and finally
Firewall to activate the built-in firewall on my Mac.Software or hardware
firewalls designed specifically for use in enterprise settings are possible.

Identity and Access Prevention Systems (IDS/IPS):

Intrusion Detection Systems (IDS) are programs that scan a system or
network for signs of suspicious activity and warn the user when they find
any. In addition, IPS takes action by blocking or actively inhibiting harmful
actions.

Application: Open-source intrusion detection and prevention systems

include Snort, Suricata, and Bro.
Advanced functionality is provided by commercial systems such as Snort
(with a subscription), Palo Alto Networks, and Cisco Firepower.

Internet Protocol Secure (VPNs):

A virtual private network (VPN) is a method of establishing an encrypted
connection over an insecure network, such as the internet. When
communicating with the business network from a remote location, they
safeguard sensitive information. In terms of implementation, VPN clients are
already present on both macOS and Windows. Commonly used enterprise
solutions include Cisco AnyConnect, OpenVPN, and Microsoft

DirectAccess.
By using multi-factor authentication, keeping your VPN software
up-to-date, and using strong encryption techniques (like AES),. Make sure
your users know how to recognize phishing efforts, create secure
passwords, and report any strange activity.

Records keeping and oversight:

Establish reliable logging procedures, and routinely inspect logs for any
suspicious activity. For centralized monitoring, use SIEM (Security Information
and Event Management) systems.
4. Protocols. Specify the use of protocols like TCP/IP, DNS, DHCP, and
implement QoS (Quality of Service) mechanisms for optimal performance.
● Transfer Control Protocol/Internet Protocol (TCP/IP): - Crucial for
communication within networks. Set up a domain name system
(DNS), gateways, IP addresses, and subnet masks.
● The Domain Name System (DNS): system converts domain names into
IP addresses. Make sure that routers and computers have the correct
DNS settings.
● Dynamic Host Configuration Protocol: Assigns IP addresses
automatically.
● Servers and routers can be configured to act as DHCP servers.
● Quality of Service: Gives network traffic priority. Establish the best
possible quality of service configurations on switches and routers.
● Network Monitoring- Set up systems to monitor and analyze traffic
patterns.
Configuration Testing and Optimization: Test and optimize configurations on
a regular basis. We keep track of our network's configuration in a
document for future reference and troubleshooting purposes.
Security: Incorporate safeguards into these protocols simultaneously.

5. Wireless Network Design. If applicable, design a secure and scalable

wireless network with considerations for coverage and interference.

- Other stations are unaffected by station failures.

network. Bus topology spares the network if one computer or device fails.
Performance changes have no effect. The network's linear design connects
all units. transports data to the backbone for other linked units.
Thus, it works well for uninterrupted talking. Great bargain too.
Small networks (4 computers) benefit from its simple architecture. All
gadgets can communicate via single coaxial or RJ45 connections. You
can easily add new nodes. By adding network lines, I employed mesh
topology for Analyst and MIS. Staff is needed because it controls large
traffic and lets devices share information simultaneously. No single device
failure causes a network outage or data transfer. When devices are
added, data transmission is not interrupted. Furthermore, I chose this
because analysts and employees use each machine. It plans, develops,
and implements hardware and software applications. Programming and
systems network and integration or MIS
Members of the company can readily access their work. Using a wireless
router.

6. Virtual LANs (VLANs). Implement VLANs to logically segment the network,

enhancing security and efficiency.
- Implementing VLANs in each network segment improves security and
efficiency. Separate departments or functions into VLANs for better
separation. We use redundancy and load balancing, notably in the
mesh topology, to ensure continuous operation and the best
performance.

Protective measures:
Firewalls, intrusion detection, and VPNs should be enforced. Update
security protocols regularly to avoid vulnerabilities. Monitor and manage
each topology with network monitoring tools.
Improve network administration with centralized management.
This approach simplifies small networks, provides stability for analyst and MIS
tasks, and makes wireless technology accessible for company-wide use.
Specific requirements and future scalability may demand adjustments.
Network performance depends on regular maintenance and monitoring.
7. Software-Defined Networking (SDN). Explore how SDN can be integrated
to centrally manage network resources and enhance flexibility.

SDN centralizes network resource management through software

applications. SDN makes network infrastructure more flexible and
programmable by separating the control and data planes. Integration of
SDN can centrally control network resources and increase flexibility.
In SDN, key components include the controller.The SDN controller, which is
the network's brain, decides how to route traffic. It centralizes network
management by communicating with switches and routers.
- APIs southbound: SDN controllers can communicate with network devices
like switches and routers using these interfaces.
RESTful, OpenFlow, and NETCONF are southbound APIs.
- APIs northbound: Northbound APIs allow SDN controllers and network users
to communicate.
Custom programs that control the network can be created.
Integration and benefits: management of networks centrally. Centralizing
network management activities with SDN makes it easier to configure,
monitor, and troubleshoot the entire network.
- A Dynamic Traffic Engineering
Real-time traffic flow optimization is possible with SDN. For fluctuating
workloads or unexpected network events, this is helpful.
flexibility: The programmable network infrastructure of SDN allows custom
applications to manage network behavior.
Software lets network managers change policies, routing, and security rules
without manually configuring devices.
Virtualizing networks: Multiple virtual networks can be created on a shared
physical infrastructure with SDN.
This helps isolate company services and departments.
Better resource use: The centralized control of SDN improves resource
allocation and use. Administrators can manage bandwidth, prioritize traffic,
and use network resources efficiently.
Fast service deployment:
SDN programmatically configures the network to quickly deploy new
services and applications. Dynamic environments that require rapid
adaptation benefit from this.

8. Internet of Things (IoT) Integration. If relevant, consider how IoT devices

could be incorporated securely into the network.

- The bus topology is a simple architecture for small networks with 4

machines. A single coaxial or RJ45 connection connects all devices.
- IoT integration: We created a bus-topology VLAN for IoT devices.
Secure IoT devices with strong authentication and encryption.
Simple bus topology allows for efficient management of a limited number
of IoT devices.
- Mesh Topology for Analyst and MISNetwork: Description: Used for these
networks. Analysts and MIS workers manage big traffic and communicate
data.
- We enable IoT integration by expanding the mesh network to include
devices used by analysts and MIS. We use SDN to centralize mesh IoT traffic
management.
- Advantages: Scalability for IoT devices in a dynamic, redundant mesh
topology.
- Wireless Router for Company-Wide Access: Company members can easily
access their work with a wireless router. To integrate with IoT, set the wireless
router with strong security measures (WPA3). IoT devices need a different
SSID and access controls.Benefits: Ensures secure and accessible IoT
connectivity for company-wide devices.
- IoT Device Security: Controlling access and authentication
IoT devices on bus and mesh networks need strong authentication.
Control access to prevent unauthorized entry.
Monitor and detect network anomalies
- We use SDN to monitor IoT devices.
Use anomaly detection to spot security threats.
Separation and Division:
- Split IoT traffic into dedicated VLANs, especially in bus topologies.
SDN segmentation improves mesh network security.
- IoT Communication Encryption:Send IoT data to the backend encrypted.
Secure communication techniques protect data in transit.
- Physical Security for IoT Devices: Prevent unauthorized access by
physically securing devices. We Use tamper-evident packaging or secure
enclosures. Integrate physical security measures on IoT devices connected
to bus and mesh networks. Benefits: Reduces IoT device threats against
physical tampering or illegal access.
- Regular Security Audits and Assessments: Description: Perform periodic
security audits for IoT devices. Be proactive in fixing security issues.
Integrate security assessments for bus and mesh networks, concentrating
on IoT device security. Benefit: Ensures continuous security for networked IoT
devices.
- Securely integrating IoT devices into the network design creates a
cohesive and resilient infrastructure that uses bus and mesh topologies. To
react to changing threat environments and IoT technologies, regularly
review and update security practices.

9. Disaster Recovery Plan. Devise a plan for network recovery in case of

unexpected events, ensuring business continuity.

Integrated Network with IoT Devices: Short Disaster Recovery Plan (DRP)

● Risk Assessment- Identify and classify hazards, including IoT

device-specific risks.
● Backup and Redundancy - Regularly back up essential network and
IoT device configurations. Make crucial components redundant.
● Communication Plan- Create a plan to notify stakeholders, including
IoT device management teams.Define acceptable recovery time
and point objectives for IoT services.
● Emergency Response Team- Assemble an IoT-expert team to
conduct the DRP.
● Network Segmentation- Isolate areas, including IoT devices, to
prevent future damage.
● Data Center Recovery - Create a backup data center for crucial
components, including IoT data.
 ● Alternative Connectivity- Make sure IoT devices can effortlessly
transition between connectivity options.
● Inventory and Documentation - Update inventory and recovery
procedures, including IoT details.
● Testing and Drills - Schedule regular DRP testing to simulate IoT device
failures.
● Post-Recovery Analysis- Evaluate and optimize IoT device recovery
method.
● Employee Training: - Educate relevant personnel, particularly IoT
device management teams, on their roles during recovery.

10. Documentation. Provide comprehensive documentation, including

network diagrams, configurations, and a rationale for design decisions.

Network management and future reference require detailed

documentation, including network diagrams, configurations, and reasons.
The following documentation template is based on the prior information:

- Network Overview:
The network is designed for small networks using a mix of bus and mesh
topologies. IoT device integration is secured by network segmentation,
encryption, and access controls.
- Diagram of network: This diagram shows the bus topology for small
networks, mesh topology for Analyst and MIS, and wireless router for
company-wide access.
- Small Network Bus Topology Configuration: Connect devices via a single
coaxial or RJ45 connection.
- Isolating IoT devices with VLANs.
Reason: Simple and cost-effective for small networks.
VLANs protect and isolate IoT devices.
- Configure Mesh Topology for Analyst and MIS with SDN Integration.
The mesh centralizes IoT device management.
The rationale is to ensure scalability and redundancy for essential functions.
SDN enables dynamic IoT data flow traffic engineering.
- Configure Wireless Router: - Secure configuration with WPA3, separate
SSID for IoT devices, and access controls.
Justification: Offers company-wide wireless connectivity.
Helps IoT devices communicate securely.
- IoT Device Security: Configuration: Strong authentication and access
controls. Communication encryption between IoT devices and the
backend.
- Justification: Reduces danger of data breaches and illegal access.
Protects IoT data transmission.

- DRP: Disaster Recovery Plan

Plan elements include risk assessment, backup, redundancy,
communication, RTO/RPO definitions, emergency response team, network
segmentation, data center recovery, connectivity options, inventory,
documentation, testing, drills, post-recovery analysis, and employee
training. Disaster detection, emergency response team activation, segment
isolation, connectivity switching, data center switching, IoT device
recovery, regular communication, and post-recovery analysis.

Summary:
The network architecture and documentation aim to integrate IoT devices
securely, scalable, and resiliently to provide business continuity in the face
of unexpected events.This extensive documentation helps network
administrators manage, diagnose, and improve. As the network changes,
documentation should be updated and reviewed.