Network Security Assignment

Presented by: Presented To:

• It also has a branch office in Bangkok City, which employs approximately 150 people and is
250 kilometers distant.

• The following evaluation is to build a secure network connection for NAR Sdn Bhd. between
two separate locations, one in Penang and the other in Bangkok, as well as configuring various
network devices like as switches, routers, and others.

• The organization also wants to keep potential risks from attacking the internal and DMZ hosts.
Topology of the Network Diagram
Chapter / Sections
 Solution
“Client workstations (sales, engineering, finance, R&D and delivery) must be able to access the web
server at the DMZ over HTTP and HTTPS. The web server should be reachable from the external clients
over HTTP and HTTPS only. (Solution and configuration)”
 Solution
“Clients should also be able to put and get files via FTP to the same server. The company requires
implementing FTP with user and password is essential for each transaction. (Solution and
configuration.)”
 Solution
“Engineering, finance and sales workstations must be able to
access the Internet (to reach the branch company) over ICMP,
HTTP and HTTPS with DNS. No other protocol access is
allowed to the Internet. (Solution and configuration.)”
• The third criterion is nearly identical to the first solution.
• For the second part where no other protocol is access over
internet, we have to apply the ACL to permit or deny the request
in the router. First of all, we have to permit a specific ACL for
different department of Penang Headquarter where different
protocol such as HTTP, HTTPS, ICMP and DNS must be
permitted. Then, in addition to these protocols, another ACL
should be formed that denies all other protocols.
 Solution
“Client workstations must be able to check their e-mail on the e-mail server at the DMZ. (Solution and
configuration.)”
Continue
 Solution
“The e-mail server should be able to receive e-mail from external hosts over the simple mail transfer protocol
(SMTP). (Solution.).”

• In the following situation, the e-mail server that must accept e-mail from an external host through the
simple mail transfer protocol (SMTP). In such instance, it must pass via a firewall and a DMZ since the
network interacts with the firewall, necessitating the deployment of NAT.

• The purpose of Network Address Translation (NAT) is to conserve IP addresses. It allows private IP
networks to access the web using unauthorized Ip's. Before signals are routed to some other network,
NAT acts on a gateway, generally linking two or more networks, and converts private addresses in the
corporate network into lawful ones. NAT may be set to broadcast only one address for the whole
network to the external sector as component of this feature.
 Solution
“VLAN technology is mandatory to be implemented in all sub networks. Management and Native VLAN
are required for deployment. Implement secured VLAN is mandatory. (Solution and configuration.)”
 Solution
“No client from sales, engineering and finance department can access clients in the other departments.
(Solution and configuration.)”

• Access Layer
 Solution
“Explain any THREE types of layers two attacks. Implement layer two securities as a requirement in the
company LAN. (Solution and configuration.)”
• Types of layer two attack:
PVLAN Attacking
VLAN Hopping
MAC address hopping
 Solution
“Bastion host works as an application proxy. You are required to explain the solution in detail.
(Configuration is not required).”
• For the security purpose a proxy server is used. So, basically bastion host is used as an application proxy. A
bastion host is a server that allows authorized users to connect to a private network across a public network like
the internet.
• Bastion hosts are frequently used by system operator to monitor networked resources remotely. Bastions make
security management easier. The bastion host has its own subnet and a Source ip that can be accessed through the
internet. All web traffic can be blocked on the internal network, leaving only SSH communications with the
bastion server. Operators may concentrate their security efforts on safeguarding a single resource because all
outside traffic is routed through the bastion.
• Let’s talk about the advantages of using bastion host. One advantage of applying a bastion is the possibility
to use services that really don't require a floating IP for each existing server and don't have to be
immediately accessible through the internet. The bastion host can tunnel most admin communication as
well as some user traffic. There is also a benefit to utilizing bastion host as an application proxy, that is it
increases the efficiency to access information from the Internet, because the application proxy already
saves it in cached memory, making it faster to access next time.
 Solution
“Connectivity between HQ in Penang and branch office in Bangkok is a requirement. What is the best
solution? Elaborate on the solution. (Configuration is not required).”
• For faster, steady and connection without error connectivity between company HQ in Penang and branch
office in Bangkok, the best result is to implement fiber-optic cable connection between the both companies.
• In the IT sector, a fiber-optic cable connection is one of the newest advancements. These connections can give
a speedier and more solid connection to any location that requires a secure and quick connection. They're
made for long-distance data telecommunications and network applications. Fiber optic lines have a greater
bandwidth than conventional cables and can carry data across longer distances .
• There are benefits using the fiber-optic cable. The first advantages of using fiber-optic cable is it has for
greater capacity. A fiber cable's internet bandwidth easily outnumbers that of a copper wires of comparable
thickness. The requirement for signal boosters is reduced because light can travel considerably greater
distances over a fiber line without losing its strength. Interference is less likely with a fiber optic cable. To
protect a copper network cable from electrical waves, it must be shielded. Most of these issues are avoided
due to the physical features of fiber optic cables.
 Solution
“Data transmitted over the network must be kept disguised and only intended recipient can read it. Hackers are
unable to understand the content even they can wiretap the communication. (Solution on the techniques, no
configuration is required) ”
• A Virtual Private Network (VPN) is used to prevent unwanted recipients from accessing data transmitted over the network
and to gain the knowledge and understanding of the data. The company staffs of both company HQ in Penang and branch
office in Bangkok can both gain and exchange the resources even though they are not on same Local Area Network
(LAN) physically.
• The term "virtual private network" refers to the ability to produce a secure network connection while using public
networks. VPNs secure your internet activity and hide your true identity on the internet. Third parties will have a harder
time tracking your online activities and stealing data as a result of this. The encryption is carried out in real time.

• There are different advantages of using the Virtual private network. Some of the advantage are
discussed as follow. First advantages of using VPN is Apps and websites can monitor your internet
activities in real time and analyze the information they gather. A VPN can help keep data you send and
receive private and safe by preventing browser and others from accessing your connection. The second
advantage is VPN helps to escape from data throttling. Data throttling means When you've used a
specific amount of data, your internet provider slows your connection without your knowing. Another
advantages of using VPN is it helps in avoiding bandwidth throttling. Bandwidth throttling means when
your ISP with influence over how your Wi-Fi network works purposely slows down your internet speed
 Solution
“The company requires implementing intrusion detection systems (IDS).” (No Configuration is required.)

• IDS refers to a hardware or software system that provides network evaluation services for illegal conduct or
protocol violations (Intrusion Detection System). Furthermore, it is frequently utilized for the goal of
gathering and notifying damaging conduct and breach. Various types of intrusion detection systems (IDS)
have been addressed to detect intrusions as soon as they are identified.

• It also examines all incoming and outgoing data traffic for abnormal anomalies which may signal a specific
network assault by person trying to breach in to and damage a program.

• Furthermore, it can be utilized to reconfigure the TCP session via delivering a specific signal when an
intrusion or vulnerability has been identified.
 Solution
“Implement VPN between Penang and Bangkok network. (Configuration is required.)”
Continue
 Solution
“Implement SSL encryption between Penang and Bangkok. (Solution).”
Network Configuration and Configured
Devices
 Conclusion
Finally, this project taught the teams how to build up a full network in Packet Tracer, how to manage network
components, and what security solutions are possible or accessible in the system. Through the project, we were
able to examine the interplay among devices that make up the computer network, and also develop, deploy, and
administer infrastructure safety devices. Furthermore, the assessment’s requirements were met with an
optimization method, and the full network settings were operational. Furthermore, the network's integrity
requirement has been continuously monitored and controlled in order to secure the distant communication
between both locations.
Appendices