Network security is important these days. It is because nowadays, there are a lot of cyber crime occurred everywhere around the world either it is minor or major. It could bring the company down due to confidential information about the company being exposed to the public such as their rival.
Network security involves of the terms and policies implemented by a network administrator to avoid and observe any unusual activities on the network such as someone illegally access into the network, use wrongly, modification or denial of a computer network. Network security is usually controlled by a network administrator who execute the security policy, network, software and hardware have to secure the network and the resources accessed through the network from illegal access.
A network security system normally depends on levels of security and consists of several components including networking monitoring and security software in addition to hardware and appliances. All components work together to increase the overall security of the computer network.
Here are the examples of network security that needs to be implemented in the Kiwi SDN BHD network, the firewall, anti-virus software and encryption. So firstly, I am going to discussed about the firewall. Firewall is a system designed to avoid unauthorized access to or from a private network. Firewall can be software or hardware. It manages the network traffic of the incoming and outgoing data packets by analyzing and deciding whether it should be allowed through or not, based on a rule set.
Most of the personal computer(PC) operating system consists of software-based firewalls to defend against risks from the public internet. Many routers that pass data between networks have firewall components and, on the other hand, many firewalls can carry out basic routing functions.
This company need to implement the stateful firewalls because it is much more safer than a regular packet filter. A stateful firewall is more sophisticated and difficult compared to stateless firewall. Stateful firewall watches traffic end to end and keeps track of open connections on state table and intelligently relates new connection requests with these states. It able to identify the packets and can evaluate either the the packet can pass through the network or not.
Second, the anti-virus software. Anti-virus software is a very useful to Kiwi company because this software helps to protect, identify and remove any potential malware on your computer system such as hard disk. These days, we can get different types of anti-virus software in the market due to increasing number of computer, internet users and also malware.
Always scan you computer system in order to prevent from the viruses and it needs to run in the background at all times and keep updating the software so it identifies new version of malicious software.
Finally, encryption. Encryption should be implemented in Kiwi company's network.. Most of the website uses this encryption to protect the sites for viruses or steal the files. Encryption is the conversion of data into a secret code.
Encryption is the most successful method to attain data security. In order to read an encrypted file, you must have right to use to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text, encrypted data is referred to as cipher text. Encryption is the safer way to protect the data and information on the computer system.
MERIT 1
Hub is a hardware device, that connects several computers on the network or other network devices together. Most hubs can distinguish basic network inaccuracies such as collisions but having all information transmit to various ports can be a security threat and cause bottlenecks. Usually, hub is cheaper than switch and router.
In this case, Kiwi company should implement intelligent hubs to their computer system. It is because it adds extra elements to an active hub that are of particular significance to businesses. An intelligent hub usually is stackable. It also usually consist of remote management abilities via Simple Network Management Protocol(SNMP) and virtual LAN (VLAN) support.
Switch is quite similar with hub, it is a device that connects numbers of computer on the network within one local area network(LAN). But switch is more powerful than hub. Theoretically, the network switch operates at the layer two(Data Link Layer) of the OSI model.
Switches that in addition process data at the network layer (layer 3) and above are often called layer-3 switches or multilayer switches. One switch can have up to 48 ports. A switch is a telecommunication device that gets a memo from any device connected to it and then broadcasts the message only to the device for which the message was meant.
Managed switch is more suitable for this company, it is because the switches can be installed to set up Gigabit connections to computers to produce a company-wide network backbone. Managed switch element built-in support for remote setup and management. Also, managed switches offer the capability to check each device on the network as well as limit the amount of bandwidth any device can use.
Next, router. A router is a hardware device intended to take incoming packets, examining the packets and then directing them to the proper locations, shifting the packets to another network, transferring the packets to be moved across a different network interface, dropping the packets of performing any other number of other actions. Edge router is suitable for this company's network system. This type of router are positioned at the edge of the ISP network, there are usually configured to external protocol like BGP (Border gateway protocol) to another BGP of other ISP or large organisation.
Finally, the fiber optic cable. It is a cable consist of one or more optical fibers. The optical fiber components are usually separately covered with plastic layers and contained in a protective tube appropriate for the surroundings where the cable will be installed. For internet user, fiber optic is very fast and reliable. The user can access the internet with fast connection in split seconds.
TASK 4: Re-design the network infrastructure using standard diagram
Core layer
Distribution layerC:\Users\User\Documents\task 4 NI.jpg
192.168.10.180-192.168.10.210
192.168.10.148-192.168.10.178
192.168.10.116-192.168.10.146
192.168.10.20-192.168.10.50
192.168.10.84-192.168.10.114
192.168.10.52-192.168.10.82
Access layer
Store & Inventory
Reception
Administration
Human Resources
Management
Sales & Marketing
TASK 5: IP addressing
DHCP is short for Dynamic Host Configuration Protocol. DHCP is very useful to big company like Kiwi company. DHCP is a network protocol that allows a server to automatically assign an IP address to a computer from a variety choice of numbers configured for a given network.
With dynamic addressing, a device can have unique IP address whenever it connects to the system. DHCP also hold up a mix static and dynamic IP addresses.
Dynamic addressing simplifies network administration because the application keeps track of IP addresses rather than requiring an administrator to manage the task. This means that a new computer can be added to a network without the complication of manually allocating it a matchless IP address.
Here are the reasons why we are using DHCP for the current Kiwi network. Firstly, DHCP it help to take out the need for manual client configuration. It is hard to manually configure the computer network. It requires al lot of work and must be cautious by inputting the right and the unique or exclusive IP address, subnet mask, default router address and a DNS address.
Nowadays, people keep moving to new places and the implementation of new systems to a network causing a problem for manual client. Besides, when setting up the client machines, of course they might experience some difficulties.
Next, with DHCP, it is easy to modifying network bounds. Kiwi might have over 90 computers connected to the network and DHCP makes thing easier since the DHCP server be updated with the new information, than updating it on every computer on the network.
Finally, the efficient utilization of IP Address space. Every computer on the network gets its configuration from a pool of available numbers automatically for a specific time period. When a computer has done with the address, it is discharges for the other computer on the network to use it.
Static assignment of IP addresses ultimately causes in low utilization of our address space, meanwhile, dynamic assignment practically assurances that the under utilization won't take place. Static assignment doesn't suggest any automated mechanism for returning unused IP addresses.
TASK 6: Assign the user right
Users
User Right
Management
3
Administrator
Human Resources
20
Back up operators and Administrators
Administration
30
Guest, Administrator and Power User
Reception
5
Administrator and Guest
Stores & Inventory
23
Guest,Back up operators and Administrators
Sales & Marketing
10
Performance monitor users and Administrator
MERIT 2
In this section, Merit 2 is related to Task 6. There are 5 user right been assigned to the current users at those department, the administrator, backup operator, guest, power user and performance monitor user.
The administrator has the highest position or has the power to access the server on the network and able to assign any of the user right and gain control permission to users as necessary. Administrator account usually is a default member.
When this server is connected to a domain, the Domain Admins group is automatically added to this group. Because this group has complete control of the server, add users with carefulness.
Then, the backup operator. From the name itself, we know that their task is to backup and restore all of the files, data and information on the server in spite of of any permissions that look after those files. This is because the right to carry out a backup takes priority over all file permissions. However, they cannot modify the security settings.
The guest in a computer connected to the domain, members of this group have a brief profile created at log on, and when the member logs off, the profile will be removed from the system . Profiles in workgroup environments are not deleted. The Guest account is also a default member of this group.
Next, the power user. Members of this group can make user accounts and then adjust and remove the accounts they have created. They can create local groups and then add or eliminate users from the local groups they have formed. They can also add or remove users from the Power Users, Users, and Guests groups. Members can make shared folders or information and manage the shared resources they have created. They cannot take possession of files, back up or restore directories, load or unload device drivers, or run security and auditing logs.
Finally, performance monitor user, the members of this group can observe performance counters on the server nearby and from distant clients without being a member of the Administrators or Performance Log Users groups.
