Requirements
The Yotsuba Group (YG) has recently acquired a newly constructed building with the intention of moving their headquarters there. The building is in the great Tokyo area in the Kento region in Japan, just 5 miles away from the old company headquarters. The Yotsuba Group has been expanding rapidly and the old headquarters can hardly accommodate the current workforce of 290 employees. This recent company expansion has also revealed problems with the old network, as performance appears to have deteriorated dramatically. The board is also concerned with security as a number “incidents” have taken place during the last 6 months. For the purposes of designing an appropriate network for the company’s new headquarters you have been given access to the old, as well as the new, building.
The new building has 8 floors in addition to a two floors deep underground car park. With the exception of the top floor, each floor can accommodate about 60 to 70 employees. Each employee requires a desktop computer as well as a phone. Some employees (depending on the department they belong to) are provided with laptops that would also require network access.
The area of the top floor is smaller than the rest as it features a rather expanded balcony (with a nice view and a mini bar). The board of directors, made up by the 8 department heads, have decided that only their offices and those of their personal assistants should be located on this floor. A luxurious meeting room is also going to be located here. The 8 heads and their departments are listed below (note that at the point of writing this document the number of employees per department was not available):
- Kyosuke Higuchi: Research and Technology
- Shingo Mido: Financial Planning
- Reiji Namikawa: Sales
- Eiichi Takahashi: Material and Design
- Suguru Shimura: Personnel
- Masahiko Kida: Planning and Manufacturing
- Takeshi Ooi: Legal and Accounting
- Arayoshi Hatori: Marketing
The IT department (assume that their head is simply not important enough to be on the board) is going to be located on the ground floor. This floor is also going to house a café/relaxation area which, ideally, should include Wi-Fi access and a number of desktop computers that employees can use to access the internet for personal purposes during their lunch breaks (a feature that the old network did not incorporate).
In addition to designing a network that would fulfil the requirements for the problem as defined above, you have also been asked to research and propose appropriate solutions for two additional problems:
- The first is investigating the feasibility of renting one of the floors to a different company for the purposes of raising income (but without compromising the security of the Yotsuba Group network).
- The second problem is investigating and proposing a solution for housing parts of the company in the old building (connectivity between this and the new one?). There is no need for this currently but if the company keeps on expanding such a capability might prove most useful.
Ultimately you need to produce a report that discusses your design, the problems identified, your solutions to them, and the justification of your decisions and solutions. We are interested on how you apply theory for solving specific issues relating to the scenario and your assumptions; reciting everything you know about a topic without applying it or linking it to the problem will earn you exactly zero marks (you have been warned).
The network solution is developed for the Yotsuba Group (YG) for rep the old network and expanding the companies headquarter in the new building. The company currently faced different problems with their old network as they found the performance of the network deteriorated and increase in the number of security incidents. The report is created for the development of the requirement analysis and assuming the network device and the wiring that is needed to be made for development of the network framework. A proposal for the network is attached with the report including the network device, network topology and wiring and placement of the network device and server for creating a secure network infrastructure for the organization.
An addressing scheme is also prepared that would be needed for configuring the network device interface. The number of users should be identified and a network policy is developed for the management of the usage of the device and allowing or restricting them to access the core network components. The network security threats acting on the network and their solution is also documented in the report. Strategy that can be used for mitigating the risk is given in the report that would help the increase the uptime of the network and provide the best performance for the organization.
For the development of the network solution the requirement of the network should be identified on the terms of number of users using the network and the area needed to be covered by the network. The security requirement and the number of subnets required for the development of the network is needed to be identified for increasing the efficiency of the network. The building floor plan should be analysed for the placement of the device and the develop the cabling plan for connecting the network device and increasing the efficiency of the network. The old network is analysed for finding the flaws in the network and incorporate the network for increasing the compatibility of the network and secure it from the external agents.
For gathering the requirement the interaction of the user with the network is needed to be understand and the resources and the services essential for the network should be listed. Information about the external and internal access of the services and the resources should also be identified from the existing old network because without the knowledge about the users accessing the network resources some of the requirement can be overlooked. A network design should be designed based on the requirement and shared with the organization for its approval. For the identification of the potential users the users should be grouped such as:
- Filed office and branch staffs
- Remote users
- Partners and Vendors
- Customers
- Board members
Assumptions
The user access should be added by configuring the server connected in the network such that the identity of the user is managed and the network resources are kept secured. The network project should be based on the business goals of the organization and the business managers should perform a feasibility analysis on the project for the identification of the contribution of the project on the growth of the organization. The technical requirement of the network should be defined for establishing the scope of the project and improving the scalability, availability and performance of the network. It also helps in simplification of the support and management. The network equipment needed for the development of the project should be listed and the protocols that are needed for establishing the goals of the organization should be identified for the implementation of the network services.
The following assumptions are made for the development of the network solution and are given below:
- For the configuration of the network multiple VLANs would be created with the name of the department and the DHCP protocol should be used for the allocation of the IP address to the device.
- The users using the network would be have knowledge of using the network and aware with the security policy of the organization.
- The password of the wireless access point would be available only with the organizational staffs
Device selection
For the development of the network solution the following device are needed such as:
- Cisco ASA 5506 Firewall x 2
- Cisco 2811 Series Router x 1
- Cisco 3560 24 PS Layer 3 Switch x1
- Cisco 2960 24TT switch x 9
- Cisco WRT300N Wireless Router x 1
- Cisco 7960 IP Phone x max. 480
- PC x max. 480
Each of the floor of the new building should be installed with a server closet for the installation of the switch and connect the PCs with the switch. Layer 2 switches are used for the distribution of the network and it connected with the layer 3 switch using copper cross over cables. The switch port is connected with the IP phone with the means of copper straight through cable and the PC is connected with the IP phone for reducing the wiring cost and keep the network simplified. The server, router and the firewalls are needed to be installed in a separate room and the physical access of this network device should be restricted for the improvement of the security and eliminate the risk of unauthorised access of the network.
Major Network: 192.168.8.0/21
Available IP addresses in major network: 2046
Number of IP addresses needed: 1020
Available IP addresses in allocated subnets: 1068
About 54% of available major network address space is used
About 96% of subnetted network address space is used
Subnet Name |
Needed Size |
Allocated Size |
Address |
Mask |
Dec Mask |
Assignable Range |
Broadcast |
Research and Technology (Data) |
60 |
62 |
192.168.11.0 |
/26 |
255.255.255.192 |
192.168.11.1 - 192.168.11.62 |
192.168.11.63 |
Research and Technology (Voice) |
60 |
62 |
192.168.11.64 |
/26 |
255.255.255.192 |
192.168.11.65 - 192.168.11.126 |
192.168.11.127 |
Financial Planning (Data) |
60 |
62 |
192.168.8.0 |
/26 |
255.255.255.192 |
192.168.8.1 - 192.168.8.62 |
192.168.8.63 |
Financial Planning (Voice) |
60 |
62 |
192.168.8.64 |
/26 |
255.255.255.192 |
192.168.8.65 - 192.168.8.126 |
192.168.8.127 |
Sales (Data) |
60 |
62 |
192.168.11.128 |
/26 |
255.255.255.192 |
192.168.11.129 - 192.168.11.190 |
192.168.11.191 |
Sales (Voice) |
60 |
62 |
192.168.11.192 |
/26 |
255.255.255.192 |
192.168.11.193 - 192.168.11.254 |
192.168.11.255 |
Material and Design (Data) |
60 |
62 |
192.168.9.128 |
/26 |
255.255.255.192 |
192.168.9.129 - 192.168.9.190 |
192.168.9.191 |
Material and Design (Voice) |
60 |
62 |
192.168.9.192 |
/26 |
255.255.255.192 |
192.168.9.193 - 192.168.9.254 |
192.168.9.255 |
Personnel (Data) |
60 |
62 |
192.168.10.0 |
/26 |
255.255.255.192 |
192.168.10.1 - 192.168.10.62 |
192.168.10.63 |
Personnel (Voice) |
60 |
62 |
192.168.10.64 |
/26 |
255.255.255.192 |
192.168.10.65 - 192.168.10.126 |
192.168.10.127 |
Planning and Manufacturing (Data) |
60 |
62 |
192.168.10.128 |
/26 |
255.255.255.192 |
192.168.10.129 - 192.168.10.190 |
192.168.10.191 |
Planning and Manufacturing (Voice) |
60 |
62 |
192.168.10.192 |
/26 |
255.255.255.192 |
192.168.10.193 - 192.168.10.254 |
192.168.10.255 |
Legal and Accounting (Data) |
60 |
62 |
192.168.8.128 |
/26 |
255.255.255.192 |
192.168.8.129 - 192.168.8.190 |
192.168.8.191 |
Legal and Accounting (Voice) |
60 |
62 |
192.168.8.192 |
/26 |
255.255.255.192 |
192.168.8.193 - 192.168.8.254 |
192.168.8.255 |
Marketing (Data) |
60 |
62 |
192.168.9.0 |
/26 |
255.255.255.192 |
192.168.9.1 - 192.168.9.62 |
192.168.9.63 |
Marketing (Voice) |
60 |
62 |
192.168.9.64 |
/26 |
255.255.255.192 |
192.168.9.65 - 192.168.9.126 |
192.168.9.127 |
Server |
10 |
14 |
192.168.12.64 |
/28 |
255.255.255.240 |
192.168.12.65 - 192.168.12.78 |
192.168.12.79 |
Cafeteria |
50 |
62 |
192.168.12.0 |
/26 |
255.255.255.192 |
192.168.12.1 - 192.168.12.62 |
192.168.12.63 |
The addressing plan is developed based on each of the VLAN and the VLAN is needed to be configured with the DHCP addressing pool with the assignable of IP address created in the above addressing table. The last assignable IP address should be used as the gateway address such that it can be used for communicating with the hosts connected with the other VLAN. The creation of the DHCP pool for each of the department helps in reduction of the broadcasting message and reduce the congestion in the network. The security of the network can be increased by installing the server in the DMZ zone and controlling the access of the server using the firewall. The firewall can be configured such that the unknown IP address can be blocked to access the servers installed in the network. Different VLAN is also used for the VOIP and the data such that the data packets does not collide with the data packet causing packet loss and the efficiency of the network is improved.
Proposed Network Solution
The network security policy should be created for the development of the new network solution. The problems in the old network is analysed and the network is troubleshooted for development of the policy. The policy is developed for controlling the usage of the network and keep the malicious users outside the network such that they can not cause any damage to the resources of the network. The policy is developed for outlining the procedures and principles that should be followed by the user while accessing the network (Dacier et al. 2017). It acts as a guideline for the user for managing, monitoring and maintaining the security of the network designed for the organization. The network security policy should consists of the following elements:
- Legal procedure and rules for accessing the network
- Management and governance of the internet and web
- Implementation of the security procedures and configuration of the access control list
- Creation of privilege or role based policy for authorization and authentication of the service provided to the user
There are different security threats acting on the network and they are needed to be identified for the development of a secure network solution.
Denial of Service attack – In this attack the users connected in the network are denied to reach the resource by overloading the resource with numerous requests (Jung, Ahn and Ko 2014). This type of attack is common and proper security measures should be taken for mitigating the risk of DoS attack.
Brute force attack – It is used for getting the password of the system with the application of trial and error mechanism. Once getting the server the intruder can get the access of the system and the sensitive information about the organization.
Identity Spoofing – The user can use the IP address of a host connected in the network for altering the data packet and appear as a regular host or the source address for performing illegal activity.
Browser attack – The main target of this attack are the end users using the browser and spreading to the whole organizational network (Pierce 2016). Malware can be downloaded from the sites as fake update of software and infect the system.
SSL TLS attack – This attack is used for intercepting the data transmitted between the hosts connected in the network. The unencrypted message can be accessed by the attacker compromising the security of the network.
There are different technology that can be used for mitigation of the security issues such as:
Penetration Test – In this test the network solution created for the organization is needed to be hacked with the involvement of friendly hacker for the identification of the vulnerability of the proposed system. The IT professional hired uses the same technique as the hacker for the exploitation of the network and identification of the security issue.
Addressing Scheme
Intrusion Detection – In this system the suspicious activity of the user can be identified by tracking the unauthorised access of the user. For the examination of the intrusion a malware scan is performed and the general network activity of the user is reviewed. The vulnerability of the network is checked along with the illegal program installed in different systems (Jackson et al. 2014). A monitoring is done on the file settings and other activity of the user for detection of the malicious user.
Network Access Control – In this methodology the network access of the user is controlled based on the network security policy defined for accessing the servers and the network devices that requires authorization and authentication for the users.
For the development of the network design a strategy must be followed and the requirement of the network should be identified. The network solution should be aligned with the goals and objectives of the organization such that the organization is benefitted with the implementation of the network. Firstly the details of the client should be gathered with their job role and their working department for the identification of the bandwidth requirement and the service needed for the management of their operations. The applications used by them should be listed and should be evaluated regarding the safety of the application for minimizing the abuse possibility. Secure version of the application should be used and the access to the unsecured sites should be prevented for reducing the risk of installation of malware in the system. The installation of the antivirus and management of the user accounts in the server also helps in controlling the activity of the user and increases the security of the network framework.
For monitoring the performance of the network an appropriate network monitoring tool should be selected. The network monitoring tool provides an easy solution for monitoring the current performance of the network and detecting the faults in the network for preventing the downtime and troubleshooting the errors. The network monitoring tool should be selected such that it provides support for the multi-vendor environment have the scalability to fit the network regardless of the size and complexity of the network. The devices connected in the network is monitored for getting the complete visibility of the network and control the network infrastructure according to the needs of the organization.
The potential risks identified for the development of the network framework are given below:
Security Measures
Viruses – The virus attack can be a big threat for the small scale and the large scale enterprises as it can delete valuable information or corrupt files affecting the daily operation of the business.
Application software – The software installed in the system is needed to be updated regularly because the outdated software can slow down the network and crash the site causing a major issue for the organization.
Hackers – The hackers can intrude into the organizational network causing devastating damage by stealing the sensitive files and information and exposing the secrets of trade for the competitor.
Employees – The security of the organizational network can be breached by the internal employees without any concern that can pose a threat on the network security (Behringer et al. 2017). Th lack of education and the absence of security practice is the main cause of this threat.
For reducing the network downtime a disaster management and contingency plan should be developed that helps in identification of the immediate response for rapidly recovering the network. Recovery team should be formed for the management of the responsibility of the team members and familiarize team with the content of the plan. An instruction set should be created for invoking the plan and management of the external communication (Cardoso, Costa and Francês 2015). A backup policy should be developed for preserving the corporate information on regular basis on a different geographical location. The network components used for backup should be stored in a secure area and the backups should be stored redundantly such that no data is lost during the recovery process. In case of management of the disaster fuels should be arranged for the portable generators and the basic necessities should be arranged such as cash, medical supplies, etc (Tagliacane et al. 2016). An image of the system should also be created and the critical network elements should be backed up such as PBXs, emails, Routers, switches, File servers, etc.
The recovery plan is needed to be reviewed quarterly and it should be tested for analysing its functionality by considering a dynamic environment. A response and recovery checklist should be used along with a flow diagram for creating a quick reference and implementation of the disaster recovery plan.
Awais, M. and Shah, M.A., 2017, September. Information-centric networking: a review on futuristic networks. In Automation and Computing (ICAC), 2017 23rd International Conference on (pp. 1-5). IEEE.
Behringer, M., Carpenter, B., Eckert, T., Ciavaglia, L., Liu, B., Nobre, J. and Strassner, J., 2017. A reference model for autonomic networking. In IETF Internet draft.
Potential Threats
Bilal, K., Khan, S.U., Manzano, M., Calle, E., Madani, S.A., Hayat, K., Chen, D., Wang, L. and Ranjan, R., 2015. Modeling and Simulation of Data Center Networks. In Handbook on data centers (pp. 945-958). Springer, New York, NY.
Cardoso, A.J.F., Costa, J.C.W. and Francês, C.R.L., 2015. A New Proposal of an Efficient Algorithm for Routing and Wavelength Assignment in Optical Networks. Journal of Communication and Information Systems, 25(1).
Dacier, M.C., Konig, H., Cwalinski, R., Kargl, F. and Dietrich, S., 2017. Security challenges and opportunities of software-defined networking. IEEE Security & Privacy, (2), pp.96-100.
Deshpande, S. and Shankar, R., 2016, March. A discrete addressing scheme for wireless sensor networks based internet of things. In Communication (NCC), 2016 Twenty Second National Conference on (pp. 1-6). IEEE.
Jackson, D., Barrett, J.K., Rice, S., White, I.R. and Higgins, J., 2014. A design?by?treatment interaction model for network meta?analysis with random inconsistency effects. Statistics in medicine, 33(21), pp.3639-3654.
Jung, W.S., Ahn, H. and Ko, Y.B., 2014, April. Designing content-centric multi-hop networking over Wi-Fi Direct on smartphones. In Wireless Communications and Networking Conference (WCNC), 2014 IEEE (pp. 2934-2939). IEEE.
Kaur, K., Kumar, K., Singh, J. and Ghumman, N.S., 2015, March. Programmable firewall using software defined networking. In Computing for Sustainable Global Development (INDIACom), 2015 2nd International Conference on (pp. 2125-2129). IEEE.
Kounev, S., Huber, N., Brosig, F. and Zhu, X., 2016. A model-based approach to designing self-aware IT systems and infrastructures. Computer, 49(7), pp.53-61.
Lee, Y., Choo, H. and Kim, D.S., 2015, January. Network independent mobility management scheme using virtual IP addressing. In 2015 International Conference on Information Networking (ICOIN) (pp. 336-339). IEEE.
Mijumbi, R., Serrat, J., Gorricho, J.L., Bouten, N., De Turck, F. and Davy, S., 2015, April. Design and evaluation of algorithms for mapping and scheduling of virtual network functions. In Network Softwarization (NetSoft), 2015 1st IEEE Conference on (pp. 1-9). IEEE.
Network, M.D.A.I.D., 2015. Critical Analysis & Proposal.
Pierce, J., 2016, June. Design Proposal for a Wireless Derouter: Speculatively Engaging Digitally Disconnected Space. In Proceedings of the 2016 ACM Conference on Designing Interactive Systems (pp. 388-402). ACM.
Rakotoarivelo, T., Jourjon, G. and Ott, M., 2014. Designing and orchestrating reproducible experiments on federated networking testbeds. Computer Networks, 63, pp.173-187.
Rowland, C., Goodman, E., Charlier, M., Light, A. and Lui, A., 2015. Designing connected products: UX for the consumer internet of things. " O'Reilly Media, Inc.".
Tagliacane, S.V., Prasad, P.W.C., Zajko, G., Elchouemi, A. and Singh, A.K., 2016, March. Network simulations and future technologies in teaching networking courses: Development of a laboratory model with Cisco Virtual Internet Routing Lab (Virl). In Wireless Communications, Signal Processing and Networking (WiSPNET), International Conference on (pp. 644-649). IEEE.
Wang, L., Shang, W., He, W. and Wang, D., 2016, November. Consistent replication protocol for Named Data Networking. In Network Protocols (ICNP), 2016 IEEE 24th International Conference on (pp. 1-2). IEEE.
Xu, S., Fujikawa, K., Furukawa, H., Harai, H., Awaji, Y. and Wada, N., 2016, September. Experimental assessment of seamless interconnection of OPS and EPS networks with IP addressing and routing control. In ECOC 2016; 42nd European Conference on Optical Communication; Proceedings of (pp. 1-3). VDE.
Zhang, L., Li, X.Y., Huang, W., Liu, K., Zong, S., Jian, X., Feng, P., Jung, T. and Liu, Y., 2014, September. It starts with igaze: Visual attention driven networking with smart glasses. In Proceedings of the 20th annual international conference on Mobile computing and networking (pp. 91-102). ACM.
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2021). Essay: Network Solution For Yotsuba Group HQ In Tokyo.. Retrieved from https://myassignmenthelp.com/free-samples/360ct-advanced-network-management-and-design/the-yotsuba-group.html.
"Essay: Network Solution For Yotsuba Group HQ In Tokyo.." My Assignment Help, 2021, https://myassignmenthelp.com/free-samples/360ct-advanced-network-management-and-design/the-yotsuba-group.html.
My Assignment Help (2021) Essay: Network Solution For Yotsuba Group HQ In Tokyo. [Online]. Available from: https://myassignmenthelp.com/free-samples/360ct-advanced-network-management-and-design/the-yotsuba-group.html
[Accessed 19 August 2024].
My Assignment Help. 'Essay: Network Solution For Yotsuba Group HQ In Tokyo.' (My Assignment Help, 2021) <https://myassignmenthelp.com/free-samples/360ct-advanced-network-management-and-design/the-yotsuba-group.html> accessed 19 August 2024.
My Assignment Help. Essay: Network Solution For Yotsuba Group HQ In Tokyo. [Internet]. My Assignment Help. 2021 [cited 19 August 2024]. Available from: https://myassignmenthelp.com/free-samples/360ct-advanced-network-management-and-design/the-yotsuba-group.html.