COIT20265 | Network Redesign and Development Assignment | Information Technology

Wide Area Networks (WANs) in TCU

Figure 1 outlines the complex WAN infrastructure TCU currently uses to support its operations.
A mesh of three T3 leased lines connects the Headquarters, Operations (Data Centre) and Backup sites. These lines operate at 44.7 Mbps, providing redundancy between the major facilities.

Each campus building connects to the major facilities via a Frame Relay network: one 56kbps PVC2 leading to the Operations and 56 kbps PVC3 leading to the Backup facility, most of the time. There are ISDN backup lines in case of Frame Relay failure (Note that PCV1 represents two aggregate PVCs of 56 kbps each. PVC2 and PVC3 are both 56kbps). By the same token, the 12 educational partners are connected to TCU via a frame relay network of 56kbps. As shown in the diagram, TCU uses two separate ISPs for Internet connection via T1 leased lines.

Local Area Network (LANs) in TCU

Each TCU regional and metro campus is supported by 10Base-T Ethernet LANs, and TCU is expecting to upgrade to more modern Ethernets soon. Each of these campuses has an average of (a) 200 employees including academic, administrative and management staff and (2) about 2,000 on- campus students. The main campus at Northampton houses around 2,000 academic, administrative and management staff. Nearly 10,000 on-campus students are studying at the Northampton main campus.

Unlike regional and metro campuses, Northampton staffs are supported by 100Base-T Ethernet LANs. In the Operations facility, there are 100 engineers in charge of technical support of the data centre, networking, maintenance, and application development. The organisational and operational structure of the Backup facility is similar to the structure of the Operations facility.

                                                                    

                                                                                                              

Current ICT infrastructure

ICT infrastructure at Metro and Regional campuses

Hardware

• Staff equipped with Desktop PCs running Windows 7 (dual monitors)
• Staff PCs equipped with first generation headsets and webcams
• 12 networked Laser Printers
• 20 computer labs, each with 24 Desktop Pcs running Windows 7 (single monitor)
• One Network Attachment Storage for local storage in each lab
• One Multiservice Platform Router
• 10Base-T Ethernet
• Staff equipped with plain old telephone systems (POTS)

Staff Software

• Microsoft outlook  installed in all staff workstations to access emails
• Microsoft Office suite
• Google Chrome and Firefox
• Sophos Anti-virus
• Moodle Learning Management System (LMS)
• PeopleSoft Enterprise systems
• Liferay Information system portals
• Mahara E-Portfolio systems

Computer Lab Core Software

• Adobe Reader
• Adobe Design Premium Suite including:
• Adobe Acrobat Pro
• Adobe Dreamweaver
• Adobe Flash Pro
• Adobe Fireworks
• Adobe Illustrator
• Adobe InDesign
• Adobe Photoshop Extended
• Adobe Flash Player
• Adobe Shockwave Player
• Endnote
• Google Earth
• IBM SPSS Statistics
• IBM SPSS AMOS
• iTunes
• Java Development Kit
• QuickTime
• Mathtype 6.7
• Mozilla Firefox
• VLC Media Player
• NetBeans
• Android SDK
• GlassFish Application Server
• Derby Network Database Server
• MySQL Database Server
• Microsoft Office suite including:
  • Word
  • Access
  • Excel
  • PowerPoint
  • Publisher
  • Microsoft Project Professional
  • Microsoft Visio

ICT infrastructure at Headquarters (Northampton)

Hardware

• Staff equipped with Desktop PCs running Windows 7 (dual monitors)
• Staff PCs equipped with latest generation headsets and webcams
• 100 networked Laser Printers (also capable of scanning and photocopying)
• 100 computer labs, each with 24 Desktop Pcs running Windows 7 (single monitor)
• One Network Attachment Storage for local storage in each lab
• One Multiservice Platform Router
• Staff equipped with VoIP video phones
• 100Base-T Ethernet

Staff Software

• Microsoft outlook  installed in all staff workstations to access emails
• Microsoft Office suite
• Google Chrome and Firefox
• Sophos Anti-virus
• MSDN-AA
• SPSS
• NVivo

Computer Lab Software: Like in the Metro and Regional Campuses

ICT infrastructure at Operations site

• One Multiservice Platform router
• Operating system: Combination of Windows and Linux OSs servers
• Staff equipped with Desktop PCs running Windows 8

All operational servers including FTP, HTTP/HTTPS, SMTP/SMTPS, DHCP, DNS, Authentication, Telepresence, Domain Controllers, Database, SAN, Load Balancing and video are concentrated in this facility. The Operations facility also contains the infrastructure to support TCU’s enterprise resources and services (described below)

ICT infrastructure at Backup site

As mentioned, the Backup is a warm-site facility that can take over within minutes in the event that the Operations facility fails. Its infrastructure mirrors the Operations facility.

Enterprise resources and Services

• Telepresence: VoIP, Video Conferencing, Interactive Systems
• Printing
• Mail
• Multimedia
• LMS - Blackboard
• Backboard Collaborate
• EduRoam
• Finance
• Student Information Systems
• Voice Mail
• HRM
• SAP Enterprise Resource Planning
• Document Repository

Problem Statement

TCU business processes rely on a combination of systems including Internet, IPX/SPX, SNA and ICT- related services with a very complex ICT infrastructure. TCU academic board acknowledges this as major issue: the bottleneck for future TCU growth and sustainability. The senior executive of TCU argues that currently the university is spending huge to maintain and integrate disparate and cumbersome systems; with little room to expand and improve services. The TCU academic board claims that TCU needs to change and re-provision the ICT infrastructure to provide high quality learning and teaching in the most cost effective way.

As part of this change, the transition to interoperability should be achieved in a smooth manner while leveraging the latest advancements in network and information security infrastructure in order to guarantee “zero” problems in the TCU processes. TCU is also planning to invest in a multimillion dollar venture to modernise the university’s ICT infrastructure. This will potentially include: [1] immersive telepresence system to support distance education students (expected to grow 50% in the next 3 years), [2] staff and student remote access and mobile services (staff BYOD and Work-at- home (WAT) policies) that TCU currently does not have, [3] migration of a number of services to the Cloud including the Learning Management System, File, Web and Mail Servers.

In terms of network and information security, TCU ICT infrastructure should safeguard appropriate access and use of ICT resources; ensure unauthorised and malicious internal and external network attacks are properly blocked. Network redundancy is currently achieved with the mesh of three T3 leased lines connecting the Headquarters (Northampton), Operations and Backup buildings; however, nothing has been done so far in terms of a security plan including a robust disaster recovery (DRP) and business continuity plan (BCP) for the university.

Statement of Work

The statement of work is divided in two parts: Part A and Part B.

Part A

For this part you are required to design and implement a secure information and network infrastructure that ensures high availability, reliability, scalability, performance and security to support TCU services. This requires [1] the redesign of the network; [2] the delivery of a comprehensive network security plan; and [3] Security technology implementation - proof of concept.
The following is a breakdown of the tasks for part A.

Network Redesign

1. Network redesign including LANs, VLANs, WANs and VPNs. In this redesign, the IP address allocation should use the CIDR format (x.y.z.t/n). Discuss with your mentor the range of IP addresses you are planning to use.
2. Each LAN, WAN, VLAN and VPN should be justified in terms of traffic, reliability, performance, availability, scalability and security. To do this you need to make a number of assumptions (discuss this with your mentor / facilitator / teacher). For example, assume that a great number of university services operate 24/7. Other facilities are to operate from 6:00am to 8:00pm daily, Monday to Friday.

For this redesign, take into account the following:

1. Traffic generated by the hosts:  clients, servers and backup devices
2. Appropriateness of current WAN links
3. Appropriateness of current WANs (Frame Relay)
4. Appropriateness of current LANs
5. VLANs requirements
6. All networking devices including routers and switches at each site or location
7. IP address allocation of each network and main network devices
8. Sub-netting to separate traffic including IP address allocation
9. Firewalls positioning and strategy
10. Proxy servers
11. DMZ configuration
12. Firewalls Access Control Lists
13. Network diagram of the topology and allocation of devices; and IP addresses for the main network devices
14. Provision data encryption to secure data travelling between internal and external networks

Comprehensive Network Security plan

The network security plan should contain as minimum the following:

1. Introduction outlining the importance of the plan and its purpose
2. Scope outlining the areas of the organisation that the Plan applies
3. Assumptions documenting any assumptions you have made in order to prepare the plan
4. Clear and concise statements about what the Security Plan is designed to achieve.
5. Summary and analysis of the organisation’s risks, highlighting the current threats, challenges and vulnerabilities along with an assessment of current security environment and treatments in place.
6. Network Security policies to address all possible network attacks and vulnerabilities
7. Information Security policies to address unauthorized and misappropriate use of TCU data and software applications
8. Disaster recovery and Business continuity plans
9. Security Strategies and Recommended controls including security policies
10. Residual risks that remain after all possible (cost-effective) mitigation or treatment of risks. Your security plan should estimate, describe and rate these risks to guide the priorities for ongoing monitoring of risks.
11. Resources for implementing the recommendation

Security Technology Implementation

As part of the security technology implementation and in line with the recommended controls mentioned above in the network security plan (item 9), you need to provide the complete design and implementation of the following technology:

1. Data backup and recovery technology including the procedures for backup and recovery. Note that there are NASs at the campuses to back up the data generated locally, however the vast majority of data is backed up to the File Server Operations facility through the network.
2. A proper authentication system that takes care of highly secured roles and permissions to access, share, download, upload files and folders. This should include authentication for wireless and mobile services as well.
3. File, Web (and secure Web), Mail (and secure Mail including spam email prevention), DHCP, DNS, Domain Controllers, Database and LMS (Learning Management System) servers.
4. Hardening of servers described above in section 3.
5. Network security including DMZs, Firewalls, Intrusion Detection and Prevention Systems (IDSs and IPSs)

For the recommended technology implementation, you need to justify your recommendation (chosen technology) in terms of cost, reliability, maintainability, performance and scalability. For each technology, make sure to provide details of the vendor, and the version of hardware and software.

TCU Technology implementation - Proof of concept

As part of the project requirements, you are required to test the recommended controls suggested in the security technology implementation section above. The solution should address current needs of TCU, including the installation of the software, configuration of the system, and developing of test cases to check the complete functionality of the system.

For the proof of concept, it is mandatory that you include the documented results (procedures and screen dumps) of various network security attacks tests (such as Network Penetration Test) as part of your final project report. You may use your choice of security software/tools (including freeware open software systems) and operating systems (Windows, Linux, or Ubuntu) in a virtualized environment to build and simulate the security tests. You are required to demonstrate your implementations at the end of the term.

Part B

In part B, your task is to recommend the TCU academic board on:

1. An appropriate immersive telepresence system to support distance education students. As mentioned above, TCU is expected to grow 50% in distance education in the next 3 years.
2. You are also to recommend the strategy for staff and student remote access and mobile services (staff BYOD and Work-at-home (WAT); and student BYOD and study-at-home policies).
3. Finally, a complete technical report on the migration of the LMS, File, Web and Mail Servers to the Cloud, including requirement analysis, cost benefit analysis, risk analysis and final recommendation from a list of at least three cloud service providers (CSPs).

Reference

Ciampa, M. (2015). CompTIA Security+ Guide to Network Security Fundamentals (5 Edition). Clifton Park, NY: Course Technology.
Forouzan, B. (2009). TCP/IP Protocol Suite (4 edition). Boston: McGraw-Hill Education.
Panko, R. R. (2003). Business Data Networks and Telecommunications. (4th Edition edition). Prentice Hall.
Weaver, R., Weaver, D., & Farwood, D. (2013). Guide to Network Defense and Countermeasures (3 edition). Australia ; Boston, MA, USA: Course Technology.
Whitman, M. E., Mattord, H. J., & Green, A. (2011). Guide to Firewalls and VPNs (3 edition). Boston, MA: Delmar Cengage Learning.