In the senior Seminar class at Monroe College we are required to simulate an actual business and perform a project that encompasses all of the work we covered in the degree. We needed to create a network, a website, a MIS (information system), a database and manage the entire project using our project management skills. This was my segment.
2. Networking
Hardware
Router
Cisco Systems Cisco 1811 Integrated Services Router
Price: $763.99
Required Number: 1
Total Cost: $799.00
The 1800 series of Cisco routers integrated services routers intelligently embed data,
security, and wireless technology into a single, resilient system for fast, secure, scalable delivery of
mission-critical business applications.
The Cisco 1811 routers are focused on Ethernet access and are designed to be offered as
customer premises equipment (CPE) in Metro Ethernet deployments. Because of their high-speed
performance and dual Fast Ethernet WAN ports, they can support the high-bandwidth demands of
Metro Ethernet and provide failover protection and load balancing if desired.
This is the best selection for the purposes of the plan. It provides a built in firewall, Cisco
IOS Advanced IP services, Hardware encryption, load balancing, Stateful Packet Inspection and
VLAN support.
It would also be wise to go along with this router from Cisco Systems because most of the
other hardware that we will be using for switching and other networking services makes use of
Cisco technology as well. Integration will therefore be maximized, minimizing the compatibility
issues that may be faced by other manufacturers.
3. Switches
Cisco Catalyst 3560-24PS Ethernet Switch
Price: $772
Required number: 4
Total Cost: $3,088
The four switches that will be used will help to analyze network traffic and maximize on the
The Cisco Catalyst 3560 Series is a line of fixed-configuration, enterprise-class switches
that include IEEE 802.3af and Cisco pre-standard Power over Ethernet (PoE) functionality in Fast
Ethernet and Gigabit Ethernet configurations. These are ideal access layer switches for small
enterprise LAN access or branch-office environments. Combining both 10/100/1000 and PoE
configurations for maximum productivity and investment protection, they help you deploy new
applications such as IP telephony, wireless access, video surveillance, building management
systems, and remote video kiosks.
You can maintain the simplicity of traditional LAN switching and still deploy network wide
intelligent services such as:
Advanced quality of service (QoS)
•
Rate limiting
•
Access control lists (ACLs)
•
Multicast management
•
High-performance IP routing
•
4. Simplify Network Management
Available for the Catalyst 3560 Series, the Cisco Network Assistant is a centralized management
application for switches, routers, and wireless access points. Free of charge, the application
provides configuration wizards that greatly simplify the implementation of converged networks
and intelligent network services.
Configurations:
Cisco Catalyst 3560-8PC
•
8 Ethernet 10/100 ports with PoE and 1 dual purpose 10/100/1000 and small form-factor
pluggable (SFP) port; compact form-factor with no fan
Cisco Catalyst 3560-24TS
•
24 Ethernet 10/100 ports and 2 SFP ports
Cisco Catalyst 3560-48TS
•
48 Ethernet 10/100 ports and 4 SFP ports
Cisco Catalyst 3560-24PS
•
24 Ethernet 10/100 ports with PoE and 2 SFP ports
Cisco Catalyst 3560-48PS
•
48 Ethernet 10/100 ports with PoE and 4 SFP ports
Cisco Catalyst 3560G-24TS
•
24 Ethernet 10/100/1000 ports and 4 SFP ports
Cisco Catalyst 3560G-48TS
•
48 Ethernet 10/100/1000 ports and 4 SFP ports
Cisco Catalyst 3560G-24PS
•
24 Ethernet 10/100/1000 ports with PoE and 4 SFP ports
Cisco Catalyst 3560G-48PS
•
48 Ethernet 10/100/1000 ports with PoE and 4 SFP ports
The Cisco Catalyst 3560 is available with either the IP Base or IP Services software images and
can be upgraded to the Advanced IP Services software image. The IP Base software (formerly
called the Standard Multilayer Image or SMI) includes advanced QoS, rate-limiting, ACLs, and
basic routing and IPv6 functionality. The IP Services software (formerly called the Enhanced
Multilayer Image or EMI) provides a richer set of enterprise-class features, including advanced
hardware-based IP unicast and IP Multicast routing as well as policy-based routing (PBR). The
Advanced IP Services software includes IPv6 routing and IPv6 ACL support.
5. Firewall
Cisco ASA 5505 Firewall Edition Bundle
Price: $377.09
Quantity: 1
Total: $390.00
The Cisco ASA 5505 Firewall will provide us with an additional layer of security. It will
guard against hacker attacks as well as aid in ensuring that the system stays up and running. It
provides a proactive threat defense mechanism that stops attacks before they spread throughout the
network. This intrusion alert system will aid significantly in increasing the capacity of the security
team.
The Cisco ASA 5505 Firewall can also control network activity and application traffic.
These tools make this firewall the best choice for Kelar systems in protecting its data from outside
attacks.
Alert System
Cisco Security IntelliShield Alert Manager Service
Price: $0.88
Quantity: 1 year subscription
Total: $0.88
The Cisco Security IntelliSheild Alert Management Service is a customizable, Web-based
threat and vulnerability alert service that allows security staff to easily access timely, accurate, and
credible information about vulnerabilities that may affect their environments - without time-
consuming research.
6. Personal computers
The dell Optiplex 775
Price: $443
Required Number: 10
Total: $4,430
The dell Optiplex 775 will be used business wide to be able to cater for all of the needs of the
organization. Usually for any more than ten computers dell offers a business package deal. It has been the
choice for small businesses for a couple of months and is expected to be one of the better choices for
some time to come. This package also includes an already installed version of Windows XP Service Pack
4 which significantly reduces the cost of the personal system. Pc will be ideal because it can be used for
all of the departments. It is cheap for the performance that it offers.
Printer
Brother HL-5250DNT Laser Printer
Price: $276.28
Quantity: 3
Total: $870.75
The network printer of choice for this environment will be the Brother HL5205 DNT laser
Printer. It will provide adequate printing capacities for the volume of work that it will manage and
is easy to install.
7. Networking cable
Cat 5 e 1,000 ft box
Price:$129.99
Quantity: 1
Total Price: $135.00
Cat 5 e is the best standard to use because of the environment that we will be using for the
installation of the system. 1000 feet will be able to cover the length of the entire system.
Jacks
Cat. 5E RJ-45 Modular Plug
Price: $33.24
Quantity: 2 packs of 100.
Total Price: $66.48
The jacks that will be used are the Cat. 5E RJ-45 Modular Plug. To cover the entire
expanse of the network 200 should be purchased to cater for mistakes.
8. Server
IBM Blade Center S
Price: $4,499
Required Number: 1
Total: $4,499
Can replace up to 6 servers
Can use virtual servers
Security and built in redundancy
Has dust filter
Standard office power
Simple Maintenance
Up to over 7 terabytes compatible storage
The IBM Blade Center S will take care of all of the server needs for the company. It will also be able
to perform the roles of all of the server, storage and services required by the business. This would save a
lot of time, energy, space and would increase efficiency of the system. The Blade Center is a perfect
platform for further development and will continue to serve Kelar Systems for years to come. This system
has also proven to be one of the most fault-tolerant on the market as blades can easily be replaced and the
hot swappable drives inserted easily. A tape back-up system will also be used to ensure that data will
always be secured.
9. Software
Divisions
1. Accounting
2. Development
3. Marketing
Needs
1. Accounting
The accounting department registers every financial transaction that takes place within the
organization. Thus, they require a type of software that will be able to take inventory as well as give
quotes for specialist services. We have chosen Everest Advanced Edition Version 4.0 for the
accounting department because three of the employees are trained to use the software already and our
Accounting specialist has highly recommended it. Additionally, reviews of the software found online
were especially favorably.
2. Development
The development division will be using a whole host of different programs to aid in its daily routine.
Since they will be the division dealing with the aspects of I.T. management and assessment for other
companies, they will need programs that deal with technicians, database development, web site
development, project management and networking.
The Networking team will use Packet tracer to give a basic design of the networking for customers and
give a visual aid of how the network infrastructure will look. Since Packet tracer is a free -software it
is easy to acquire and it gives a wide range of services that are used to give an accurate description of
how a network will perform.
10. The web design team will use Dreamweaver and Adobe flash as well as an online programming tool
called. These are the two most commonly used types of software for website development and should
be good enough for the initialization of the project. If new software is required it will need to be
purchased at a later date.
The Project Management team will be using a combination of Microsoft Project and Can Plan (a web-
based project management tool) to plan the projects that they will be doing. To plan some of the
projects Kelar Systems can use Can Plan as it provides a means to communicate with employees no
matter where they are. This allows the company to utilize employees on a contract basis that work for
other companies and seek their expert help in matters that permanent employees that are not
specialized in.
The database team will be using a combination of Oracle and Microsoft access to do their database
programming. Depending upon the needs of the organization that they will be servicing, different
software will be required. However, if software is required it will need to be acquired by another
means.
11. The Technicians will require basic technicians’ tools and software. This includes Windows Vista
Home Premium, Windows XP and other pieces of software (freeware) which are used to do tasks like
data recovery and other mandatory tasks for a business of this size. To save money AVG antivirus
version 7.5 which is completely free will be used as a virus protection scheme initially.
3. Marketing
The Marketing Division of Kelar Systems will be responsible for the running of the advertisements
and the coordination of the actual website. It was recommended that website development personnel
be hired to maintain the website so that updates can be posted easily. In order to make commercials,
the marketing division will require a team to create them using Macromedia.
These software components will be purchased by the staff at Kelar systems.
Server Software
Microsoft Windows Small Business Server (SBS) 2003 R2
Price: $ 599.00
Required number: 1
Total Cost: $599.00
12. This software would be able to cater for all of the needs of the business including the future
expansion of its business.
Fault tolerance
An IDS or an Intrusion Detection System is a system designed to detect an attack from
either outside or inside an organization. It recognizes harmful processes or processes that are not
authenticated. There are many different types of IDS’s that exist.
The passive System
The passive system recognizes when there is an attack on a system or a threat or breach. It
then logs it and sends an alert to a console or the owner.
The reactive system
The reactive IDS referred to as an IPS or an Intrusion Prevention System responds to an
actual attack or perceived attack by severing the connection or reprogramming the firewall to block
traffic from a suspected source.
The following are other types of detection systems that exist:
A network intrusion detection system is an independent unit which identifies intrusions
•
by examining network traffic and monitoring multiple hosts. Network Intrusion Detection
Systems (NIDS) gain access to network traffic by connecting to a hub, network switch
(configured for port mirroring), or network tap.
A protocol-based intrusion detection system is made up of some sort of mechanism that
•
would typically sit at the front end of a server, monitoring and analyzing the
communication protocol between a connected device (a user/PC or system).
An application protocol-based intrusion detection system is made up of a system or
•
agent that would typically sit within a group of servers, monitoring and analyzing the
communication on application specific protocols.
A host-based intrusion detection system consists of an agent on a host which identifies
•
intrusions by analyzing system calls, application logs, file-system modifications (binaries,
password files, capability/acl databases) and other host activities and state.
A hybrid intrusion detection system combines two or more approaches. Host agent data
•
is combined with network information to form a complete network able to handle all of the
challenges presented in a working environment.
I would definitely choose a hybrid detection system made up of a reactive system and an
application protocol-based intrusion detection system. This is because it would allow for all the
security of a protocol- based detection system and the high maneuverability and added level of
13. security an IDS would provide. It would also cost less to buy software that can run on a server than
to buy one on every PC. It also wouldn’t slow down the network traffic like a network intrusion
detection system or a protocol- based detection system.
System Price Security Time
A network intrusion The hubs and switches Very secure because No impediments
detection system and other network of added levels of
devices add another security
layer of cost and hence
may become very
substantial.
A hybrid intrusion Uses the strengths of Uses the strengths of Uses the strengths of
detection system one system to one system to one system to
compliment the others compliment the others compliment the others
weaknesses and make weaknesses and make weaknesses and make
an even stronger an even stronger an even stronger
system system system
A host-based intrusion More expensive Protects server from Costs valuable time
detection system because software has being attacked from and slows down
to be installed on inside and outside. network traffic
every computer
An application Less expensive than Protects server from No impediments
protocol-based putting software on all being attacked from
intrusion detection PC’s but more inside and outside.
system expensive than other
systems
A protocol-based Either a user PC or a Protects server from Costs valuable time
intrusion detection server can be used for being attacked inside and slows down
system this system hence for a and outside. network traffic
smaller organization a
user PC is cheaper.
The passive System Cheaper than most Lowest level of No impediments
systems security detects and
alerts
The reactive system More expensive but Highest level of Slower because it has
worth the price for the security. Detects, to react to threats but
functionality isolates and solves makes up for it
threats or perceived
threats
A virtual server will be set up in order to act as a protocol- based intrusion detection system. It
will also have a software based intrusion detection system that will aid in equipping the system with a
high level of quality assurance.
14. The Physical Cisco Firewall and the software firewall on the Router are the composite parts of
the Hybrid system that will manage and cater for intrusion.
Networking concept
The Physical firewall will look like the above system whereby the network is physically
separate from the outside network. This firewall will be housed on the server. The Cisco firewall
will act as the physical firewall, while the Cisco firewall on the router will act as a secondary
buffer.
The standalone firewall will block intrusions that the router can also perform. However, the
physical router is not susceptible to many different attacks that can target the Cisco router. The
dual system would enable the network management team to put together a comprehensive security
15. plan that can cater for a broad base of attacks. The entire visio presentation was made and the
results are below:
The network will be able to access the internet via the router which is protected by the
firewall. The main switch will oversee the VLANs and the three servers. Although this may
present a problem if the switch fails, the data on the switch has been backed up on the server so
that if there is any problem it can be easily fixed.
The three VLANs (Marketing, Development, and Management) are set up to provide
different layers of access to the server and to the internet. They each comprise of a switch and a
group of Pc’s and a network printer.
16. Protection
Anti-virus:
AVG antivirus Networking Edition
Price: $159.99
Quantity: 5 licenses
Total cost: $165.00
The AVG antivirus networking Edition would enable the business to manage its security and
three servers in a comprehensive and efficient manner. The software boasts of many advantages
such as:
• Easy to use and manage
• Protection for workstations and file servers
• Centralized installation and configuration
• Free support and service around the clock and across the globe
• Protection against viruses, spyware, adware and hackers
It may be best to use this software because the system is able to cater well for the small
business needs and can cater for all of the security risks at the same time. It can protect all of the
servers and workstations at the same time and therefore can guard the entire system.
17. Security Policy
Only IT staff is allowed to access the server room which is physically locked. Only the IT
staff should have access to cards which can be used to open the card reader lock which is used to
lock the IT server room. The passwords to each server must also only be assigned to technicians
that require them for maintaining and fixing the systems and the network. To be able to disable the
Internet Access to the lunchroom on a certain subnet, the subnet can be removed from the access
list. To ensure that the company’s physically, removable assets are protected, the policy of locking
the computers with a lock and key system with IT having the master keys to the locks (3 or 4
copies). To ensure that the I.T. room is secured, the same card system that is used to lock the
server room can be used to lock the I.T. room.
To protect the Pc’s in the office, the use of the user accounts can be instituted. To do this
the domain server will contain the passwords for all the computers except those in the lunchroom.
The computers in the lunchroom are not on the domain. The other computers require a sign in on
the domain. To track the websites freestats.com can be used which would enable the tracking of
websites for free. Free web site tracking is available but each page that is tracked must display a
large (i.e. 400x60) banner advertisement. www.freestats.com
Free service Paid service
www.freestats.com
Maximum pages tracked: No apparent limit No apparent limit
Banner display: 400x60 advertisement No
Limit on page views: No No
Provides log file: Yes Yes
This approach was seen to be redundant as the protocols and services provided by the
Router and the switches enable the network traffic and websites visited to be tracked.
18. Labor
Development teams (Mary Consulting)
Although the members of the team all have their specialties, to complete the project we will need to draw
upon the skills of all of the members.
Project development
Elizabeth, Mary, Josanne
Web Site
Giovani, Kelvyn, Issa
Networking
Kelvyn, Issa, Giovani
Database
Giovani, Kelvyn
Maintainence (Kelar Systems)
All of the normal day to day maintenance will be conducted by Kelar Systems. If there are any questions
about the system or any training that is required, the members of the team that did this product (Mary
Consulting) will be at hand to provide assistance. The owner is adamant that we will be paid for any of
our services.
Each employee of Mary Consulting is paid by time served. The employees will be paid an equal amount
for the stages of production of the project. A standard fee of $20 an hour will be paid to the six employees
of Mary Consulting.
Architecture
The Architecture was initially drafted in the manner that the Packet tracer file is set up in, however it was
seen to be much too complicated and much simpler if it was done in visio. The arrangement will be
distributed across the five rooms that the business owns. The initial site plan is as follows:
19. Lunch room
Marketing
Reception
Management
Help Desk
Server
Development
Doors
Computers
Partition
Fire Escape
Waiting Area
20. The above chart is a network diagram of a proposed business. It gives a detailed site plan of
what the network infrastructure should look like. Each room is clearly labeled and identified. The
doors are also represented by diagonal lines as the legend indicates, as well as the other exits (fire
escapes). The partitions and borders of each of the departments are also clearly depicted. The six
rooms that are shown each have their own function. However, the waiting area, marked by the
petition, is part of the reception area.
There are twelve computers that will be used by various members of staff. These
computers are spread out between the departments as shown above. The Reception area, Lunch
Room, I.T. Department, Marketing Department, Help Desk, and Management all have their
allotted number of computers. The Reception Area, Lunchroom and the Marketing Department all
have one computer assigned to them, whereas the Management and Helpdesk areas are allotted two
computers each. The I.T. Development Department houses a total of five user computers and a
server.
The team met and discussed how the plan could be better implemented and it was
recommended that a second plan be drafted to better understand the structure. The networking
manager and the security team recommended the following design:
21. Cost
Item Cost
Router 799.99
Switch 3,088
Firewall 390.00
Alert system 0.88
Cables 135.00
Jacks 66.48
Printers 870.75
Pc’s 4,430
Server 4,499
Microsoft Windows Small Business Server (SBS) 599.00
2003 R2
Labor To be inserted
TOTAL $14,978.10