ComputerScienceExpert
$18/per page/
I need all the highlighted words to be changed so the score can be zero. Even if you have to change the citations a bit go ahead. I just need to make sure we are clear with turnitin.
Â
Plagiarism approximately13%in8SourcesSources found:all sources9.22%www.coursehero.com→4.65%www.coursehero.com→3.95%www.slideshare.net→3.64%www.coursehero.com→2.41%www.homeworkmarket.com→0.89%www.coursehero.com→0.74%searchnetworking.techtarget.com→0.71%www.coursehero.com→Based on the below business goals, this proposal should offer a modular concept to allow the company to buildin phases if needed and to meet the business objectives as outlined by corporate headquarters.Increase revenue from $10 billion to $40 billion in three to four yearsReduce the operating cost from 30 to 15 percent in two to three years by using anautomated system forbuying and sellingProvide secure means of customer purchase and payment over Internet
Allow employee to attach their notebook computers to the WWTC network and Internet servicesProvide state of the art VoIP and Data Network(s)Provide faster Network servicesProvide fast and secure wireless services in the lobby and two large conference rooms (100x60)Double network capacity to facilitate and support the projected business growth.3 Project ScopeThis is a new network that will be installed in theWWTC New York regional office. They haveleased theentire floor of a building on Wall Street and areplanning to place 100 employees in the office and the companywants to have a state of the art network by years’ end. Additionally, there will need to be interconnections toother offices within the WWTC WAN and allow for remote access for their employee’s and a secure means ofpayment for their customers.WWTC Corporate has also identified several security instances where they would like to enhance their currentsecurity implementation. Data confidentiality and strong authentication will need to be addressed in this plan.There will need to be a new Active Directory Domain created under the WWTC Forest to create and managethe different OU groups that will reside in the New York office. Those groups will be comprised of, VP/CLevel users, Managers, Staff, Brokers and Guests.4 Design RequirementsWWTC has provided a very detailed list of requirements for the new LAN in the New York City regionaloffice. The technical goals for WWTC include the ability to provide secure, fast, and reliable network servicesto the company, its employees, and clients. The network must also be highly scalable, to account for theexpected growth of the company in the near future. Finally, the network will provide redundancy at every layerto avoid downtime in the event of equipment failure.4.1 Local Area NetworkWe will meet the LAN Design Requirements of WWTC, by providing a highly modular and scalable networkto allow for immediate operations and allow for growth and reduce downtime by ensuring that there areredundant connections (Mesh Topology) and by using Cisco products, there will be less product interferenceand technical gaps. Uplink and downlink speeds will be maximized to ensure enough bandwidth is provided tosupport VoIP. VTC and guests on the Wireless network and interconnection with the WWTC Headquarters andwith the streaming applications that will be used to access the World Wide Web for broker’s and guest’s to getreal-time data to perform their duties.4.2 SecurityRecent audit results have found that there are some physical, logical and personnel security concern’s that needto be addressed. Physical and logical vulnerabilities can be corrected by upgrading and making the proposednetwork design changes. The personnel vulnerabilities will require a change in policy and awareness, and willneed top-down management support to ensure that all employees have an understanding of the importance of asecurity mindset.WWTC needs to ensure that they review their security policies annually to adjust and grow their securityprogram. Some of the policies that should be put into place are:Acceptable Use, Access and Connectivity (Local and Remote), Secure Network Use, Privacy and SensitiveData Protection, Email Use, Ethics, Password Use and Protection, Data Breach Response, Server Security,Software Installation and Use, Workstation Use and Security, and Rules of Behavior.Additionally, all devices that are accessing the network will be isolated via VLAN’s created on the networkswitches with routing through VLAN’s controlled via OU and AD GPO’s, and the use of the Cisco ASAFirewalls and Cisco FirePOWER NIDS coupled with HIDS (McAfee) will provide a defense in depth solutionto better protect the network.4.3 VoIPVOIP is a combination of hardware and software that allows the user to make phone calls via internettransmission. Packets of data containing the voice transmission are sent using IP. Here at WWTC, we areseeking to use this very same technology in order to reduce operating cost by tapping into a pool of power andcommunication we already utilize on a daily basis, networking.
In order for us to implement VOIP, we need to consider a few things. First, we need to implement SessionInitiation Protocol (SIP). "SIP is a signaling protocol and widely used for setting up and tearing downmultimedia communication sessions such as voice and video calls. SIP is merely an initiation protocol forestablishing multimedia sessions and SIP uses Session Deblockedion Protocol (SDP) that describes the set ofmedia formats, addresses, and ports to negotiate an agreement between the two communication terminals as tothe types of media, they’re willing to share." (Chang & Wang, 2011).4.4 WirelessAwireless LAN must meet the same sort of requirements typical of any LAN, including high capacity, abilityto cover short distances, full connectivity among attached stations, and broadcast capability. In addition, anumber of requirements are specific to the wireless LAN environment. Thewireless LAN must be able toaccommodate upwards of 80 users with a bandwidth of 54Mbps and using 802.11g standards on the 2.4Ghzfrequency to prevent interference. The 802.1x (WPA2 Enterprise) authentication that will be implemented willensure that only authorized users are accessing the WLAN, and preventing unauthorized users from gainingaccess to, not only the WWTC network, but also authorized guests having their devices exposed to malicioususers.4.5 Active DirectoryWhen it comes to a company as large as WWTC Active Directory is going to play a large role in order to helpmanage computer and user policies. The easiest way to implement plans and policy requirements would be todistribute these by using group policy. The Active Directory structure will comprise of a New York Domainthat will be broken down into OU Groups and will allow for access to and from the WWTC headquarters andremote users. This Domain will provide for security within the Domain to protect information from thoseemployee’s that do not have a need to know for certain information. This will also allow for the enforcement ofGPO’s which will enhance management of security and configuration policies.5 Current State of the NetworkThe current state of the network infrastructure is solid and gigabit networking can beset up on existingnetwork wiring. Also, the existing power supply will meet their current and future demand. Thiscurrentinfrastructure should be able toprovide LAN speed minimum 100 MB and Internet speed minimum 54 MB.We will alsoneed toprovide wireless network access to network users and guest users in limited area (Lobbyand Conference room). In conference room and the lobby, the user will get a minimum 54 Mbps of bandwidth.6 Design Solutions6.1 Local Area NetworkAccording to our requirements, we have been given the 172.2.0.0/22 network and that should be able toaccommodate every device along with the capacity for 100% growth. To begin, we separated the subnets andVLANS along the division of OU groups, since those groups will have resources and policies that will beshared between them. For example, there are policies that will need to be applied to staff that won’t beapplicable to brokers and policies that will be applied to servers, but not printers etc. This estimate is based onthe unclassified network only.GUEST NETWORK:I have assumed the each of the four reception offices can hold a maximum of 10 devices on the Guest wirelessconnections. This allows for multiple devices per person there needing access to what will be the guestnetwork via a wireless AP that is connected to the DMZ. This will prevent Guest users from having access tocompany network services, but will allow for external connectivity. This gives an immediate total of 40connections. To make room for 100% growth, we must create our subnet for an assumed total of 80 devices.We need to create a 172.2.30.0/25 subnet giving us 126 available IP AddressesVOIP/ VTC/CONFERENCE ROOMS:For VOIP/VTC, we can look at the chart given and count that we have a current need for 100 Internetconnected phones and 6 VTCs. To double that, we need to accommodate room for 200 phones and 12 VTCs.We must use a full octet to accommodate this. Since we will allow the VOIP/VTC to use DHCP and we wantto make sure the VoIP are on their own subnet, 172.2.10.0/24 giving us 254 available IP addresses. For theconference room, we assume a max capacity of 10 in each for 20 devices. We must accommodate 40 for thefuture. That range will be 172.2.4.0/26 giving us 62 available IP addresses.
STAFF:For the staff, we counted the number of desks in the design giving us 53 connections needed (staff,receptionist, EA). For our printers, we are told that there are currently 20.SERVERS/NETWORK:For the servers we have a given 43 servers that will be used to provide web services, custom applicationsavailable to brokers and clients, an internal Email Server, DNS, DHCP, and Active Directory and 12 networkdevices. We must double that to 86 servers for future Active Directory needs and 24 network devices.EXECUTIVE LEVEL:For the executive segment, we used the given number of devices needed for the current executive offices andextended that into the vacant offices, assuming that any new executive will sit in one of those. This gives us atotal of 10 workstations currently needing addresses (4 CEO and above level with 6 vacant offices) with usneeding to provide for 20 for future growth.CLASSIFIED NETWORK:For the classified network, we will have 12 network devices, XX servers and 18 workstations, in addition to 18VoIP phones, and 13 VTC’s. We will not have a DMZ, and will replace one of the ASA’s with a Dell Sonicwall3600 (Firewall appliance with VPN capability). We will maintain the same addressing and VLAN schemesince this is a separate network and this will allow for ease of management from the Administrators.Unclassified Network Diagrams, VLANS, and IP Addresses:Unclassified VLAN’sVLAN Name VLAN ID Network Network Range Available IP AddressesGuest 101 172.2.30.0/25 172.2.30.1 – 172.2.30.126 126Servers/Network 201 172.2.20.0/23 172.2.20.1 – 172.2.21.254 510VoIP 301 172.2.10.0/24 172.2.10.1 – 172.2.20.254 254Staff 401 172.2.2.0/23 172.2.2.1 – 172.2.3.254 510Executive 501 172.2.1.0/25 172.2.1.1 – 172.2.1.126 126Unclassified IP Addresses and SubnetsSegments VLANID Devicequantity IP addresses required including growth Subnet Number of Hosts First Host - Last HostServers/Network 201 71 142 172.2.20.0/23 510 172.2.20.1 – 172.2.21.254DMZ N/A 6 62 172.2.40.0/26 62 172.2.40.1 – 172.2.40.64VoIP/VTC 301 106 212 172.2.10.0/24 254 172.2.10.1 – 172.2.10.254Guest 101 40 80 172.2.30.0/25 126 172.2.30.1 – 172.2.30.126Conference Rooms 401 20 40 172.2.2.192/26 62 172.2.2.193 – 172.2.2.254Printers 401 20 40 172.2.3.0/26 62 172.2.3.1 – 172.2.3.62Executive Offices 501 4 8 172.2.1.0/26 62 172.2.1.0 – 172.2.1.62Managers/ Vacant 501 13 26 172.2.1.64/26 62 172.2.1.64 – 172.2.2.128Staff 401 53 106 172.2.2.0/25 126 172.2.2.1 – 172.2.6.126Brokers 401 28 56 172.2.2.128/26 62 172.2.5.128 – 172.2.5.190Classified Network Diagram, VLANs, and IP AddressesClassified VLAN’sVLAN Name VLAN ID Network Network Range Available IP AddressesServers/Network 201 172.2.20.0/24 172.2.20.1 – 172.2.20.254 254VoIP 301 172.2.10.0/24 172.2.10.1 – 172.2.10.254 254Staff 401 172.2.2.0/27 172.2.2.1 – 172.2.2.190 190Executive 501 172.2.1.0/25 172.2.1.1 – 172.2.1.126 126
Classified IP Addresses and SubnetsSegments VLANID Devicequantity IP addresses required including growth Subnet Number of Hosts First Host - Last HostDMZ N/A 4 32 172.2.40.0/27 8 172.2.40.1-172.2.40.30Servers/Network 201 71 142 172.2.20.0/24 254 172.2.20.1 – 172.2.20.254VoIP/VTC 301 83 166 172.2.10.0/24 254 172.2.10.1 – 172.2.10.254Printers 401 10 20 172.2.2.128/26 62 172.2.2.129 – 172.2.2.192Executive Offices 501 4 8 172.2.1.0/26 62 172.2.1.0 – 172.2.1.62Managers/ Vacant 501 13 26 172.2.1.64/26 62 172.2.1.65 – 172.2.2.126Staff 401 53 106 172.2.2.0/25 126 172.2.2.1 – 172.2.2.126Equipment List6.2 SecurityThe scope of this universal policy covers the security and use and protection of all WWTC information andinformation systems applications and network devices. Each section of the policy is broken down into eachdefined area, and updates or changes to the policy will be communicated to all employees as soon as thosechanges are made. RFP Team 5 will include Security Policies as enclosures attached to this outline.Security DesignCertain company assets are going to be ranked more important than others and will need better security formore efficient protection. Assets for the World Wide Training Company include employees, clients, markettracking application, stock and bond analytical application, the online trading application, physical networkinfrastructure for examples switches and servers.World Wide Trading Company will also have application servers in place in order to run the companies offeredclient services. These servers include their Market Tracking application, Stock and Bond Analytical applicationand their Online Trading Platform. The services are available through the web making it important that theyusing the Secure Hyper Text Transfer Protocol in order to transmit data over the internet. Using HTTPS willallow encryption of the data be transferred though using Secure Sockets layer protocol or Transport LayerProtocol these protocols encrypt data transfer over and unsecure network.It is necessary to create a distinct management VLAN from the rest of the network by a firewall or access listsfor the reason that the foundation of our network management security will be based on these servers. Onlytraffic from managed devices or those protected by encryption will gain permission in the management VLAN.To get rid of the possibility that it could be intercepted in transit, the management traffic will be kept off theproduction network. Each device will be configured with a physical port on the management VLAN throughSSH or IPSEC encryption. Based on the policy of that subnet, only appropriate incoming packets will bepermitted. To eliminate spoofing and minimize any malicious or illegitimate activities, outbound traffic will befiltered. Spoofing will be prevented by filtering traffic leaving each subnet. Incorrect source address is anindicator of possible attempt to initiate a DDOS/similar attack or a compromised or a misconfigured machine.One-time password server with RSA Security’s ACE server will be used as a strong authentication.If over the production network communication will be necessary, SSH among other encrypted communicationprotocols will be used. Audit requirements will be met by logging to the syslog servers located on themanagement network. Other techniques can be used to enhance security because most busy network adminsmay not be able to monitor every unused port. This could be requiring user authentication through RADIUS orLDAP before they are given access to any resources a technology instigated in Cisco’s User Registration Tool(URT) that, depending on the credentials supplied, grants users ability to be assigned to different VLANs.Layer 2 securities will be enforced by limiting the MAC addressed that is permitted to communicate on theports. Intrusion or ARP spoofing activities such as sniff utility will be indicated by a flood of MAC addressesor even a single new MAC address. To ensure frames for the designated Ethernet address are always forwardedto the specified port and it can present ARP spoofing attacks, a static MAC assignment will be created. Set cam
permanent aa-bb-cc-11-22-22 6/1 is used to set a static port on a Cisco switch.The MAC addresses appearing on each port will be limited to one or a small number. Configuration of a timeout will help prevent a new MAC from appearing until the elapse of a certain time period which can beconfigured with the set port security statement on a Cisco switch. To establish MAC address forwarding tablesand establish a tree-like topology which forwards frames via the faster’s path and eliminate loops switches andbridges will make use of Spanning-Tree Protocol (STP).The root bridge of the spanning tree will be located near the core of the network on the highest bandwidth linksto achieve optimum performance. To enforce the STP topology and prevent the root bridge from appearing onan edge segment or on a lower bandwidth connection we will make use of the STP root guard feature that willbe allowed on ports we do not want to see the root. The port will change from forwarding to listening stateuntil the superior BPDU announcements are stopped on the condition that superior BPDUs are received from aport with root guard enabled.On ports where end stations are attached and slows the port to immediately transition the forwarding statewithout the delay caused by the STP calculation, the spanning tree portfast command is configured. Uponaccessing public server, hackers may logically launch attacks against other hosts on the public segment. Thismakes it ideal to recommend a private VLAN that provide a means to prevent hosts on the same subnet fromcommunication with each other granting access to required communication to their router and hosts on othernetwork connections.Implementing security at the network level crowns our security strategies. To prevent the most determinedattacker able to penetrate the set perimeter defense walls from compromising our hosts, a strong encryptionand authentication will be implemented at the network level. IPSEC IP security, an enhancement to the IPprotocol documented in various RFCs by IETF ensures that every packet transmitted to the LAN is encryptedwith strong encryption algorithms.6.2.1 Roles and Responsibilities• President – Will ensure that all policies are communicated, understood and enforced by the departments thatare responsible for maintaining them.• CIO – Will ensure that there are proper resources and support to enable the IT department to manage andeffectively support the company, their clients and employees as directed by the President.• CISO – Will ensure there is an effective Information Security department to handle all aspects of IT Securitywithin the Company, and address any concerns on management of the IT Security program.• Administrators – Will follow the Corporate Policies by managing and supporting the Policies in a technicalmanner.• Security - Will ensure that all policies are able to be met, and that all employees are complying with thepolicies in place.• Users – Will ensure they are working in compliance with all policies and will bring to the attention ofmanagement when there are potential questions or deviations from the Corporate Policy.6.3 VoIP and WirelessAs per the determination in the WWTC Business and Technical prerequisite, the outline of the remote systemmust give a quick and secure remote association in the hall, and also the two rooms in the association.For productivefull Wireless Access Points (WAP), a Cisco Aironet 1250 Series WAP will bedesigned in eachof the rooms and the entryway. The Aironet 1250 will be a perfect decision for the gathering room because of agreat deal of high transfer speed use as far as voice, information and video applications utilized as a part ofthese regions. The WAP is additionally a double band gadget with numerous channels able to break pointchannel covering amid high activity use, bolsters rebel get to location, ready to distinguish malevolent clientsand alarm the overseer. ACisco 4400 Series Wireless LAN Controller will beadded to the WAP used togivesingle administration indicate ongoing correspondence to and from the WAP and will convey incorporatedsecurity approaches, interruption recognition and avoidance capacities, nature of administration and proficientversatility benefit.The WLC interface with the PoE switches are arranged with three VLANs: WWTC representative, WWTCvisitor, and voice for remote telephones. Keeping in mind the end goal to guarantee most extreme transferspeed and lessen RF impedance, these APs will be set in the focal point of every area and will be designed to
utilize 802.11g (backings the 54 Mbps transmission capacity prerequisite) with the 2.4 GHz recurrence. The2.4 GHz recurrence is the best recurrence to use since different gadgets, for example, microwaves utilize the 5GHz recurrence and if the APs utilize the 5 GHz recurrence, there will be danger of RF obstruction. The APswill be mounted at every end of the two meeting rooms and the entryway territory rather than overhead withthe goal that it doesn't contrarily influence each of the rooms' feel. To boost channel and transfer speed use, theAPs will be introduced at eight feet from the floors in every room and will confront descending at 40 degrees.The receiving wires will be directional keeping in mind the end goal to guarantee sufficient scope and the APsin the two rooms will utilize isolate (channels 6 and 11) so as to keep comparative channels from meddlingwith each other at the covering point. For the entryway APs, they will be put at every end at eight feet from thefloor and will confront descending at 40 degrees. Both receiving wires will be directional keeping in mind theend goal to guarantee sufficient scope alongside utilizing separate channels (6 and 11) to relieve channelimpedance.For security, we will utilize802.1x (WPA2 Enterprise) authentication where all WWTCclients and visitorsmust give their username and secret key (visitors will be given a transitory username and watchword) beforeconfirming onto the WLAN. The 802.1x standard additionally includes encryption by means of EAP. Thisguarantees secretly since unapproved clients, for example, a war driver utilizing a bundle sniffer to seetransmitted information over the WLAN, can't see the information. VLANs will be arranged on the WLC thatwill isolate movement on the WLAN. The names of the VLANS are: WWTC workers, WWTC visitors, andvoice. Representatives in WWTC's NYC office will be on the WWTC workers VLAN, external clients whoneed to get to WWTC's WLAN any of the three areas will be on the WWTC visitors VLAN, and the voiceVLAN will be designed to deal with remote telephone correspondence. The following is the outline for theremoteNetwork Layout:Wireless Access Point Installation and ConfigurationLocation of AP Name of APs AP Configuration SummaryConference Room 1 WWTC_Conf1.1, The AP will be mounted at every end ofroom 1, eight feet from thefloor, specifically in the focal point of the hall. The receiving wire will be directional for the satisfactory scopeof the clients. The APs will utilize isolate diverts keeping in mind the end goal to forestall channel impedancealongside utilizing 802.11g for data transfer capacity and 2.4 GHz recurrence.Conference Room 2 WWTC_Conf2.1, The AP will be mounted at every end ofmeeting room 2 eight feet fromthe floor, specifically in the focal point of the anteroom. The receiving wire will be directional with a specificend goal to sufficient scope for the clients. The APs will utilize isolate diverts keeping in mind the end goal tocounteract channel impedance alongside utilizing 802.11g for data transfer capacity and 2.4 GHz recurrence.WWTC requires a Voice over IP (VoIP) game plan that will decrease expenses and keep up 100% accessibility.The VoIP utilization must be flexible to oblige future advancement and have adjustment to inward adjustments.The New York office must separate VoIP from the framework to expect impedance of the lines and obstructover the framework. Right when used as a singular substance, VoIP action will encounter the evil impacts ofreduced information exchange limit when there are deferrals or diverse issues over the framework. By keepingVoIP in isolation submittedVLAN, these issues will be avoided. The VLAN will make it lessdifficult forheads to manage VoIP. Communications Manager can be used to both screen and regulate IP correspondenceand video benefits all throughWWTC. The Cisco Business Edition 6000 offerssufficient use of the UnifiedCommunications Manager support to consolidate VoIP and video illuminating organizations.Outside telephone lines will be used through open traded telephone sort out (PSTN) stations. WWTC'slegitimate staff and authorities will make business calls outside of the affiliation and will require PSTN phonelines. As a result of the amount of customers (around 28) and the typical considerable call volumes to be made,it is evaluated that official staff and middle people will require around six PSTN channels at a 5:1 man for eachchannel extent. For redundancy, voice-sort out dial mates can be set up to keep up 100% system.OH PSTotal PR BW BW Peak users BW Total11 bytes 42 bytes 39 bytes 50 pps 1.6 KBps 12 Kbps 80% 940KbpsOH – Overhead PS – Packetization Size PR – Packet Rate BW – Bandwidth KBps – Kilobytes per secondKbps – Kilobits per second pps – packets per second
Calculation: Overhead + Packetization Size x Packet Rate = BandwidthUtilizing the VoIP transfer speed adding machine, with the G.729 codec the data transfer capacity for a solitaryVoIP call will require 12 Kbps. The aggregate data transmission for voice calls should be no less than 840Kbps, on the presumption that that 70% of the WWTC staff are utilizing VoIP telephones at pinnacle hours.6.4 Active DirectorySetting up Active Directory requires the set up of both a Domain Name Services server and a Dynamic HostConfiguration Protocol Server. The DNS server is put into place in order to resolve host names on the network.The DHCP Server will be put into place in order to assign hosts on the network with an IP Address in order toallow them to communicate with other network devices.Create forest root domainTo begin creating the forest root domain you must deploy the first forest root domain controller. To do this youwill log into your server andinstall Active Directory Domain Services on theserver byrunning ActiveDirectory Domain Services Installation wizard. You should alsoenable the Group Policy Try Next Closest Sitein order to allow clients to locate the closest domain controller. Next you should install a second Domaincontroller as a backup and follow the same steps above. Next you will reconfigure the DNS server by enablingaging and scavenging in order to eliminate stale DNS records from the server. In the final step you willconfigure site topology, to do this your start by creating an administration group for the AD DS. Once youcreate a group you will open AD Sites and Services, go to Administrative Tools, choose Active Directory Sitesand Services, right click the sites node and select Delegate control and assign the proper admin group to thesite.Create Top Tier Organization UnitsDuring this step your will be creating the top tier organization units these OU’s consist of New York office,President, Administrators, CEO’s, VP’s, Managers, Brokers, IT Dept, FIN Dept, and HR Dept. To Create theseOrganizational units will open up Active Directory Users and Computers. Select the domain under which youare creating the OU and right click and select New then click Organizational Unit. We will follow these stepsfor each of the OU’s listed above and they will be created for each child domain.Create Second Tier Organization UnitsCreating the second tier Organizational Units follows the similar steps as above but for these we will create anEmployee OU, a computer OU and a Printer OU for each of the above already created top tier OU’s. In orderto do this, we will select the top tier OU we wish to create a second tier OU for and Right Click that selectNew and choose Organization Unit.In this section we will be creating security groups for the each of the above organizational unit’s users. Herewe will have groups listed as follows:New York – NY_GRPPresident – NY_Pres_R, NY_Pres_WAdministrators – NY_Admin_R, NY_Admin_WCEO’s – NY_CEO_R, NY_CEO_WVP’s – NY_VP_R, NY_VP_WManagers – NY_Mgr_R, NY_Mgr_WIT – NY_IT_R, NY_IT_WBrokers – NY_Brokers_R, NY_Brokers_WFinance – NY_Fin_R, NY_Fin_WHR – NY_HR_R, NY_HR_WThe above groups are created in order to help better keep track of resources that are accessible to eachdepartment and it also allows for group policies to be added to each department separately or as whole. The
First group NY_GRP is used to apply as a group for all users in the New York area. The next groups are brokendown by department or job role each department has an _R and _W these mean read in write I have done thisto be able to separate groups that should be able to view data on share drives and groups that will be able tomake changes to any data that is stored. Everyone in all departments will be placed in the read only groupautomatically and those users which require write access will be added to the _W group.To create the groups, it is very simple you start by opening up your Active directory users and groups snap in.After the snap in has been opened you navigate to the create OU and department, from here you will right clickhit new and choose group. For example, for the New York Group you will go right into the first OU and rightclick and select new then choose group.Group PoliciesBelow are the policies required by WWTC:• Enable BitLocker on all servers and workstations• Set BitLocker to automatically unlock when connected to internal network• Enable encryption on drive only if space is used• Enable branch cache on file servers• Enable cache encryption• Enable Smart Card with Pins to access network resourcesActive DirectoryBelow are the requirements for Active Directory Users and Groups• Must have OU levels for users and computers• Three types of OU levels Global, Universal and Local Groups• Restrict Universal group membership must be assigned• Groups are based on OU’s• Single forest with multiple domainsHere is a comprehensive list of additional GPO’s that will be configured to ensure a secure computingenvironment within both WWTC and the WWTC classified LAN. The settings will be altered to adjustdifferent security and protection schemes, but these are the general settings that will be applied and linkedthroughout the Domain.GPO Administrative Settings:• Control Panel• Desktop (User Configuration only)• Network• Domain Controllers• Domain Member Servers• Printers (Computer Configuration only)• Shared Folders (User Configuration only)• Start Menu and Taskbar (User Configuration only)• System• Windows ComponentsSecurity Settings:• Account Policies• Audit Policy• User Rights• Security Options• Event LogsPreferences Settings:• Applications• Drive Maps• Files• Folders• Registry
• Network shares• Devices• Folder Options• Internet Settings• Local Users and Groups• Network Options• Power Options• Printers• Scheduled Tasks7 Implementation PlanWith the approval of this RFP, the IT department will coordinate with purchasing to identify the third partyvendor that will provide all the equipment that was annotated in the equipment list. They will then consult withthe RFP team to start the implementation prior to the New York office being staffed. This will allow forreceiving, unboxing and performing any installation tasks while not disturbing employee’s or guests during theimplementation. Additionally, this will allow the IT department to ensure that all connectivity is achieved priorto causing disruptions or outages.The IT department will provide the below implementation plan to all Managers and above to allow for propercommunication of status and timelines being completed. With the scope of the plan, and the modular andscalable nature of the network, growth should be seamless and transparent to the end users and the need fornetwork upgrades and expansion should not be seen in the first 3-4 years. If it is determined that there needs tobe greater capacity, then the IT department will conduct a network upgrade evaluation to expand the existinginfrastructure.Training for administrators will be minimal as they will be involved in the installation, configuration anddeployment of the network. End users will be trained as needed to access their personal share drives and email,but all mapping and access will already be established and should be transparent to the end user. Guests andvisitors that are accessing the network via the WLAN will have a quick training session on connecting andaccessing the WLAN.A contingency plan, in the case of network failure, will need to be addressed. This plan should begin withshifting access and resources to connect directly to the WWTC headquarters Domain by replicating the OUdirectory to the WWTC headquarters Domain and providing an internet connection via VPN to headquarterswhile troubleshooting takes place. Once the issue/s have been resolved, all users will then be shifted back tothe New York Domain for continued access.7.1 LAN ImplementationSTEP TASK1 Install the racks for network equipment and servers and run power to racks.2 Mount required networking equipment and servers in racks and connect power.3 Run and label Cat 6 cabling for all networking equipment and servers.4 Configure Unclassified routers and switches, including VLAN configurations.5 Configure Classified routers and switches, including VLAN configurations.6 Verify connectivity between all networking equipment on both the unclassified and classified networks,using VLAN 201. Troubleshoot and repair any connectivity issues.7 Run and label all Cat 6 cabling for Desktop Clients8 Connect all Servers and Desktop Clients to switches and verify communication between all VLANs.9 Set-up Classified and Unclassified connections between Cisco ASAs located at WWTC NY Office andWWTC Headquarters. Create connection between core routers at each location after ASA connections aremade. Troubleshoot and repair any issues.7.2 SecuritySTEP TASK1 Asset Protection2 Install Configure Firewall and Rules
3 Configure DMZ4 Encrypted Communications5 VLAN/ Port Security6 Security Technologies7 Security Policies Outline7.3 VoIP and WirelessSTEP TASK1 Prepare Reliable Internet connection between offices2 Introduce a game plan for VoIP3 Determine VoIP Redundancy4 Determine best location for WAPs5 InstallCisco Aironet 1250 Series WAP inappropriate locations6 InstallCisco 4400 Series Wireless LAN Controller7 Prepare & Plan Wireless Security Plan8 Use 802.1x (WPA2 Enterprise) authentication7.4 Active DirectorySTEP TASK1 Create DNS Server2 Create DHCP Server3 Create AD Forrest Root Domain4 Create forest root domain5 Create Top Tier OU6 Create Second Tier OU7 Create AD Security Groups8 Create GPO’s based on Groups8 Project BudgetThe goal set forth by WWTC was to reduce overall costs from 30 to 15 percent within the next four years.With the network plans that we have laid out in this document that goal will be achieved in a cost effective andtimely manner. Overall cost for the project range around 45 to 50k. The gap is added to somewhat account forlabor charges of the workers who will put the plan in motion.ITEM COSTEquipment $30,000Software $10,000Labor $10 – 25 per hourTotal $45,000 to 50,0009 Summary of Proposal10 Design Document AppendixSwitch and router configurationsFirewall configurationsSecurity Policies11 ReferencesCisco Aironet 1250 Series Access PointData Sheet. (n.d.). RetrievedJune 2, 2016,fromhttp://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1250-series/product_data_sheet0900aecd806b7c5c.htmlCisco ASA 5500-X Series Next-Generation Firewalls - Products &Services. (n.d.).Retrieved June 1,2016, fromhttp://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/index.html?.
Cisco ASR 1001 Router. (n.d.).RetrievedJune 1, 2016,fromhttp://www.cisco.com/c/en/us/products/routers/asr-1001-router/index.htmlCisco Catalyst 3560 Series Switches - Products &Services. (n.d.).Retrieved June 2, 2016,fromhttp://www.cisco.com/c/en/us/products/switches/catalyst-3560-series-switches/index.htmlCisco IPS 4270-20 Sensor. (n.d.).RetrievedJune 2, 2016,fromhttp://www.cisco.com/c/en/us/support/security/ips-4270-20-sensor/model.htmlCisco Secure Access Control System - Products &Services. (n.d.).Retrieved June 3, 2016,fromhttp://www.cisco.com/c/en/us/products/security/secure-access-control-system/index.htmlhttp://www.cisco.com/c/en/us/products/collateral/unified-communications/unity-express/reference_guide_c07-566560.html.Cisco Unified Communications 500 Series Model 560 for Small Business: Platform Reference Guide. (n.d.).RetrievedJune 3, 2016, from Technet. (2016). Windows Deployment ServicesCisco Unified IP Phone 7942G Data Sheet. (n.d.). Retrieved June 3, 2016,fromhttp://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/unified-ip-phone-7942g/product_data_sheet0900aecd8069bb68.htmlCisco Wireless LAN Controllers. (n.d.). RetrievedJune 2, 2016,fromhttp://www.cisco.com/c/en/us/products/collateral/wireless/4100-series-wireless-lan-controllers/product_data_sheet0900aecd802570b0.htmCisco. (2011). Wireless LAN Design Guide for High Density Client Environments in HigherEducation.Retrieved June 2, 2016, fromCisco:http://www.cisco.com/c/dam/en_us/solutions/industries/docs/education/cisco_wlan_design_guie.pdf.Dell Precision Tower 3000 Series (3420). (n.d.). Retrieved June 5, 2016,fromhttp://www.dell.com/us/business/p/precision-t3x20-series-workstation/pd?&-t3x20-series-workstation&&HPColor LaserJet Pro MFP M527n. (n.d.). Retrieved June 2, 2016,fromhttp://store.hp.com/webapp/wcs/stores/servlet/us/en/pdp/printers/hp-color-laserjet-pro-mfp-m176nHPNC365T 4-port Ethernet Server Adapter. (n.d.). RetrievedJune 2, 2016,fromhttp://h18004.www1.hp.com/products/servers/networking/nc365t/index.htmlTestOut. (n.d.). DHCP Subnetting [Video file]. Retrieved from http://cdn.testout.com/client v5-1-8-81/startlabsim.html?-us.ARE YOU SURE YOUR ESSAYHAS NO MISTAKES?YESNO
Attachments: