Design Implement And Support Networked Systems

Published Date: 02 Nov 2017

Their existing network consists of 2 routers, 2 servers, 10 workstations for the sales department and 12 workstations for the admin department. Internet access is only connected to the admin wireless router. It seems to have 2 subnets, one for the admin department and one for the sales department.

The client has stated that the current network does not meet all of the requirements that are needed. A problem is that users from the sales department cannot access the sales server if they login from a different workstation, or from an admin workstation. This is because there are 2 routers that are not configured correctly. Alongside this issue, they have to resort to emailing files from the different departments because the workstations cannot access the servers from every PC. Another issue is that the sales team often works later than the admin department, and they turn their router off when not using it, which causes every PC to lose internet connection.

I have been told that the management of the new network must be simple. This means that it should be nearly self-maintaining and require little to no technicians to keep it up and running. Another requirement is that there are 2 manager PC’s that need to be treated as a separate group on the network.

Given the issues and the requirements, I plan to use the following devices to design a simple yet effective network structure that should fulfil all the user requirements and solve the issues:

1 router that is connected to the internet

2 switches for each network (the admin dept and the sales dept)

2 servers for each department

10 hosts for the sales department

12 hosts for the admin department, and 2 of these to be separate for the managers.

Task 2

Below is the network that I have designed for my client:

This network configuration fulfils all the client’s needs. Instead of 2 routers, one of which is only connected to the internet, I decided to just have one router connected to 2 switches and the internet. This means that even if the admin department shuts down or the sales department continues to work, every device on the network will have internet access.

Also, the switches cannot be turned off unless every cable is unplugged, so each department will always have access to each other’s file server, unless the router is turned off.

The servers can be accessed by any device on the network. Instead of having 2 subnets I decided just to have one for the entire network. This should make managing the network easier for their technician. There are 2 management PC’s that are separate from the other hosts for the managers.

I tested this network by sending PDU’s to each device on the network. Every device was able to ping each other successfully with little delay. Any host on the network can send packets to any host connected to the network.

I used a wireless router in case a member of staff needed to bring in a laptop or other Wi-Fi-enabled host to connect to the network. This also allows additional hosts to be connected to the network so that extra wiring and Ethernet ports will not be required.

If the router breaks or is off for some reason, each department will still be able to continue functioning. The only issue will be connecting to the other departments file server and the internet. This is better than the old network structure because each host was connected to a router instead of a switch.

This meant that if the router was off, each host became isolated from the file server and other hosts within the same department.

I tested the network and design by sending simple PDU’s to devices across the network. Below are the results of the tests, and the image shows what host pinged what host.

I expected all of the pings to be successful. This was the result which shows that there is good and successful connectivity throughout the network. No packets where lost and they all returned successfully. Each host is connected successfully and can access any other host on the network.

To test the wireless compatibility of the new network I added a laptop that would be able to connect to the network. I wanted to see what level of access, if any, the device had to hosts on the system. Below are the results:

I pinged a PC on the sales department side of the network, as well as a managers PC within the admin network. I also pinged the laptop from the sales server to see if there was successful connectivity. As you can see from the results, all of the packets where sent and received successfully.

Task 3

The new and redesigned network has successfully solved and met any issues and requirements that my client has set. After redesigning their network and after implementing this one and testing it, I would suggest the following improvement for it:

The router – My client should decide if they want a Wi-Fi accessible network for their offices. If no staff members are going to use the wireless connection, they should swap the wireless enabled router for just a standard router with no wireless.

The reason for this is mainly due to security of the network. A pure wired network with no wireless points is much more difficult to "hack" or get unauthorised access than a wireless enabled network. Unless someone gets into the building to plug an Ethernet cable into one of the switches, a pure wired network is much safer than a wireless enabled network.

For example, any device that successfully connects to the wireless router has full access to every host on the network. This includes internet access and server access. The problem is that even if the access point is locked with a complex WPA-PSK2 password, it can still be cracked. Any level of password can be cracked with minimal effort, it just takes time.

One of the most common and fastest methods is packet "sniffing" or examining. A user who is trying to break into the network waits for an authorised device to connect to the network. They then force them off the network, and when that host connects it saves and displays the packets sent to the router. Within these packets is the full password for the router. This method is a quick way to access the network, however is much more difficult the higher level the password is.

The first, and most basic, type of router protection, called WEP, can be cracked in seconds using this method. However, a more complex type, WPA or WPA-PSK can take a long time, unless the user uses a brute force attack which requires a lot of high-spec hardware to be effective.

Another method that is used is having a wordlist, which is also known as brute forcing. An intruder will have a notepad-like document with millions of different combinations of possible passphrases. It will then fire packets with each passphrase to the router until the correct one is sent. This method is much slower than the previous method, but in some ways can be better because they can leave the PC to work for days without having to do anything to their PC. It also nearly guarantees access to the network, because they could have a wordlist with every possible combination of passwords within it.

However, an issue with this method is that any devices that are connecting wirelessly will be affected by the attack. Another issue is that if the router is switched off at any point it will cause errors and will have to be repeated.

I cannot suggest any other improvements to the network. It is very simple and effective, which minimal maintenance or technician work needed to keep it running.

Task 4

Below is a quarterly maintenance plan for their redesigned network:

Server maintenance checks:

Check and review server logs for any errors and any possible potential problems.

Review the service pack and check software is on most compatible and stable version.

Check health and HDD usage reports

Check and review antivirus software

Check and test system backups to ensure they are going to function correctly, and review disaster recovery status.

Network maintenance checks:

Record all network hosts & devices (routers, switches, servers and workstations)

Review all device configurations

Check firewalls.

Ensure all sockets and cables are not damaged.

Check if all devices are correctly connected to the network.