Big Switch Network Design Repeat CustomerCustomer

Big Switch Network Design Repeat CustomerCustomer

Ruslan Zadorozhnyy (mediabaing@gmail.com) Phone: USA – 1-7078798161 (mobile)
Order Instructions:

Big Switch Network Design
Big Switch is a medium-sized sales organization with 100 employees with annual revenue of $10 million. Big Switch has a central office of 30 employees that supports a sales force consisting of 70 employees across 10 regional offices in the United States. Approximately 20% of the Big Switch sales are transacted from customers over the Web and 80% are from face-to-face sales interactions. The company expects a greater Web presence in the near future.

The Big Switch enterprise network consists of a core backbone, campus, data center, Branch / WAN, and Internet Edge. The seven (7) departments in the company include Finance, Operations, Human Resources, Sales, Marketing, Technology, and the corporate office. Computing equipment is provided to all employees of Big Switch. The company also uses 20 independent sales contractors that are assigned a specific territory and use their own computing and home office equipment to access the Big Switch network.

Due to recent major security breaches in its campus network, Big Switch has hired you to design an infrastructure that:
• Implements VLAN segments.
• Protects against MAC layer attacks.
• Protects against VLAN attacks.
• Protects against spoofing attacks.
• Secures the network switches.

As the network analyst hired to model this infrastructure, you are to provide an implementation solution that considers redundancy and secure strategies across the enterprise network and the Big Switch seven departments. The CEO has informed you that the capital budget for this migration cannot exceed $400,000 and must not interrupt business operations.

The company wishes a seamless migration that minimizes impact to its customers and employees. Any gaps in this background will require you to make sound technical and persuasive assumptions that satisfy the customer’s goals that are within the budget guidelines.

Your network migration plan will be in phases with noted milestones and graphic topologies that support your approach.

Write a paper in which you:
1. Explain the design of an infrastructure that Implements VLAN segments, protects against MAC layer attacks, protects against VLAN attacks, protects against spoofing attacks, and secures the network switches.
2. Describe the deployment approach and design that you would use in the enterprise network that consists of core backbone, campus, data center, Branch / WAN, and Internet edge. Defend your decision.
3. Describe the deployment approach and design that you would use in the seven (7) departments of the company, which include Finance, Operations, Human Resources, Sales, Marketing, Technology, and the Corporate Office. Defend your decision.
4. Using Microsoft Visio or an open source alternative such as Dia, graphically illustrate the infrastructure design that implements VLAN segments, protects against MAC layer attacks, protects against VLAN attacks, protects against spoofing attacks, and secures the network switches. Next, graphically illustrate the deployment approach for the seven (7) departments and design of the infrastructure. Note: The graphically depicted solution is not included in the required page length.
5. Propose the way in which your overall solution will promote a secure environment for Big Switch. Justify your response.

Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
• Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
Big Switch Network Design
A virtual local area network (V LAN) refers to the logical grouping of network nodes. It allows network nodes in a widely dispersed computer network geographically to communicate as if they were physically on the same network. It allows network administrators to divide their network physically and logically without using new cables or even make significant changes in the network infrastructure. Ultimately, the workstation will have standard requirements . Virtual Local Area Network has similar characteristics as those of physical Local Area Network. The only difference is that it allows you to be able to group network nodes even though they are in different physical location (Cisco, 2015). In order for us to create a VLAN, the following components are necessary:
• Switches-their responsibility is to create logical segments for the end station. These switches are to be used as entry points for workstation; they also give intelligence and increase performance
• Routers-this router should extend virtual local area network communication between departments. The router, in this case, will be used between the VLAN to share the company resources regardless of the physical barriers.
• Two layer 2 links: Will connect each department. The use of these two is to ensure that there is no redundancy if one link fails. As such, this will not hamper the corporate operations since the other link will be there to act as a backup plan.
In order for us to deal with MAC attacks there are some measures to be taken one of them being port security that will limit the MAC flooding attack and it also clamps down the port and transmit an SNMP trap.
As packets are moved from one user to another, their MAC addresses are checked to see if they have clearance for that kind of information. If not, the packets are returned to the sender with the message that they are not allowed to access the network. This ensures that there is security throughout the network and no address of devices is given to unauthorized devices. Spoofing refers to the creation of a fake address to loop information passing through the network. Segmenting VLANs based on MAC addresses ensures that each MAC address is assigned a unique VLANID which must be authenticated. This eliminates the possibility of an attacker creating a fake MAC account to get information transiting through the network.
The primary aim is to protect the switch from attacks. Spoofing attacks are not a rare occurrence to a network whereby there is presentation of a false truth in a credible way to deal with this by installing a protocol analyzer the work of the protocol analyzer will be to filter unwanted packets and then it reconstruct the packet streams. Hence, any user in the network can get their rightful copy of the file that is being transmitted. Prudent it is to see to it that you have secured the switches since they are a gateway to each segment of the network.
This can be achieved by configuring correct passwords in each part of the system, with different CLI access methods and different authorization method. Since they are going to use Cisco devices, we will set the console and Telnet credentials. There should be unique login details for each permission level without reusing passwords. It is also true that most switches process one look only access and a full administrative access rights. Particular centered entry level should be assigned to many switches. Without considering the type of the switch while we are assigning passwords, we will equally apportion login details. Even though they’re not required for primary CLI access, many 3rd-party network management tools have complications with a null username.
After creating the password and the usernames the next thing to do is to enable secure shell that will encrypt management communication that is happening between the switch and the terminals. This will prevent anyone from sniffing the traffic collecting passwords and data on the network configuration (Sincoskie, and Cotton, 2008). During the configuration of SSH on the switch e will create a public/private SSH key which the client will use to autheth end-user will employ to validate when they connect through the switch. In this case, independent switches should have SSH codes that should installed and saved in respective nodes that are connected to the particular switch this is to prevent middleman attacks.
The deployment and design approach that I would use for an enterprise network that consist of core backbone, campus, data center, WAN and internet edge is the modular approach to system design. This is because this corporate system is hierarchical and a hierarchical model is used to group different devices in too many systems that can be referred to as modules this module can be implemented one at a time since they are relatively independent apart from the core backbone. These hierarchical networks have higher benefits than flat network because the modules are easier to manage as compared to one big network.
Cisco for instance, provides the best enterprise network. Its design is hierarchical with different modules that have different functions. The different segments/ modules are connected using a reliable network structure. This enables connection within the enterprise and other users that are outside the network settings.
The module also allows for flexibility when designing and implementing the system this makes it easy for troubleshooting. Benefits that come with the modular approach are that: It creates well-defined systems with well-defined boundaries that are bordering the modules. This shows clearly the cutting edge such that the designer will know exactly where the traffic is emanating from and where it is destined to (Sincoskie, and Cotton, 2008). The designer is also able to focus on the needs of each module to simplify work by a gigantic margin. Modules approach allows the network to be increased and reduced in size since as network complexity grows, the designer can add new functional modules. It enables the designer to add services and solutions without changing the underlying system design.
In the case of Big Switch, I would deploy using a modular approach that would be implemented by divide each department into an independent module then connect them using the core backbone. This is because a modular network is easy to design and implement. The maintenance of this system will be equally easy and cost friendly. At the Internet edge, we will have the routers to connect to the internet at the core layer we will have switches that will connect now to the modules switches at the access layer. Each module at the access layer can be configured the traffic differently in each module will be managed differently and independently(Introducing Network Design Concepts, 2015).
Above all, network security remains an integral element that presents the designer with the responsibility to ensure utmost safety of the Big Switch Network Design system. This can be achieved by managing the switches securely as seen earlier we are going to create for each switch an independent password and username. This will enhance security when applied to a modular network. Also implementing SSH will further our Corse of improving the network security. In the system, we use dedicated virtual local area network ID for all trunk ports and all the user ports will have to be set as non-trucking user port.
For every user port, security remains paramount when it comes to securing independent ports. During the network implementation, it is necessary to ensure that the virtual local area network 1 is not used since it is prone to attacks. Instituting an ambitious approach is to counteract with ARP security issues in the network. Enable STP attack mitigation Use private VLAN where appropriate to divide further L2 systems Use MD5 authentication for VTP Use CDP only where necessary and we will disable all unused ports and put them in an unused VLAN. (Cisco, 2015)
References
Cisco, (2015). Catalyst 6500 Release 12.2SX Software Configuration Guide – VLANs [Cisco Catalyst 6500 Series Switches]. Retrieved 17 May 2015, from http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12- 2SX/configuration/guide/book/vlans.html
Cisco. (2015). What Is Network Security?. Retrieved 18 May 2015, from http://www.cisco.com/cisco/web/solutions/small_business/resource_center/articles/secure _my_business/what_is_network_security/index.html
Introducing Network Design Concepts. (2015) (1st ed.). Retrieved from http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CB4QFj AA&url=http%3A%2F%2Fwww.scte.org%2Fdocuments%2Fpdf%2FCCNA4%2520Sa mple.pdf&ei=fKJZVZmzNuXd7gbvuoCgDw&usg=AFQjCNFLtk2H_brECV4xJFymng VM73oZQw&sig2=wP-DXb9fmsin0leFyZJbgg&bvm=bv.93564037,d.ZGU
Configure Switches for Maximum Security and Network Stability. (2015) (1st ed.). Retrieved from http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CB4QFj AA&url=http%3A%2F%2Fwww.alliedtelesis.com%2Fmedia%2Ffount%2Fhow_to_note _alliedware_plus%2Fhowto_aw_plus__config_swi_max_secure_against_attack.pdf&ei= 1qNZVfyEHuSf7gaX3YKoCw&usg=AFQjCNESAdRLCb5T5NJWnXyAqXGWNmFX wg&sig2=lZc7Rgu3TgiuwpimTe3sbg&bvm=bv.93564037, d.ZGU

Sincoskie, W. D. and Cotton, C. J. (2008). Extended Bridge Algorithms for Large Networks. IEEE Network.

Place this order with us and get 18% discount now! to earn your discount enter this code: special18 If you need assistance chat with us now by clicking the live chat button.