Delivery in day(s): 4
BN305 Virtual Private Network Oz Assignments
In the world of networking today, there are many intruders who access peoples’ network without their knowledge. Small businesses tend not to protect their networks since they believe that they have no information that can be targeted by the intruder. In reality many organizations and companies are losing data and money because of negligence of network security and awareness. On other hand, smart organizational behaviour are taking this into consideration by spending a lot in implementing security in their network. It is worth to spend a lot in implementing network security in order to avoid network vulnerabilities in any given network. This is used in developing effective security policies in any given network. Any attack in such organization will be easily identified and protected before it causes any harm to the entire system. Currently, it is necessary for enterprises and organizations to pay superior consideration to security layers in order to protect their networks from attacks . The determination of this report is to design a VPN network for an SME bank organization and study any attack or weakness in such network and implement security features in order to protect the network from threats.
Scope and limitation
Australib is a bank that operates in Australia. The bank has many branches in Australian cities. Each branch of the bank has its own network. This makes it hard for the management team to control data over all the branches that are located in Australian cities. Bank networks have some loop holes in which intruders can use to tamper with the banks’ data . The objective of this project is to develop a VPN network that will connect all the branches of the bank together over all the Australian cities so that they can be controlled from a single place and share resources within the network.
The following are some of the requirements that the VPN design aims at fulfilling.
Service part requirements
1. Connection of all networks in the bank using the VPN technology.
2. All the bank users to access the bank services through google, file server and email.
3. Designing the network so that users at all locations in Australia can access internet but not through VPN technology.
4. Implementation of routers in the network topology to control the flow of packets.
5. Identifying other requirements like IP addresses and routers that will be used in each location without conflictions .
6. Another requirement of the network is to identify the IP address that is assigned to the network, that is whether it is static or dynamic, and use of the same encryption method for the tunnel connection among the branches for high security. For information transformation, VPN will use the same authentication method to transfer data between the branches of the bank.
Network part requirement
Hardware and software
These are the components that will be used in connecting the network.
Most of the hardware components that will be implemented in the system will include the VPN systems. These VPN systems comprise of routers, switches and servers. Other devices are network end devices like computers and printers.
VPN hardware systems
Most of these devices will be encrypted and easy to use. Cisco 1900 routers will be the best to use in this part since they are designed with application features and integrated with cloud based services . These devices also deliver virtualized applications through a wide array of connectivity that is suitable in WAN networks. These devices will also offer high performance of the VPN network that has a speed of up to 25mps.
The software will offer high flexibility that hardware components cannot provide to the network. it will be managed by third part operators thus reducing on the cost of management. They are expected to w offer high flexibility and control of trafficking in the network . This is because they allow traffic to be excavated on address protocols unlike hardware components which have normal tunnel traffic regardless to the nature of the protocol. More so for hardware component to function, they entail information of the VPN host OS that will be implemented in the network. This software is highly secured to protect any corporation from security threats.
Below table shows the estimated price and hardware components for implementation of the network.
48 port switches
RJ 45/ 11-connectors
Intel core I3
500GB hard disk
32 inch screen
Wireless access points
Netgear 5GHZ LR
The above diagram displays the anticipated network plan diagram for the network . The diagram is a prototype for two branches that are connected together through ISP . Room for connection of other network from other branches is also catered for. Each branch will have its own server to store information in its area. The main routers that are located to each branch of the bank will have Public IP addresses so that they can be accessed from outside. All the branches will have wireless network to be used by the minor users within the bank branch. All network in the branch will be linked together through ISP to the external server that are located in google and yahoo server. These servers are located in the cloud and hence they can be accessed from anywhere when one is connected to the internet.
Physical design and network topology
The above shows the design thinking part of the network. The network from each branch is connected together through star topology as shown above.
The following IP addressing is used in the network.
DNS server, file server and yahoo server configuration
The following IP address will used at the headquarters
Virtual private system frameworks are continually developing and winding up more secure through four primary highlights: burrowing, validation, encryption and access controling. These highlights work independently, yet consolidate to convey a more elevated amount of security while in the meantime permitting all clients (counting those from remote areas) to get to the VPN more easy .
Redundancy failure plans
The network will be provided with external backup servers that will be stored in cloud. These servers will take over as soon as other servers in banks are down .
The network will be implemented with the following VPN commands.
1. Branch-1#show running-config Building configuration
2. Current configuration : 1702 bytes
3. version 15.1 no service timestamps log datetimemsec no service timestamps debug datetimemsec no service password-encryption !hostname Branch-1 !
4. ipcef no ipv6 cef !
5. licenseudipid CISCO1941/K9 sn FTX15240000 license boot module c1900 technology-package securityk9 !
6. cryptoisakmp policy 1 encraes 192 hash md5 authentication pre-share group 5 \
7. cryptoisakmp key cisco address 188.8.131.52 !
8. cryptoipsec transform-set TS esp-aes 256 esp-sha-hmac !
9. crypto map MyMap 10 ipsec-isakmp set peer 184.108.40.206 set transform-set TS match address MyAcl !spanning-tree mode pvst Design & Implementation of.
10. This command is used to provide security to the network.
VPN is a developing technology that is making its way to the market from unsecured Public telephone connections to advanced business connection in its gateway. The technology is also still developing this is great advantage to this business since it need the technology so that they can grow together. VPN technology will be the best for this network since I t will provide the highest security in the network
 Gupta, A., Kleinberg, J., Kumar, A., Rastogi, R. and Yener, B.. Provisioning a virtual private network: a network design problem for multicommodity flow. In Proceedings of the thirty-third annual ACM symposium on Theory of computing(pp. 389-398). ACM,2011
 Chekuri, C., Shepherd, F.B., Oriolo, G. and Scutella, M.G. Hardness of robust network design. Networks: An International Journal, 50(1), pp.50-54, 2009
 Chowdhury, N.M.K. and Boutaba, R.. Network virtualization: state of the art and research challenges. IEEE Communications magazine, 47(7), 2009
 N.M.K. and Boutaba, R. A survey of network virtualization. Computer Networks, 54(5), pp.862-876, 2013
 Eisenbrand, F. and Grandoni, F., 2005. An improved approximation algorithm for virtual private network design. In Proceedings of the sixteenth annual ACM-SIAM symposium on Discrete algorithms (pp. 928-932). Society for Industrial and Applied Mathematic, 2014.
 Gungor, V.C. and Lambert, F.C.. A survey oncommunication skills networks for electric system automation. Computer Networks, 50(7), pp.877-897, 2009
 Qu, W. and Srinivas, S.r. IPSec-based secure wireless virtual private network. In MILCOM 2002. Proceedings (Vol. 2, pp. 1107-1112). IEEE, 2011