Professional Documents
Culture Documents
Machhapuchchhre Bank
By Amit Maharjan
Submitted to Lecturer Ramjit Prasad Koirala
09
Project on Machhapuchchhre Bank 2009
Table of Contents
Introduction: ................................................................................................................................. 5
Acknowledgements ....................................................................................................................... 6
Current System: ............................................................................................................................ 7
Problem Background: .................................................................................................................... 8
Objectives: .................................................................................................................................... 9
Network Architecture.................................................................................................................. 10
WAN Diagram.......................................................................................................................... 10
Diagram explanation for WAN diagram: .............................................................................. 10
Diagram for Corporate office:.................................................................................................. 11
Diagram explanation for Network architecture of corporate office: .................................... 11
Diagram for branch offices: ..................................................................................................... 12
Diagram explanation for Network architecture of branch office: ........................................ 12
Diagram for Disaster Backup: .................................................................................................. 13
Diagram explanation for Network architecture of branch office: ........................................ 13
Network Topology ................................................................................................................... 14
1. Star topology ............................................................................................................... 14
2. Bus topology ................................................................................................................ 15
3. Ring Topology: ............................................................................................................. 16
4. Mesh Topology: ........................................................................................................... 17
Communication Media: ............................................................................................................... 19
Guided media .......................................................................................................................... 20
1. Twisted Pair Cable ....................................................................................................... 20
i. Unshielded twisted-pair cable (UTP) ...................................................................... 21
ii. Shielded twisted pair cable (STP) ........................................................................... 24
2. Coaxial cable ................................................................................................................ 25
a. Thin coaxial cable/10Base2 (Thinnet) .......................................................................... 26
b. Thick coaxial cable/10Base5 (Thicknet)........................................................................ 26
c. Fiber Optic cable .......................................................................................................... 27
Unguided Media:......................................................................................................................... 29
1. Radio Technologies: ......................................................................................................... 29
2. Infrared technologies: ..................................................................................................... 30
3. Microwave Technologies ................................................................................................. 30
Amit Maharjan
ID: 1801T3080019 Page 2
Project on Machhapuchchhre Bank 2009
i. Terrestrial microwave systems: ................................................................................... 30
ii. Satellite Microwave systems:....................................................................................... 30
Networking and Internetworking Devices ................................................................................... 31
1. Routers ............................................................................................................................ 31
Advantages of Routers:.................................................................................................... 31
Disadvantages of router: .................................................................................................. 32
2. Switch and Hubs .............................................................................................................. 32
i. Unmanaged switch ...................................................................................................... 32
ii. Managed switch .......................................................................................................... 32
a. Active Hub: .................................................................................................................. 33
b. Passive Hub: ................................................................................................................ 33
c. Intelligent Hub: ............................................................................................................ 33
3. Bridge .............................................................................................................................. 33
Advantages of Bridge ....................................................................................................... 34
Disadvantages of Bridge .................................................................................................. 34
4. Modem ............................................................................................................................ 35
5. Gateway .......................................................................................................................... 36
6. Repeaters ........................................................................................................................ 37
Advantages of Repeaters ..................................................................................................... 37
Disadvantages of Repeaters ................................................................................................ 37
7. Network Interface card (NIC) ........................................................................................... 37
8. RJ-45 Connector .............................................................................................................. 38
Network Security......................................................................................................................... 39
i. Physical Security .............................................................................................................. 39
ii. Network security ............................................................................................................. 39
a. Firewalls ...................................................................................................................... 40
a) Packet filtering ............................................................................................................. 40
b) Application Layer Firewall ............................................................................................ 41
c) Proxies ......................................................................................................................... 42
d) Network Address Translation Firewall (NAT firewall) ................................................... 43
b. Intrusion Detection Systems (IDS) ................................................................................ 44
1. Network intrusion detection system (NIDS) ........................................................... 44
2. Host Based IDS ......................................................................................................... 44
Amit Maharjan
ID: 1801T3080019 Page 3
Project on Machhapuchchhre Bank 2009
Communication Links .................................................................................................................. 45
a. FDDI (Fiber Distributed Data Interface): .......................................................................... 45
b. Ethernet: ......................................................................................................................... 46
c. Token Ring: ...................................................................................................................... 46
d. Data Transfer Modes: ...................................................................................................... 46
e. IP address: ....................................................................................................................... 46
Budget Estimation: ...................................................................................................................... 47
Conclusion:.................................................................................................................................. 49
References and Bibliography: ...................................................................................................... 50
1. References on Images:..................................................................................................... 50
2. References for study on firewalls:.................................................................................... 51
3. References for budget preparation:................................................................................. 51
4. References for IDS: .......................................................................................................... 52
5. References for Network Topology: .................................................................................. 52
6. References for Communication Links:.............................................................................. 52
Turnitin Originality Report........................................................................................................... 53
Supportive Documents ................................................................................................................ 54
Letter of Acceptance from Machhapuchchhre Bank Limited ................................................... 54
Proof of Budget estimation accuracy: ...................................................................................... 55
Cisco Small Business 101 Ethernet Broadband Router Price .................................................... 55
Belkin 250 ft. Cat. 5 UTP Patch Cable (A7J304-250-YLW) Price: ............................................... 56
Cisco 2800 Series IOS Enterprise Services Feature Pack:.......................................................... 57
Currency Conversion Source:................................................................................................... 58
Inspiron 531s (Includes 17" Widescreen Flat Panel Monitor) Price: ............................... 59
Fortinet FortiGate-50B Complete Content Protection Bundle Price: ....................................... 60
IBM System x3450 (794854X) Server ....................................................................................... 61
Microsoft Word 2007 Open License With Software Assurance................................................ 62
Amit Maharjan
ID: 1801T3080019 Page 4
Project on Machhapuchchhre Bank 2009
Introduction:
This is project on the Machhapuchchhre Bank of Nepal. It is one of the biggest banks in
Nepal with more that 30 branches. Due to the limitations of the course only the unique networks
comprising in the bank are included in this project.
Machhapuchchhre Bank Limited is one of the biggest commercial banks in Nepal. It was
registered in 1998 and became the first commercial bank to start banking business from rather
under developed western region of Nepal with head office in Pokhara.
After 11 years from the date of its establishment, it now has 30 branches in different parts
of the country with plans to establish 10 more branches very soon. It has 10 ATMs inside
Kathmandu valley only. It provides facility of mobile banking, internet banking and any branch
banking to its users.
The has been highly successful since its establishment and intends to use the latest
technology for better, comfortable and reliable service to its customers and management of the
networking, file management, communication between different branches of the bank. Hence,
according to its aim to serve the people of both urban and rural areas, it has plans to extend its
services in different rural as well as urban areas of the country. To meet this aim it is willing to
invest money and train its manpower for the introduction of new technology.
The aim of my project will be to pin point the most efficient, reliable and economical
technology for the achievement of the banks goals of serving rural as well as urban areas of the
country.
Amit Maharjan
ID: 1801T3080019 Page 5
Project on Machhapuchchhre Bank 2009
Acknowledgements
This project on Machhapuchchhre Bank is done following the guidelines of Network
Essentials (C1035) course guideline. This project is done for educational purpose only.
This project was a success with the help of many people. I would like to thank them for
helping me in the successful completion of this project. This project was not possible with the help
form my lecturer Mr. Ramji. I would like to specially thank him for helping me in this project. I
would like to thank employees in the IT department of Machhapuchchhre Bank for their
assistance and providing me valuable information about the computer network system of the
bank. I would like to thank Mr. Chaudary, IT Chief Machhapuchchhre Bank for helpful
suggestions. And of course I would like to thank all my friends for their support and help in
successful completion of this project.
Amit Maharjan
ID: 1801T3080019 Page 6
Project on Machhapuchchhre Bank 2009
Current System:
The bank uses centralized database system i.e. all its data are stored and processed by
main server in the corporate office. It uses the suitable technologies available in Nepal for making
its network reliable, efficient and economic. The bank uses optical fiber from Subushu (an ISP in
Nepal), VSAT (Very Small Aperture), and leased line from NTC (Nepal Communication
Corporation), cable network of Worldlink (an ISP in Nepal) according to the suitable situation. The
main connection in most branches is fiber optic cable. Cable and leased line are used in the
places where fiber optic is not available and VSAT is used where ISPs don’t provide any media of
physical wire communication like in remote areas of Jomsom. The bank currently uses only one
server, AIX server form IBM. It uses a firewall from Fortigate which also functions as an antivirus.
It uses the routers of CISCO and switches of various companies. The PCs in the bank are
branded PCs but from various providers. The bank uses star topology because it supports big
networks, is easy to troubleshoot and easily extendable. The bank has an 8 hour backup system
for all its system and 24 hour backup system for the server and related devices in corporate
office. The bank has an online backup system in an unknown remote location that is constantly
updated with changes in the main server. The backups all the data everyday on tapes, hard
drives after all the works of the day have been completed.
Amit Maharjan
ID: 1801T3080019 Page 7
Project on Machhapuchchhre Bank 2009
Problem Background:
The bank currently uses only one server and firewall for protection. Sub netting is not
implemented hence, a hacker can get access to the entire network if gets into one of the
branches computer. Due to these reasons there are several security holes in the network. The
bank is not protected against the theft of files from PCs directly. Although, all the corporate data is
stored in sever this is also a problem. Although the star topology used by the bank is reliable,
there is no acknowledgement of packets which makes the network less reliable. There is no
remote access system, bastion host, intrusion detection system and no proxy server.
Authentication of the user is done only by user name and password.
Amit Maharjan
ID: 1801T3080019 Page 8
Project on Machhapuchchhre Bank 2009
Objectives:
The aim of my project will be to pin point the most efficient, reliable and economical
technology for the achievement of the banks goals of serving rural as well as urban areas of the
country while fixing the security holes that exist in the system as well as to minimize them in the
future. The main objective will be to make the network more secure by implementing sub netting,
putting bastion host, proxy servers if needed. Cost is a major concern of every project; I will also
be using the most cost effective technology around for the implementation in network.
Amit Maharjan
ID: 1801T3080019 Page 9
Project on Machhapuchchhre Bank 2009
Network Architecture
WAN Diagram
The subushu company in Nepal provides optical fiber cable connection in pokhara,
Kathmandu (Bagbazar), lalitpur which can be used for intranet connection. Since, optical fiber is
the most preferred media of connection for long distances this is very good option for network
connection.
For remote location branch Jomshom, wireless satellite communication can be used
which will be expensive. VPN can also be implemented through the internet connection. Satellite
communication is beyond the scope of this course so it is not discussed in detail.
For disaster backup optical fiber connection provided by Subishu can be implemented.
I have assumed optical fiber connection from Subishu to be available in every required
location for the formation of this network.
Amit Maharjan
ID: 1801T3080019 Page 10
Project on Machhapuchchhre Bank 2009
Diagram for Corporate office:
Router : the router used in this figure is represents Cisco 2800 Series IOS Enterprise Services
Feature Pack for connection between branch offices, computer in corporate office and server.
Switch: the switches used are DSS-16+ 16-Port 10/100 Desktop Switch from D-link.
Computers: the computer used might be old computer or new Inspiron 531s (Includes 17"
Widescreen Flat Panel Monitor) from Dell.
Communication media: the communication media used for LAN is cat 5 UTP cable.
Bastion host: it is not necessary thus can be omitted. If it is applied in network this it would be
same as server i.e. IBM System x3450 (794854X) Server.
Media converter: represents appropriate media converter according to the media used.
Sub netting has been implemented in each switch in order to increase security.
Amit Maharjan
ID: 1801T3080019 Page 11
Project on Machhapuchchhre Bank 2009
Router : the router used in this figure is represents Cisco Small Business 101 Ethernet Broadband
Router for connection between branch offices nodes and server in corporate office.
Switch: the switches used are DSS-16+ 16-Port 10/100 Desktop Switch from D-link.
Computers: the computer used might be old computer or new Inspiron 531s (Includes 17"
Widescreen Flat Panel Monitor) from Dell.
Communication media: the communication media used for LAN is cat 5 UTP cable.
Media converter: represents appropriate media converter according to the media used.
Amit Maharjan
ID: 1801T3080019 Page 12
Project on Machhapuchchhre Bank 2009
Diagram for Disaster Backup:
Router : the router used in this figure is represents Cisco Small Business 101 Ethernet Broadband
Router for connection between branch offices nodes and server in corporate office.
Communication media: the communication media used for LAN is cat 5 UTP cable.
Backup Server: the backup server is IBM System x3450 (794854X) Server.
Media converter: represents appropriate media converter according to the media used.
Amit Maharjan
ID: 1801T3080019 Page 13
Project on Machhapuchchhre Bank 2009
Network Topology
Network topology describes physical arrangement of communication media and nodes in
a network. There are different types of network topology they are as follows:
1. Star topology
In this topology all the nodes are connected to a central node (central switch, hub
or host computer or concentrator) which provides connection to other nodes in the
network. It may either have a passive central node that does not prevent echo-related
problem or an active node which overcomes this drawback.
Disadvantages of Topology:
a. More expensive than bus topology.
b. Network failure will occur with problems in central device.
c. Network might be slowed down if the central device has capability to handle the
amount network traffic in the network.
Amit Maharjan
ID: 1801T3080019 Page 14
Project on Machhapuchchhre Bank 2009
2. Bus topology
This topology uses a backbone cable to which all the nodes are connected. It is good for
small network.
Amit Maharjan
ID: 1801T3080019 Page 15
Project on Machhapuchchhre Bank 2009
3. Ring Topology:
In this topology, there is a single circle of cable in which every node is connected with its adjacent
nodes (two nearest nodes) for data transmission. Ring topology may use any of FDDI, SONET or
Token Ring Technology. This topology is preferred in a large network and network comprising of
mainframe computer rather than micro computers.
Amit Maharjan
ID: 1801T3080019 Page 16
Project on Machhapuchchhre Bank 2009
Network adapter cards and MAU's are much more expensive than Ethernet cards
and hubs
Much slower than an Ethernet network under normal load
4. Mesh Topology:
All the computers in this topology are connected to multiple nodes. Simultaneous data
transfer between different nodes is possible in this topology.
Amit Maharjan
ID: 1801T3080019 Page 17
Project on Machhapuchchhre Bank 2009
The disadvantages of this network are:
It is very expensive due to massive wiring costs.
It is impossible to create a full mesh in a network consisting of many devices.
Network expansion is very difficult as well as expensive.
Amit Maharjan
ID: 1801T3080019 Page 18
Project on Machhapuchchhre Bank 2009
Communication Media:
The medium used for transmitting signals or data between computers is called
communication media or networking media. Broad range of communication media have been
developed to suite the diverse demands of computer networking. However, the goals of all these
media remains efficient, effective, and economic and error free transmission of data. These media
are categorized and priced according to the bandwidth they can provide, the maximum length
they can carry data without any loss in data, the technology they use, and type of interference that
disturbs data transmission in them. Following are the different types of communication media
according to the primary material they use for communication/material used for their construction:
All types of cable including twisted-pair cable, coaxial cable and fiber optic cable all can be found
in two grades:
Plenum
Plenum-grade cable also called plenum cable refers to the cable with a
protective layer or outer jacket made of fire retardant material such as: Teflon.
PVC
PVC-grade cables are the cables which have outer jacket made of non-
plenum – grade material such as: PVC (Polyvinyl Chloride). Materials made of PVC
are cheaper than plenum-grade materials however they produce poisonous gas when
set on fire.
The different types of communication media according to the technology they use are as follows:
1. Guided Media
a. Twisted Pair Cable
b. Coaxial cable
c. Fiber Optic cable
2. Unguided Media
a. Radio Technologies
b. Infrared technologies
c. Microwave technologies
d. Satellite microwave systems
Amit Maharjan
ID: 1801T3080019 Page 19
Project on Machhapuchchhre Bank 2009
Guided media
The means of communication that use cable for transmitting data between nodes
(refers to all the devices that can exist in a computer network such as: router, computer,
printer, etc.) is called guided media.
Figure 5 Twisted Pair Cable Figure 6 Twisted Pair Cable with RJ-45 connector
Amit Maharjan
ID: 1801T3080019 Page 20
Project on Machhapuchchhre Bank 2009
i. Unshielded twisted-pair cable (UTP)
It is the most widely used cable in network cabling (Ethernet networks) due to low cost
and relatively easy installation. The number of pairs of cables varies between two and four. This
type of cable has no insulation against signal degrading EMI (electro-magnetic interference) and
RFI (radio frequency interference) except the overall shield jacket for protection form external
interference and so solely depends on the noise cancellation effect produced by twists in the
cable to limit signal degradation produced by adjacent pairs. UTPs used in computer network with
four pairs use RJ-45 connector for connection interface and those used in home telephone
system with two pairs use RJ-11 connectors for connection interface.
Advantages of UTP:
i. It is cheaper than other communication media.
ii. It is easy to install and repair.
iii. It provides good data transmission in short distance networks.
Amit Maharjan
ID: 1801T3080019 Page 21
Project on Machhapuchchhre Bank 2009
Disadvantages of UTP:
i. It is more susceptible to crosstalk, EMI and RFI.
ii. It is not suitable for outdoor use and long distance networks.
No longer approved
CAT 4 20 Mbps Was used in 16 Mbps Token
Ring
Amit Maharjan
ID: 1801T3080019 Page 22
Project on Machhapuchchhre Bank 2009
Super-fast broadband
applications
Vendor recommended,
CAT 6 250 MHz
minimum required and most
popular cabling for new
installs
Full-motion video
Teleradiology
CAT 7 Required for 10 Gigabit
(ISO 1 GHz per pair with Ethernet (10GBASE-T)
Class F) Siemon connector Government and
manufacturing environments
Shielded system
Price from:
http://www.yourbroadbandstore.com/products/twisted-pair-cable.php (7/11/2009)
Amit Maharjan
ID: 1801T3080019 Page 23
Project on Machhapuchchhre Bank 2009
ii. Shielded twisted pair cable (STP)
It is similar to unshielded twisted pair cable except it has better insulation against
signal interference. Each pair of wire is wrapped in metallic foil to further reduce noise.
The four cables as a whole bundle are then wrapped in an overall metallic foil or braid.
With extra insulation STP reduce crosstalk (electrical noise produced by adjacent pairs)
and EMI as well as RFI. However, it is more than UTP cable and difficult to install as it
requires the metallic shielding to be grounded at both ends. Improper grounding can
result in more EMI and RFI due to the shield acting like an antenna catching unwanted
signals. It is generally used in areas more susceptible to EMI, RFI and relatively longer
distance network than possible to create by UTP.
Advantages of STP
i. It is less susceptible to EMI, RFI and crosstalk than UTP.
ii. It provides good data transmission in short distance networks.
iii. It is easy to install than other media.
Amit Maharjan
ID: 1801T3080019 Page 24
Project on Machhapuchchhre Bank 2009
Disadvantages of STP
i. It is more expensive than UTP.
ii. It is relatively hard to install and repair than UTP.
2. Coaxial cable
Coaxial cable consists of a single copper wire at the center surrounded by flexible
insulating material which is surrounded by braided wire and finally an outer cover/jacket
surrounds the braided wire. This heavy insulation allows the coaxial cable to transmit data
for longer distances (200m-500m) without signal boosters (repeaters). However, this
extra insulation makes coaxial cable heavy and thick which makes it hard to install. Either
end of the coaxial cable need to be connected with BNC (Bayonet Neill-Concelman)
connectors. Coaxial cable is cheaper than fiber optic cable and supports longer distance
network than twisted pair cable but it needs to be grounded for better data transmission
and is more expensive than twisted pair cable. There are two types of coaxial cable:
Amit Maharjan
ID: 1801T3080019 Page 25
Project on Machhapuchchhre Bank 2009
a. Thin coaxial cable/10Base2 (Thinnet)
Advantages of 10Base2:
i. It is thinner than 10Base5 hence easier to install.
ii. It is resistant to EMI and RFI.
iii. It is cheaper than 10Base5
Disadvantages of 10Base2:
i. It can transmit data to up to 200m only.
Advantages of 10Base:
i. It is resistant to EMI and RFI.
ii. It can transmit data for longer distance (500m).
Disadvantages of 10Base:
i. It does not bend easily
ii. It is hard to install.
Amit Maharjan
ID: 1801T3080019 Page 26
Project on Machhapuchchhre Bank 2009
c. Fiber Optic cable
Fiber optics is long strands made from pure glass or sometime plastic having
diameter similar to human hair. Optical cables are the optical fibers arranged in bundles
which are used to transmit signals in the form of light over long distances. Optical fibers
are made of following parts:
i. Core – this is the center of optical fiber through which light travels. Its main function is
transmission of light signals.
ii. Cladding – this is outer optical material which surrounds the core and its main
function is to reflect the light back into the core.
iii. Buffer coating – this is made of plastic and functions to protect the fiber from moisture
and damage.
Many (100s) of these optical fibers are bundled into optical cables along with Kevlar
reinforcing material. These are protected by jacket, the outer covering of the cable. There
are two types of optical fibers:
Amit Maharjan
ID: 1801T3080019 Page 27
Project on Machhapuchchhre Bank 2009
i. Single-mode fibers : used for long distance network, have small cores, uses
laser light, transmits only one light wave at a time
ii. Multi-mode fibers : used for shorter distance network, have larger cores, uses
LED
Advantages:
i) Signal Disturbance - No disturbance from EMI (Electro Magnetic Interference) and
RFI.
ii) Data Transmission - Extremely fast data transmission.
iii) Security - Adds to the security of the network because it is difficult to trap signals
flowing through them.
iv) Network Stability - Very stable network.
v) Bandwidth – they provide the highest range of bandwidth available in the world.
vi) Repeater - Possible to connect networks over long distances with fewer repeaters
(much less than other cables).
vii) Cost - Cheaper than other cables when used in networks running several miles of
cable.
Disadvantages:
i) Implementation - Difficult to implement in a network.
ii) Cost - Very high installation, maintenance cost and labor cost.
iii) Requires expensive extra media converter device at both ends of the network.
iv) Not suitable to be used in small network or in LAN.
Amit Maharjan
ID: 1801T3080019 Page 28
Project on Machhapuchchhre Bank 2009
Unguided Media:
The wireless technologies are categorized as unguided media. They are generally used
where it is difficult to install cables. Following are different types of unguided media:
1. Radio Technologies:
In this technology, the radio signal (waves with very short wavelength) are used in transmit
signals in single or multiple directions. They are good for short range line of sight transmissions
so are frequently used for networks in portable computers. This technology saves money where it
is difficult and expensive to install cables. This also provides much better mobility in networked
devices. However, the disturbance in these networks is high. They are used in radio stations,
emergency alarming systems, etc.
Amit Maharjan
ID: 1801T3080019 Page 29
Project on Machhapuchchhre Bank 2009
2. Infrared technologies:
They use infrared light for data transmission. LED is used as source to transmit signal
and photo diode to receive signals. Signals in this technology are in high frequency range
which enables them to give good output. They are used in remote controller of TV, VCD,
DVD, etc. However, they have following drawbacks:
i. Signals cannot penetrate through solid opaque objects such as: walls or objects.
ii. Signals are diluted by light source.
3. Microwave Technologies
There are two types of microwave technologies:
Amit Maharjan
ID: 1801T3080019 Page 30
Project on Machhapuchchhre Bank 2009
1. Routers
Router is a host or node with multiple interfaces to the network. It works at the network
layer (layer 3) of the OSI model. It acts like traffic in a busy road showing the path to destination
to each packet that arrives at it. Router can distinguish packet by source and destination address
and by protocol type. The ability to distinguish packets by protocol can be used to add security to
the network by configuring the router such that it drops the packets using particular type of
protocol (termed packet filtering). For e.g. not allow packets using FTP (File Transfer Protocol).
Routers can dynamically gather information about other devices and routers in the network and
determine the shortest path for a packet using special algorithms. Routers can be separate
hardware or a computer with special network software installed in it .For every packet that arrives
at a router it takes following procedures for that packet:
Advantages of Routers:
i. It can connect different networks using different physical media and architecture.
ii. It can determine the best path for every packet.
iii. It can reduce network traffic and bandwidth consumption by dropping invalid packets.
Amit Maharjan
ID: 1801T3080019 Page 31
Project on Machhapuchchhre Bank 2009
iv. It can add to network security by packet filtering.
Disadvantages of router:
i. It is expensive than bridge or repeater.
ii. It doesn’t work with protocols that are not routable.
iii. As they perform complex calculations on packets, they are slower than bridge.
Hub is similar to switch except that it broadcasts the data to all the nodes in the network
which creates a security hole in network and leads to inefficient network. The data sent to one
Amit Maharjan
ID: 1801T3080019 Page 32
Project on Machhapuchchhre Bank 2009
receiver can be received by another node also. The nodes must wait the for data transmission
to complete before they send their data. Both switch and hub work at the data link layer (layer
2) of the OSI model. There are three main types of hubs:
3. Bridge
A Bridge is a device that connects multiple network segments i.e. different LANs. Bridge
can is bridge is capable to join different networks. It works at physical and data link layer
(layer 2) of OSI model. It works on the basis of hardware address (MAC address). It helps to
connect different LANs without having to set up IP address for nodes.
Amit Maharjan
ID: 1801T3080019 Page 33
Project on Machhapuchchhre Bank 2009
Advantages of Bridge
i. They are cheaper than routers
ii. They are transparent to protocols above the MAC layer
iii. It helps effective usage of bandwidth i.e. minimize bandwidth usage
iv. They don’t need to be configured manually
Disadvantages of Bridge
i. Bridging of different MAC protocols can cause errors.
ii. Not suitable for extremely large networks
iii. They are more expensive and slower than repeaters as they read MAC addresses.
iv. Buffering can cause store and forward delays.
Amit Maharjan
ID: 1801T3080019 Page 34
Project on Machhapuchchhre Bank 2009
4. Modem
Amit Maharjan
ID: 1801T3080019 Page 35
Project on Machhapuchchhre Bank 2009
Some modern modems allow computer to perform extra functions such as: auto-
answering incoming calls, do voice mail, send and receive fax, etc.
5. Gateway
Gateway is a device used to connect two networks using different data formats or
network architecture for e.g. AppleTalk and TCP/IP. They are capable of translating TCI/IP to
AppleTalk. Most of the Gateway operates all seven layers of OSI model. A gateway should
understand the protocols used by each network linked with router. They can be implemented
in hardware, software or both. They are sometimes a feature in routers.
Amit Maharjan
ID: 1801T3080019 Page 36
Project on Machhapuchchhre Bank 2009
6. Repeaters
Figure 24 a Repeater
In a large network a single cable is not capable of transmitting data due to loss in signal over
long distance by attenuation, etc so device must be used to amplify the signals. The devices
used for this purpose are called repeaters. They require short period of time to regenerate
which can cause propagation delay. Repeats cannot do any other function beside signal
regeneration. They are used exclusively in networks covering long distances. They are
available for all types of guided communication media. They work at physical layer of OSI
model.
Advantages of Repeaters
i. It allows creating networks separate by longer distance networks as well as expansion
of networks.
ii. It allows connection of different media
Disadvantages of Repeaters
i. Too many repeaters can cause problems networks.
ii. It doesn’t help to ease congestion problem.
The types of network – Separate NICs are needed for different network systems like
Ethernet LANs, Fiber Distributed Data Interface (FDDI), Token Ring, etc. Hence,
appropriate NIC should be chosen.
Amit Maharjan
ID: 1801T3080019 Page 37
Project on Machhapuchchhre Bank 2009
The type of media – port or connector available in NIC is media specific for e.g.
twisted-pair cable, coaxial cable, optical fiber cable, and wireless.
The type of system bus – PCI (Protocol Control Information) slots perform faster than
ISA (Industry-Standard Architecture).
8. RJ-45 Connector
It is used very often in LANs to terminate UTP cables and provide an interface for
connection to different networking and internetworking devices.
Amit Maharjan
ID: 1801T3080019 Page 38
Project on Machhapuchchhre Bank 2009
Network Security
Network security involves all the efforts made by a network owner (company) to protect its
computer system, ongoing usability of assets and the integrity and continuity of operations.
When it comes to providing security to a network there are many things to consider. The level
security of network can be categorized as follows:
i. Physical Security
For a network to be secure first of all the network and internetworking devices should be
in secure location and communication media should be secure. It does not make any
difference no matter how much hard it is to hack a network if a person can cut the man
backbone cable of you network or destroy the communication device or simply connect into
one of your internetworking devices. So, the all the communication devices and computer
including servers, routers, etc should be in secure location. The people who have access to
these locations should be few and appropriate authorization systems must be implemented to
access such a location. There must have proper defense against fire, harsh environment
conditions, natural disasters, etc.
Amit Maharjan
ID: 1801T3080019 Page 39
Project on Machhapuchchhre Bank 2009
a. Firewalls
Firewalls are the most widely used network protection systems. Firewalls come in both
hardware and software or as combination of both. They need timely updates in the rule set
and software based on new threats and working environments. They are configured by
related person and work on the basis of these predefined rules to allow packets to enter the
network or to destroy them. A good analogy would be a school gate keeper who lets in any
one with student or staff id but stops everybody else from entering school premises when
instructed to do so. A network is configured in such a way that all the packets that come into
and go out of the network passes through the firewall. Firewalls cannot distinguish if the
packets are from intruders or from an authorized person, they simply check all the packets
that pass through them with the predefined rules and act accordingly. They are a very
important par of network security system comprising of IDS, Anti-virus, Security policy, user
authentication system, etc. There are various types of firewalls each with different advantages
and disadvantages. However, none of the firewalls can protect the network from threats and
attacks that are already inside the network. Different types of firewalls are as follows:
a) Packet filtering
It works at network layer (layer 3) of the OSI model. These maintain two separate lists:
permit list and deny list. All the packets are tested with both the lists and appropriate
action is taken. It uses either source and destination address or outgoing port to make the
decision. They are mostly used by SOHO (Small Office Home Office). These firewalls are
found as default firewalls in operating systems as well as some routers. It is appropriate
to be used in networks that demand high speed and less concern about user
authentication for network resource use.
Amit Maharjan
ID: 1801T3080019 Page 40
Project on Machhapuchchhre Bank 2009
i. Stateless firewalls:
Make decisions based entirely on packet headers and are not concerned with state of
connection between nodes.
Advantages
Works with less memory
Faster performance
Disadvantages
They cannot make any decisions based on connection session.
Advantages
They provide more security than stateless firewall
It has logging and tracking facilities
Disadvantages
Complexity and difficulty arise in packet filtering.
Amit Maharjan
ID: 1801T3080019 Page 41
Project on Machhapuchchhre Bank 2009
make decisions based on specific content. They can be a bottle neck in a high speed
network due to their requirements of massive processing power.
c) Proxies
Proxy firewall acts as a middle person between the two nodes i.e. server and client and
always makes the request itself on behalf of the other rather than allowing direct
communication. This gives the advantages of checking the packets even before it reaches
destination. They are made specifically to work with certain protocols so they are capable of
analyzing packets deeply. If a protocol used in network is not supported by proxy then generic
proxy, the proxy that has added functionality to can make decisions based on packet header
(similar to packet filtering firewall) must be used.
Advantages of proxy
By performing protocol-aware security analysis they provide much better network
security.
Network discovery - Network discovery for the outside world is made very difficult
as they only receive packets from proxy on behalf of server.
Provides ease to identify method of attack.
Disadvantages of proxy
Protocol incompatibility - Not all protocols are compatible with proxies.
Slower performance - The middle man work of proxy slows down the network
performance as it would provide better speed if the communication between the
nodes was direct.
VPN (Virtual Private Network) can face problems with proxies.
Configuration - They are difficult to configure.
Amit Maharjan
ID: 1801T3080019 Page 42
Project on Machhapuchchhre Bank 2009
d) Network Address Translation Firewall (NAT firewall)
They provide network security by hiding the internal network address from
outside world as they change the address of packets that flow through them. It allows
connection of more devices to the network through single public IP. It provides least
security as it is not capable of checking packets at all. They are built into many routers
nowadays.
Amit Maharjan
ID: 1801T3080019 Page 43
Project on Machhapuchchhre Bank 2009
b. Intrusion Detection Systems (IDS)
It is hardware or software of combination of both which is designed specially to
detect UN wanted attempts of accessing, manipulating, and/or disabling of computer
systems through a network. It can works on the basis of predefined rules to detect a
suspicious pattern in network activity. They require occasional updates. IDS can be a
passive system which detects the intrusion, logs information and alarms about the
intrusion or it can be reactive system (also known as Intrusion Prevention System) which
detects intrusion, logs information and reprograms firewalls to block the suspicious
network traffic or block the user. The main purpose of IDS is misuse detection and
anomaly detection and to alarm about the intrusion. They can detect threat or attacks
operating inside the network. There are many types of IDS. They are as follows:
Advantages of NIDS
They can be completely hidden from network devices.
It has the capability of monitoring traffic in large number of threat targets.
Disadvantages of NIDS
Cannot examine encrypted traffic.
Capable of detection only if threat matches pre-configured rules.
Can miss network traffic if the network is very busy.
Not capable of determining the success state of attack.
Amit Maharjan
ID: 1801T3080019 Page 44
Project on Machhapuchchhre Bank 2009
Besides Firewalls and Intrusion Detection System, there are types of software and
hardware available in the market that protect computers i.e. PCs, MACs, etc from threats like
viruses (small programs designed to take control of target computer, disable certain functions
in the target system, corrupt data in the target, etc. can be eliminated by using Anti-virus
software such as Kaspersky, etc.), malwares, spywares, SPAM, etc. All these threats only
work on a specific system specially PCs and not servers because they are targeted at very
large group of people.
Also, the security measure of authentication of employee or user before accessing the
network must be implemented. For authentication, strong username and password,
biometrics systems (for e.g. Finger print scan, iris scan, palm scan, etc) or smart cards can be
implemented. While using the authentication system, it should be based on the following
principles:
Communication Links
For connection of computers in a network communication links are must. For connection
of computers to WAN, optical fiber networks appropriate communication links are required and
common protocols used in networks must be used such as: TCP/IP (for internet connection),
FDDI (for networks using fiber optic cable), Token Ring (for networks in Star Topology), Ethernet
(for common LAN using UTP), etc. Also IP address should be given to every device/node in the
network for identification in the network.
Amit Maharjan
ID: 1801T3080019 Page 45
Project on Machhapuchchhre Bank 2009
b. Ethernet:
It is the most widely used protocol of all. It uses CSMA/CD (Carrier Sense
Multiple Access/Collision Detection) as access method. In this system, a sender listens to
the media before sending any data. If the path is clear the data is transmitted otherwise
the computer waits random period of time and attempts to retransmit. Collision of data is
normal with this access method. Ethernet protocol allows functioning of linear bus, star
topologies over guided media and wireless access points from speed of 10 Mbps up to
1000Mbps.
c. Token Ring:
It is an access method that involves token-passing. In token ring, a logical ring is
created such that data travels (single token carrying data) around the network from node
to node. In this access method, a computer has to wait for token for transmitting data. If
the token it received is free it puts data in it and sends it to another computer. The token
passes through each node until it finds the destination node which receives data. If it
wants to transmit data then it sends data otherwise it releases the token to the ring i.e.
transfer it to another node. It is capable of data transmission at 4 Mbps or 16 Mbps.
e. IP address:
Internet Protocol (IP) address is a numerical identification and logical address
given to all the nodes/devices connecting in a computer network using Internet Protocol
for data transmission for e.g. computer connected to internet. The role of IP address is
well defined as follows: “A name indicates what we seek. An address indicates where it
is. A route indicates how to get there.”
Amit Maharjan
ID: 1801T3080019 Page 46
Project on Machhapuchchhre Bank 2009
Budget Estimation:
Approximate Budge for four 4 branches and corporate office:
$308. 1 $309
Amit Maharjan
ID: 1801T3080019 Page 47
Project on Machhapuchchhre Bank 2009
Microsoft Word 63 /S$452.376
2007 Open License
With Software
Assurance
Total $33871/S$49637.9505
Amit Maharjan
ID: 1801T3080019 Page 48
Project on Machhapuchchhre Bank 2009
Conclusion:
This is the proposed network system upgrade for Machhapuchchhre Bank. The
implementation of Star Topology in LAN will make the computer maintenance and addition and
removal very easy. The implementation of sub netting will further enhance the security of the
bank’s network. The use of optical fiber cable based network with other backup communication
will make the network very reliable. The use of firewall will enhance security system of the bank.
The implementation of Host bases IDS on server as far as possible will provide much security to
the database of the bank. With the use of above discussed networking and internetworking
devices, communication media, protocols in the manner given in the network diagrams as
discussed in diagram explanation will make the network implementation successful and add to
security and reliability of network as well as it will allow for very large networks using fiber optics
(or satellite communication if possible).
Amit Maharjan
ID: 1801T3080019 Page 49
Project on Machhapuchchhre Bank 2009
1. References on Images:
1. Fig 1(Star Topology):
http://ca.htc.mnscu.edu/ne/custom_curriculum/ch3/3_2_4/index.html
2. Fig 2(Bus Topology):
http://ca.htc.mnscu.edu/ne/custom_curriculum/ch3/3_2_3/index.html
3. Fig 3(Ring Topology): http://ca.htc.mnscu.edu/ne/custom_curriculum/ch3/3_2_5/index.html
4. Fig 4(Mesh Topology): http://ca.htc.mnscu.edu/ne/custom_curriculum/ch3/3_2_6/index.html
5. Fig 5,6,7,8: (all Twisted Pair Cable images):
http://ca.htc.mnscu.edu/ne/custom_curriculum/ch3/3_3_3/index.html
6. Fig 9(Coaxial Cable):
http://ca.htc.mnscu.edu/ne/custom_curriculum/ch3/3_3_2/index.html
7. Figure 10 Fiber Optic Cable:
http://ca.htc.mnscu.edu/ne/custom_curriculum/ch3/3_3_4/index.html
8. Figure 11 Radio Technologies:
http://www.iritel.bg.ac.yu/iritel/english/services/engineering/pictures/Radio-inz.jpg
9. Figure 12 A Infrared Communication Device:
http://www.inqvision.net/eng_portfolio_content6.htm
10. Figure 13 Application of Router & other router images:
http://ca.htc.mnscu.edu/ne/custom_curriculum/ch3/3_4_3/index.html
11. Figure 14 Cisco Switch & Figure 15 Application of Switch:
http://ca.htc.mnscu.edu/ne/custom_curriculum/ch3/3_4_2/index.html
12. Figure 16 Application of Hub & Figure 17 Cisco Hub:
http://ca.htc.mnscu.edu/ne/custom_curriculum/ch3/3_4_1/index.html
13. Figure 18 Application of Bridge & other bridge image:
http://ca.htc.mnscu.edu/ne/custom_curriculum/ch3/3_4_2/index.html
14. Figure 20 Working of Modem:
http://ca.htc.mnscu.edu/ne/custom_curriculum/ch3/3_5_2/index.html
15. Figure 21 Optical Modem:
http://img.hisupplier.com/var/userImages/btide/20071024/161228.jpg
16. Figure 22 A Cable Modem:
http://www.cablemodems.com/images/products/21012009115129SURFboard%C2%AE%20C
able%20Modem%20SB4100motorola_sb4100.gif
17. Figure 23 A 56kbps Dial Up Modem:
http://www.ezlister.net/Images/EZ5/56K%20Modem%20Upgrade.jpg
18. Figure 24 A Repeater:
http://www.femareps.com/network/trcf01.jpg.jpg
19. Figure 25 RJ-45 Connector:
Amit Maharjan
ID: 1801T3080019 Page 50
Project on Machhapuchchhre Bank 2009
http://www.bb-elec.com/images/EthernetRJ45A.gif
20. Figure 26 A firewall device form Cisco:
http://newsroom.cisco.com/new_images/4250-enhanced.jpg
Amit Maharjan
ID: 1801T3080019 Page 51
Project on Machhapuchchhre Bank 2009
4. IBM Server Price: http://www4.shopping.com/-ibm+system+x3450++price
5. Cisco Router Image (Cisco Small Business 101 Ethernet Broadband Router):
http://www.amazon.com/Cisco-Secure-Broadband-Router-CISCOSB101-
K9/dp/B0009X0CI8
6. Cisco Router Price (Cisco Small Business 101 Ethernet Broadband Router):
http://www.alliancedatacom.com/Cisco-SB-100-Series.asp
7. Dell Computers Price and Image:
http://www.dell.com/us/en/home/desktops/inspndt_531s/pd.aspx?refid=inspndt_531s&s=
dhs&cs=19&ref=dthp
8. Office 2007 Price:
http://www.nextag.com/Microsoft-Word-2007-Open-3589417/prices-
html?nxtg=882a0a280503-26F9846608281405
9. Switch from D-link: http://www.dlink.com/products/?pid=71
10. Fotrigate 50B Price and Image: http://www.avfirewalls.com/FortiGate-50B.asp
Amit Maharjan
ID: 1801T3080019 Page 52
Project on Machhapuchchhre Bank 2009
http://en.wikipedia.org/wiki/IP_address
Also the class notes given by teacher and course guides of C1035 (Network Essentials) and
C1054 (Network Security) for this term have been used.
Amit Maharjan
ID: 1801T3080019 Page 53
Project on Machhapuchchhre Bank 2009
Supportive Documents
Amit Maharjan
ID: 1801T3080019 Page 54
Project on Machhapuchchhre Bank 2009
Proof of Budget estimation accuracy:
Amit Maharjan
ID: 1801T3080019 Page 55
Project on Machhapuchchhre Bank 2009
Belkin 250 ft. Cat. 5 UTP Patch Cable (A7J304-250-YLW) Price:
Amit Maharjan
ID: 1801T3080019 Page 56
Project on Machhapuchchhre Bank 2009
Cisco 2800 Series IOS Enterprise Services Feature Pack:
Amit Maharjan
ID: 1801T3080019 Page 57
Project on Machhapuchchhre Bank 2009
Currency Conversion Source:
Amit Maharjan
ID: 1801T3080019 Page 58
Project on Machhapuchchhre Bank 2009
Inspiron 531s (Includes 17" Widescreen Flat Panel Monitor) Price:
Amit Maharjan
ID: 1801T3080019 Page 59
Project on Machhapuchchhre Bank 2009
Fortinet FortiGate-50B Complete Content Protection Bundle Price:
Amit Maharjan
ID: 1801T3080019 Page 60
Project on Machhapuchchhre Bank 2009
IBM System x3450 (794854X) Server
Amit Maharjan
ID: 1801T3080019 Page 61
Project on Machhapuchchhre Bank 2009
Microsoft Word 2007 Open License With Software Assurance
Amit Maharjan
ID: 1801T3080019 Page 62