PROJECT 1 –Exploring network

Objective:
1. To study the existing network infrastructure
2. To explore the current trends of networking
Instruction:
1. Each group should consist maximum of 4 members.
2. Study the tasks below and write a documentation required for the
assessment mechanism.
Tasks:
1. Each group need to select a private or government company/agency as
your case study location.
2. You are required to gather information about the existing network
infrastructure and operation including cabling structure (e.g. fiber, UTP
Cat6 etc.), network security system (e.g. firewall, IDS etc.) and other
supported system such as e-mail services, payroll system, finance, Internet
services and other related systems.
3. Then, you need to analyse all information that has been gathered by
following the strength, weaknesses, opportunities and threat (SWOT)
analysis. You should identify the SWOT based on current network
implementation and configuration.
4. From the SWOT analysis result, you are required to give some
suggestions and recommendations to improve the existing network and
system in that company.
5. Snap some pictures and include in the report.
6. Write your report in journal format consist of the following items:
a. Person-in-contact, contact number, email, position
b. Introduction
c. Company background
d. Existing network implementation
e. SWOT analysis
f. Network improvement recommendation
g. Conclusion
h. References

7. Appendix
i. Resume of each group member including roles played in
this project
ii. Diagrams (if applicable)
iii. Evidences (photographs)

1
 TABLE OF CONTENTS

1.0 : Task
1.1 Project 1 – Exploring Network
2.0 : Table of Contents
3.0 : Person-in-contact, contact number, e-mail, position
4.0 : Introduction
5.0 : Company Background
6.0 : Existing Network Implementation
7.0 : SWOT Analysis
8.0 : Conclusion
9.0 : References
10.0Appendix
10.1: Resume of each member including roles played in this project
10.2Diagrams (if applicable)
10.3Evidences (photographs)

2
 PERSON-IN-CONTACT, CONTACT NUMBER,
EMAIL, POSITION
We’ve arrived the Malaysia Airport around 9 o’clock. When we arrived, we meet
Puan Jasmin. She takes us to the guard then we leave our student card there and take the
visitor pass. Then, we are introducing to Encik Azman b. Mohd Zain. He take us to the IT
department and meet the senior IT executive that is Encik Nor Aizam Mohd Nor. Encik
Aizam had explain to us about their network system.

Person-in-contact: Encik Nor Aizam Mohd Nor

Contact number: 03-78466539
Email: noraizam@malaysiaairport.com.my
Position: Senior IT executive

Figure : IT Executive, Mr. Aizam with us from left (Raidah,Afifah,Mr.Aizam,

Nazirah,Nadiah)

INTRODUCTION
3
Data communication and networking

A computer network is a group of interconnected computers. Networks may be

classified according to a wide variety of characteristics. This article provides a general
overview of some types and categories and also presents the basic components of a network.

A network is a collection of computers and devices connected to each other. The

network allows computers to communicate with each other and share resources and
information. The Advance Research Projects Agency (ARPA) designed "Advanced Research
Projects Agency Network" (ARPANET) for the United States Department of Defense. It was
the first computer network in the world in late 1960's and early 1970's.

Network classification

• Connection method

Computer networks can also be classified according to the hardware and

software technology that is used to interconnect the individual devices in the network,
such as Optical fiber, Ethernet, Wireless LAN, HomePNA, or Power line
communication.

Ethernet uses physical wiring to connect devices. Frequently deployed devices

include hubs, switches, bridges and/or routers.

Wireless LAN technology is designed to connect devices without wiring. These

devices use radio waves or infrared signals as a transmission medium.

• Scale

Based on their scale, networks can be classified as Local Area Network

(LAN), Wide Area Network (WAN), Metropolitan Area Network (MAN), Personal
Area Network (PAN), Virtual Private Network (VPN), Campus Area Network (CAN),
Storage Area Network (SAN), etc.

• Functional relationship (network architecture)

Computer networks may be classified according to the functional relationships

which exist among the elements of the network, e.g., Active Networking, Client-
server and Peer-to-peer (workgroup) architecture.

• Network topology

Computer networks may be classified according to the network topology upon

which the network is based, such as bus network, star network, ring network, mesh

4
 network, star-bus network, tree or hierarchical topology network. Network topology
signifies the way in which devices in the network see their logical relations to one
another. The use of the term "logical" here is significant. That is, network topology is
independent of the "physical" layout of the network. Even if networked computers are
physically placed in a linear arrangement, if they are connected via a hub, the network
has a Star topology, rather than a bus topology. In this regard the visual and
operational characteristics of a network are distinct; the logical network topology is
not necessarily the same as the physical layout. Networks may be classified based on
the method of data used to convey the data, these include digital and analog networks.

Types of networks

• Personal area network

A personal area network (PAN) is a computer network used for communication

among computer devices close to one person. Some examples of devices that are used
in a PAN are printers, fax machines, telephones, PDAs and scanners. The reach of a
PAN is typically about 20-30 feet (approximately 6-9 meters), but this is expected to
increase with technology improvements.

• Local area network

A local area network (LAN) is a computer network covering a small physical

area, like a home, office, or small group of buildings, such as a school, or an airport.
Current LANs are most likely to be based on Ethernet technology. For example, a
library may have a wired or wireless LAN for users to interconnect local devices (e.g.,
printers and servers) and to connect to the internet. On a wired LAN, PCs in the
library are typically connected by category 5 (Cat5) cable, running the IEEE 802.3
protocol through a system of interconnected devices and eventually connect to the
Internet. The cables to the servers are typically on Cat 5e enhanced cable, which will
support IEEE 802.3 at 1 Gbit/s. A wireless LAN may exist using a different IEEE
protocol, 802.11b, 802.11g or possibly 802.11n. The staff computers (bright green in
the figure) can get to the color printer, checkout records, and the academic network
and the Internet. All user computers can get to the Internet and the card catalog. Each
workgroup can get to its local printer. Note that the printers are not accessible from
outside their workgroup. All interconnected devices must understand the network
layer (layer 3), because they are handling multiple subnets (the different colors).
Those inside the library, which have only 10/100 Mbit/s Ethernet connections to the
user device and a Gigabit Ethernet connection to the central router, could be called
"layer 3 switches" because they only have Ethernet interfaces and must understand IP.
It would be more correct to call them access routers, where the router at the top is a
distribution router that connects to the Internet and academic networks' customer
access routers.

The defining characteristics of LANs, in contrast to WANs (wide area

networks), include their higher data transfer rates, smaller geographic range, and lack

5
 of a need for leased telecommunication lines. Current Ethernet or other IEEE 802.3
LAN technologies operate at speeds up to 10 Gbit/s. This is the data transfer rate.
IEEE has projects investigating the standardization of 100 Gbit/s, and possibly 400
Gbit/s.

• Campus area network

A campus area network (CAN) is a computer network made up of an

interconnection of local area networks (LANs) within a limited geographical area. It
can be considered one form of a metropolitan area network, specific to an academic
setting.

In the case of a university campus-based campus area network, the network is

likely to link a variety of campus buildings including; academic departments, the
university library and student residence halls. A campus area network is larger than a
local area network but smaller than a wide area network (WAN) (in some cases).

The main aim of a campus area network is to facilitate students accessing

internet and university resources. This is a network that connects two or more LANs
but that is limited to a specific and contiguous geographical area such as a college
campus, industrial complex, office building, or a military base. A CAN may be
considered a type of MAN (metropolitan area network), but is generally limited to a
smaller area than a typical MAN. This term is most often used to discuss the
implementation of networks for a contiguous area. This should not be confused with a
Controller Area Network. A LAN connects network devices over a relatively short
distance. A networked office building, school, or home usually contains a single LAN,
though sometimes one building will contain a few small LANs (perhaps one per
room), and occasionally a LAN will span a group of nearby buildings. In TCP/IP
networking, a LAN is often but not always implemented as a single IP subnet.

• Metropolitan area network

A metropolitan area network (MAN) is a network that connects two or more

local area networks or campus area networks together but does not extend beyond the
boundaries of the immediate town/city. Routers, switches and hubs are connected to
create a metropolitan area network.

• Wide area network

A wide area network (WAN) is a computer network that covers a broad area
(i.e. any network whose communications links cross metropolitan, regional, or
national boundaries [1]). Less formally, a WAN is a network that uses routers and
public communications links [1]. Contrast with personal area networks (PANs), local
area networks (LANs), campus area networks (CANs), or metropolitan area networks
(MANs), which are usually limited to a room, building, campus or specific
metropolitan area (e.g., a city) respectively. The largest and most well-known example

6
of a WAN is the Internet. A WAN is a data communications network that covers a
relatively broad geographic area (i.e. one city to another and one country to another
country) and that often uses transmission facilities provided by common carriers, such
as telephone companies. WAN technologies generally function at the lower three
layers of the OSI reference model: the physical layer, the data link layer, and the
network layer.

COMPANY BACKGROUND
7
 Sultan Abdul Aziz Shah Airport, LTSAAS formerly Subang International Airport
often called Subang Airport, is located in Subang Airport, is an airport located in Subang,
Malaysia and primarily serves general aviation and some turboprop domestic flights.
Although plans existed to convert the airport into a low-cost carrier hub, the change was
opposed by Subang Jaya residents. Until the 1998 opening of the Kuala Lumpur International
Airport (KLIA) in Sepang, the Subang International Airport then served as Kuala Lumpur’s
primary airport. Subang Airport is currently the hub for Berjaya Air and Firefly.

The airport officially was opened to traffic on August 30th, 1965, and had the longest
runway (3.7km long, 45m wide- runway 15-33) in Southeast Asia. By the 1990s, the airport
had three terminals, Terminal 1 for the International flights, Terminal 2 for Singapore to KL
shuttle flights by Singapore Airlines and Malaysia Airlines, and Terminal 3 for domestic
flights. Toward the end of service, the airport suffered at least two major fires that forced
traffic to be diverted to other airports. By the end of 1997, Subang Airport handled 15.8
million passengers.

In July 2002, AirAsia began flying from KLIA, and in 2004, AirAsia considered
utilizing the airport as a primary hub in Malaysia. However, the plan was rejected and the
Malaysian government now plans to turn the airport into an international conference centre.
Since Firefly started operations in the airport, AirAsia has been lobbying the government to
allow AirAsia to use Subang Airport. As of December 2007, the government still maintains
its policy of only allowing general aviation and turbo-prop flights out of Subang Airport.

Currently, the airport serves as Berjaya Air's main gateway to several Malaysian
holiday destinations, including Pulau Tioman. Transmile Air Services a national cargo carrier
chose Subang Airport as their main cargo operation center, Several companies offer chartered

8
flights and helicopter services from the airport. A number of flying clubs are also located at
Sultan Abdul Aziz Shah airport, the most famous of these being Subang Flying Club, Elite
Flying Club, Eurocopter(An EADS Company), ESB Flying Club(Eurodynamic Sdn Bhd).
With Eurocopter, the airport servers as a maintenance and support facility for Malaysian
Maritime Enforcement Agency helicopters.

Malaysia Airline's subsidiary Firefly has been granted approval by the Malaysian
Government to utilise the airport for turboprop flights. MAS Aerospace, a subsidiary of
Malaysia Airlines, operates a maintenance, repair and overhaul center at the airport for
Malaysia Airline's aircraft and third party aircraft. Apart from that, Sultan Abdul Aziz Shah
Airport was to be a hub for Global Flying Hospitals, but the humanitarian medical charity
made the decision to close down Malaysian Operations, stating that the elements to make the
correct formula for the GFH model were not present.

Terminal 3 Transformation Plan

On 4 December 2007, Subang SkyPark Sdn Bhd announce a RM 300 million plan to
transform the Terminal 3 building into an ultra-modern general and corporate aviation hub.
The plan includes upgrading the terminal, creation of regional aviation center and finally the
establishment of a commercial nexus. Under an agreement with Malaysia Airports, Subang
Skypark will serve private aviation while Malaysia Airports will serve Berjaya Air and
Firefly Airlines. Subang Skypark recently signed a lease agreement with Malaysia Airports
for the land in the Airport in Langkawi.

On the next day, VistaJet, a business jet service provider, has announced that it will
use the airport as a base of operations in Malaysia. It has chosen Terminal 3, which is being
operated by Subang Skypark to be the hub in Asia. The operator announce that construction
works for a 9000 square feet, five star executive lounge begins in February 2008. The
construction works was awarded to ArcRadius Sdn Bhd. It is expected that the lounge works
will be done by end of March 2008. The transformation plans also calls for a construction of
two 42 meters by 47 meters maintenance, repair and overhaul hangars and ten 36 meter by 36
meter parking hangars. The construction of the MRO hangars will complete by end of 2008
while two of the ten parking hangars will complete by end of 2009. On August 8, 2008,
VistaJet Holding SA started operations from the airport. It provides private jet travel from
Malaysia to anywhere in the world.

Pejabat Imigresen Subang

Terminal 2 03-78471678
Lapangan Terbang SAAS 03-78471851
47200 Subang.

EXISTING NETWORK IMPLEMENTATION

9
Network implementation consists of the following steps:

1. Physical network design

• Local Area Network design

LAN design consists of selecting appropriate devices such as Hubs, Bridges,

Switches, and Routers. Criteria for selecting LAN devices include the
following:

• The number of ports required at different levels

• The speed (10Mbps/100Mbps/1Gbps or others)
• Media considerations, such as Ethernet, Token Ring etc.
• Support for different network protocols such as TCP, VOIP etc.
• Ease of configuration, and maintainability
• Management (SNMP etc.)
• Availability
• Documentation

• Wide Area Network design

Various WAN technologies are available for connecting enterprise resources.

A few prominent technologies are given below:

• Leased lines
• Synchronous Optical Network (SONET)
• Frame Relay
• Asynchronous Transfer Mode (ATM)

The technology that suits an enterprise requirement depends on the

bandwidth and QoS requirements, security requirements, and application
requirements.

Remote Access requirements: The companies are increasing becoming mobile. This
demands remote access capability to its executives, customers and vendors. Devices are
chosen taking into consideration the remote access requirements of the Company. Several
technologies can be used for remote access including PPP, Multilink PPP, ISDN, or Cable
Modem. Careful consideration to be given whether the software or WAN devices support
authentication and authorization methods intended to be adopted by the Company.

Netwotk Implementation at

10
 Internationa Subang Airport – Imegresion
Department

According to the information gathered, we determine that the International Subang

Airport, Immigration Department used backbone CAT5e also using CAT6. The IT Executive
added, the building at Subang Airport, especially at Department of Immigration, is kind of
old building. So that why they still using an old network even though the accessibility are
wider now. Furthermore, the IT Department is using ipv4 for their internet protocol provider.
They are about to upgrading the internet protocol once the building is moved to KLIA as it
much bigger and easy on implement new technology at a new building.

The network implementation is divided into two, the left wing, and the right wing.

L
Since, every implementation got to have LANs included, as to defined LANs is as

R
follow; Network in limited geographical area such as home or office building. They also are

11
using wireless LANs connection. The LANs connection connects them to the FRS, Police
Station and also Kuala Lumpur International Airport (KLIA). In LANs, it has three
directories, such as, active directory, authentication, and radius server.

The directory also constraints, DHCP, Short for Dynamic Host Configuration
Protocol, a protocol for assigning dynamic IP addresses to devices on a network. With
dynamic addressing, a device can have a different IP address every time it connects to the
network. In some systems, the device's IP address can even change while it is still connected.
DHCP also supports a mix of static and dynamic IP addresses.

Dynamic addressing simplifies network administration because the software keeps

track of IP addresses rather than requiring an administrator to manage the task. This means
that a new computer can be added to a network without the hassle of manually assigning it a
unique IP address. Many ISPs use dynamic IP addressing for dial-up users. DNS, ) Short for
Domain Name System (or Service or Server), an Internet service that translates domain
names into IP addresses. Because domain names are alphabetic, they're easier to remember.
The Internet however, is really based on IP addresses.

Every time you use a domain name, therefore, a DNS service must translate the name
into the corresponding IP address. For example, the domain name www.example.com might
translate to 198.105.232.4.

The DNS system is, in fact, its own network. If one DNS server doesn't know how to
translate a particular domain name, it asks another one, and so on, until the correct IP address
is returned. Other directories are, Windows’98 -NetBIOS, print server and IDP. They choose
to use the IDP because it can be paced anywhere. Different with the IDS that only be placed
at the gateway only. Commonly every company that have directory will choose to use IDP.

The topology that they used is a Star Topology. Star Topology is, all devices connect
to a central device, called hub. In addition, all data transferred from one computer to another
passes through hub. In spite of that they also have core switch, distribution switch and edges
switch. The backbone they are using basically base on their network card available. The
network card is about, 10/100MBps. At the core network, they have the primary switch and
backup switch.

Other than that, the International Subang Airport is using a high supported packet.
According to the person in charge, the IT Executive Mr. Aizam, he says that, “The packet
must be highly supported, if not, the firewall will turn down”.

intern
internet et intern
Core switch
et 12
Serv Proxy-free-script
er
DM LANs
Firewall Telekom
M KLIA
zone
 VADs Outsource server

Figure: extract of network

implementation at Subang Airport

Based on the figure above, we can say that, they are using the DMZ. DMZ is
Demilitarized Zone. In computer networking, DMZ is a firewall configuration for securing
local area networks (LANs). In a DMZ configuration, most computers on the LAN run
behind a firewall connected to a public network like the Internet. One or more computers also
run outside the firewall, in the DMZ. Those computers on the outside intercept traffic and
broker requests for the rest of the LAN, adding an extra layer of protection for computers
behind the firewall.

Traditional DMZs allow computers behind the firewall to initiate requests outbound to
the DMZ. Computers in the DMZ in turn respond, forward or re-issue requests out to the
Internet or other public network, as proxy servers do. (Many DMZ implementations, in fact,
simply utilize a proxy server or servers as the computers within the DMZ.) The LAN
firewall, though, prevents computers in the DMZ from initiating inbound requests.

DMZ is a commonly-touted feature of home broadband routers. However, in most

instances these features are not true DMZs. Broadband routers often implement a DMZ
simply through additional firewall rules, meaning that incoming requests reach the firewall
directly. In a true DMZ, incoming requests must first pass through a DMZ computer before
reaching the firewall.

The part of MPLS is being connected to the KLIA. Currently, KLIA is being
connected to 32 branch of airports overall. Under the International Subang Airport, it is being
connected to one branch only, IMC at Jalan Sultan Ismail. They also have the system AD.
For the devices, they put on vLAN. And for the user they put on vLAN1, vLAN2, vLAN3
and vLAN4. Wi-Fi and consultant also using vLAN, overall they have 7 vLAN.

The MPLS is, short for Multiprotocol Label Switching, an IETF initiative that
integrates Layer 2 information about network links (bandwidth, latency, utilization) into

13
Layer 3 (IP) within a particular autonomous system--or ISP--in order to simplify and improve
IP-packet exchange. MPLS gives network operators a great deal of flexibility to divert and
route traffic around link failures, congestion, and bottlenecks.

From a QoS standpoint, ISPs will better be able to manage different kinds of data
streams based on priority and service plan. For instance, those who subscribe to a premium
service plan, or those who receive a lot of streaming media or high-bandwidth content can see
minimal latency and packet loss.

When packets enter a MPLS-based network, Label Edge Routers (LERs) give them a
label (identifier). These labels not only contain information based on the routing table entry
(i.e., destination, bandwidth, delay, and other metrics), but also refer to the IP header field
(source IP address), Layer 4 socket number information, and differentiated service. Once this
classification is complete and mapped, different packets are assigned to corresponding
Labeled Switch Paths (LSPs), where Label Switch Routers (LSRs) place outgoing labels on
the packets.

With these LSPs, network operators can divert and route traffic based on data-stream
type and Internet-access customer.

VADS is one of Malaysia’s leading Managed ICT Services providers. Growing from
our heritage as a joint venture between IBM Global Network Services and Telekom Malaysia
Berhad, today they are a public listed company serving more than 500 medium to large
enterprises across various industries. Over the years VADS has strengthened the foundation
of its triple pillars of services and solutions in Managed Network Services (MNS), Systems
Integration Services (SIS) and Business Process Outsourcing (BPO). By adding value for our
customers and empowering them to be efficient and productive, VADS has managed to
achieve 16 years of uninterrupted revenue growth.

NETWORK SECURITY SYSTEM

14
 In Malaysian Airport, they use firewall in their security system. A firewall is an
integrated collection of security measures designed to prevent unauthorized electronic access
to a networked computer system. It is also a device or set of devices configured to permit,
deny, encrypt, decrypt, or proxy all computer traffic between different security domains based
upon a set of rules and other criteria.
A system designed to prevent unauthorized access to or from a private network.
Firewalls can be implemented in both hardware and software, or a combination of both.
Firewalls are frequently used to prevent unauthorized Internet users from accessing private
networks connected to the Internet, especially intranets. All messages entering or leaving the
intranet pass through the firewall, which examines each message and blocks those that do not
meet the specified security criteria.
There are several types of firewall techniques:

• Packets filter: Looks at each packet entering or leaving the network and accepts or
rejects it based on user-defined rules. Packet filtering is fairly effective and
transparent to users, but it is difficult to configure. In addition, it is susceptible to IP
spoofing.

• Application gateway: Applies security mechanisms to specific applications, such as

FTP and Telnet servers. This is very effective, but can impose a performance
degradation.

• Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection

is established. Once the connection has been made, packets can flow between the
hosts without further checking.

• Proxy server: Intercepts all messages entering and leaving the network. The proxy
server effectively hides the true network addresses.

Function
A firewall is a dedicated appliance, or software running on computer, which inspects
network traffic passing through it, and denies or permits passage based on a set of rules.
A firewall's basic task is to regulate some of the flow of traffic between computer
networks of different trust levels. Typical examples are the Internet which is a zone with no
trust and an internal network which is a zone of higher trust. A zone with an intermediate trust
level, situated between the Internet and a trusted internal network, is often referred to as a
"perimeter network" or Demilitarized zone (DMZ).
A firewall's function within a network is similar to physical firewalls with fire doors
in building construction. In the former case, it is used to prevent network intrusion to the
private network. In the latter case, it is intended to contain and delay structural fire from
spreading to adjacent structures.
Without proper configuration, a firewall can often become worthless. Standard
security practices dictate a "default-deny" firewall rule set, in which the only network
connections which are allowed are the ones that have been explicitly allowed. Unfortunately,
such a configuration requires detailed understanding of the network applications and

15
endpoints required for the organization's day-to-day operation. Many businesses lack such
understanding, and therefore implement a "default-allow" rule set, in which all traffic is
allowed unless it has been specifically blocked. This configuration makes inadvertent
network connections and system compromise much more likely.

The picture takes in front the firebox-watchguard firebox

The picture takes from the upper of firewall

16
 The picture takes from the upper of firewall

The firebox place in the sever room in the IT department

CABLING STRUCTURE

17
Cabling structure

For the cabling structure, the company use the Cat5 and Cat5e cable. Category 5
cable, is a twisted pair (4 pairs) high signal integrity cable type often referred to as "Cat5".
Many such cables are unshielded but some are shielded. Category 5 has been superseded by
the Category 5e specification structured cabling for computer networks such as Ethernet, and
is also used to carry many other signals such as basic voice services, token ring, and ATM (at
up to 155 Mbit/s, over short distances).

The specification for category 5 cable was defined in ANSI/TIA/EIA-568-A, with

clarification in TSB-95. These documents specified performance characteristics and test
requirements for frequencies of up to 100 MHz.

Category 5 cable includes four twisted pairs in a single cable jacket. This use of
balanced lines helps preserve a high signal-to-noise ratio despite interference from both
external sources and other pairs (this latter form of interference is called crosstalk). It is most
commonly used for 100 Mbit/s networks, such as 100BASE-TX Ethernet, although IEEE
802.3ab defines standards for 1000BASE-T - Gigabit Ethernet over category 5 cable. Cat 5
cable typically has three twists per inch of each twisted pair of 24 gauge copper wires within
the cables.

Cat 5e cable is an enhanced version of Cat 5 that adds specifications for far end
crosstalk. It was formally defined in 2001 as the TIA/EIA-568-B standard, which no longer
recognizes the original Cat 5 specification. Although 1000BASE-T was designed for use with
Cat 5 cable, the tighter specifications associated with Cat 5e cable and connectors make it an
excellent choice for use with 1000BASE-T. Despite the stricter performance specifications,
Cat 5e cable does not enable longer cable distances for Ethernet networks: cables are still
limited to a maximum of 100 m (328 ft) in length (normal practice is to limit fixed
("horizontal") cables to 90 m to allow for up to 5 m of patch cable at each end, this comes to
a total of the previous mentioned 100m maximum). Cat 5e cable performance characteristics
and test methods are defined in TIA/EIA-568-B.2-2001.

The cable exists in both stranded and solid conductor forms. The stranded form is
more flexible and withstands more bending without breaking and is suited for reliable
connections with insulation piercing connectors, but makes unreliable connections in
insulation-displacement connectors. The solid form is less expensive and makes reliable

18
connections into insulation displacement connectors, but makes unreliable connections in
insulation piercing connectors. Taking these things into account, building wiring (for
example, the wiring inside the wall that connects a wall socket to a central patch panel) is
solid core, while patch cables (for example, the movable cable that plugs into the wall socket
on one end and a computer on the other) are stranded. Outer insulation is typically PVC or
LSOH.

Cable types, connector types and cabling topologies are defined by TIA/EIA-568-B.
Nearly always, 8P8C modular connectors, often incorrectly referred to as "RJ-45", are used
for connecting category 5 cable. The specific category of cable in use can be identified by the
printing on the side of the cable.

The cable is terminated in either the T568A scheme or the T568B scheme. It doesn't
make any difference which is used as they are both straight through (pin 1 to 1, pin 2 to 2,
etc); however mixed cable types should not be connected in series as the impedance per pair
differs slightly and could cause signal degradation. The article Ethernet over twisted pair
describes how the cable is used for Ethernet, including special "cross over" cables.

Cables

However, for the internet they are using internet protocol version 4 (IPv4). Internet
Protocol version 4 (IPv4) is the fourth revision in the development of the Internet Protocol
(IP) and it is the first version of the protocol to be widely deployed. Together with IPv6, it is
at the core of standards-based internetworking methods of the Internet, and is still by far the
most widely deployed Internet Layer protocol.

19
It is described in IETF publication RFC 791 (September 1981) which rendered obsolete RFC
760 (January 1980). The United States Department of Defense also standardized it as MIL-
STD-1777.

IPv4 is a data-oriented protocol to be used on a packet switched internetwork (e.g.,

Ethernet). It is a best effort delivery protocol in that it does not guarantee delivery, nor does it
assure proper sequencing, or avoid duplicate delivery. These aspects are addressed by an
upper layer protocol (e.g. TCP, and partly by UDP). IPv4 does, however, provide data
integrity protection through the use of packet checksums.

IPv4 uses 32-bit (four-byte) addresses, which limits the address space to
4,294,967,296 (232) possible unique addresses. However, some are reserved for special
purposes such as private networks (~18 million addresses) or multicast addresses (~16
million addresses). This reduces the number of addresses that can be allocated as public
Internet addresses. As the number of addresses available is consumed, an IPv4 address
shortage appears to be inevitable; however network address translation (NAT) has
significantly delayed this inevitability.

This limitation has helped stimulate the push towards IPv6, which is currently in the
early stages of deployment and the only contender to replace IPv4.

OTHER SUPPORTED SYSTEM

20
E-mail services

For the e-mail services, the company use Lotus Note 6. Lotus Notes 6 actually
shipped in October 2002. Lotus Notes is a client-server, collaborative application developed
and sold by IBM Software Group. IBM defines the software as an "integrated desktop client
option for accessing business e-mail, calendars and applications on IBM Lotus Domino
server. The Notes client is mainly used as an email client, but also acts as an instant
messaging client (for Lotus Sametime), browser, notebook, and calendar/resource reservation
client, as well as a platform for interacting with collaborative applications. In the early days
of the product, the most common applications were threaded discussions and simple contact
management databases. Today Notes also provides blogs, wikis, RSS aggregators, CRM and
Help Desk systems, and organizations can build a variety of custom applications for Notes
using Domino Designer.

Since version 7, Notes has provided a web services interface. Domino can be a web
server for HTML files too; authentication of access to Domino databases or HTML files uses
Domino's own user directory and external systems such as Microsoft's Active Directory. A
design client is available to allow rapid development of databases consisting of forms, which
allow users to create documents; and views, which display selected document fields in
columns.

In addition to being a groupware system (e-mail, calendaring, shared documents and

discussions), Notes/Domino is also a platform for developing customized client-server and
web applications. Its use of design constructs and code provide capabilities that facilitate the
construction of "workflow" type applications (which may typically have complex approval
processes and routing of data).Since Release 5, Lotus server clustering has been capable of
providing geographic redundancy for servers.

Security

21
 Lotus also employs a code-signature framework that controls the security context,
runtime, and rights of custom code developed and introduced into the environment. With
Release 5, Lotus introduced Execution Control Lists at the Client level - starting with 6,
ECL's can be managed centrally by server administrators through the implementation of
Policies. Since release 4.5 the code signatures listed in properly configured ECLs entirely
prevent code execution by external malicious sources, and therefore virus propagation,
through native Notes/Domino environments. Administrators can centrally control whether
each mailbox user can add exceptions to, and thus override, the ECL.

Programming

Notes/Domino is a cross-platform, secure, distributed document-oriented database and

messaging framework and rapid application development environment that includes pre-built
applications like email, calendar, etc. This sets it apart from its major commercial
competitors, such as Microsoft Exchange or Novell GroupWise, which are generally purpose-
built applications for mail and calendaring that offer APIs for extensibility.

Lotus Domino databases are built using the Domino Designer client, available only for
Windows; while standard user clients are available for Windows, Linux, and Mac[3]. A key
feature of Notes is that many replicas of the same database can exist at the same time on
different servers and clients, across dissimilar platforms, and the same storage architecture is
used for both client and server replicas. Originally, replication in Notes happened at
document (i.e. record) level. With release of Notes 4 in 1996, replication was changed so that
it now occurs at field level.

A database is an NSF (Notes Storage Facility) file, containing basic units of storage known as
a "note". Every note has a UniqueID and a NoteID. The UniqueID uniquely identifies the
note across all replicas within a cluster of servers, a domain of servers, or even across
domains belonging to many organizations that are all hosting replicas of the same database.
The NoteID, on the other hand, is unique to the note only within the context of one given
replica. Each note also stores its creation and modification dates, and one or more Items.

There are several classes of notes, including design notes and document notes. Design notes,
which are created and modified with the Domino Designer client, represent programmable
elements, such as the GUI layout of forms for displaying and editing data, or formulas and

22
scripts for manipulating data. Document notes, which are created and modified with the
Lotus Notes client, via a web browser, via mail routing and delivery, or via programmed
code, represent user data.

As of version 6, Lotus established an XML programming interface in addition to the

options already available. The Domino XML Language (DXL) provides XML representations
of all data and design resources in the Notes model, allowing any XML processing tool to
create and modify Notes/Domino data.

Use as an email client

Lotus Notes is commonly deployed as an end-user email client in larger organizations,

with IBM claiming a cumulative 145 million licenses sold to date. (IBM does not release the
number of licenses on current maintenance, nor does it track number of licenses in current
use.)

When an organization employs a Lotus Domino server, it usually also deploys Lotus
Notes for its users to read mail and use databases. However, the Domino server also supports
POP3 and IMAP mail clients, and through an extension product (Domino Access for
Microsoft Outlook) supports native access for Microsoft Outlook clients. Lotus also provides
Domino Web Access, to allow the use of email and calendaring features through Internet
Explorer and Firefox web browsers on Windows, Mac and Linux. There are several spam
filtering programs available, and a rules engine allowing user-defined mail processing to be
performed by the server.

Finance and payroll system

The company use the software application program for their finance and payroll
system. SAP, started in 1972 by five former IBM employees in Mannheim, Germany, states
that it is the world's largest inter-enterprise software company and the world's fourth-largest
independent software supplier, overall.

The original name for SAP was German: Systeme, Anwendungen, Produkte, German
for "Systems Applications and Products." The original SAP idea was to provide customers
with the ability to interact with a common corporate database for a comprehensive range of

23
applications. Gradually, the applications have been assembled and today many corporations,
including IBM and Microsoft, are using SAP products to run their own businesses.

SAP has recently recast its product offerings under a comprehensive Web interface,
called mySAP.com, and added new e-business applications, including customer relationship
management (CRM) and supply chain management (SCM).

As of January 2007, SAP, a publicly traded company, had over 38,4000 employees in
over 50 countries, and more than 36,200 customers around the world. SAP is turning its
attention to small- and-medium sized businesses (SMB). A recent R/3 version was provided
for IBM's AS/400 platform.

SAP Financial Database provides a framework for managing user’s control, reporting, and
compliance data and all related applications – and sets a solid foundation for a strategic
information architecture. This powerful application enables data assembly, modeling, and
analysis in a consistent fashion. The user can extract once, efficiently ensure the highest
possible data quality, and guarantee that all reported results are reconciled and accurate.

SAP Financial Database is compatible out-of-the-box with all SAP transactional and
analytical banking applications. Plus, the application provides accelerated integration with in-
house and third-party applications through SAP NetWeaver – eliminating the issues of
redundant data and high operating costs inherent in isolated point solutions. SAP financial
modules give customer the whole picture of the accounting functions with, extensive report
facilities to allow for fast decision-making support. They are also perfectly suited for
international corporations with multiple subsidiaries, including support for foreign currencies
and multilingual capabilities. The financial area contains the following module groups:

• FI. Financial accounting

• CO. Controlling
• EC. Enterprise controlling
• IM. Investment capital management
• TR, Treasury

Internet services

24
 The company uses the proxy server for the internet services. In computer networks, a
proxy server is a server (a computer system or an application program) that acts as a go-
between for requests from clients seeking resources from other servers. A client connects to
the proxy server, requesting some service, such as a file, connection, web page, or other
resource, available from a different server. The proxy server evaluates the request according
to its filtering rules. For example, it may filter traffic by IP address or protocol. If the request
is validated by the filter, the proxy provides the resource by connecting to the relevant server
and requesting the service on behalf of the client. A proxy server may optionally alter the
client's request or the server's response, and sometimes it may serve the request without
contacting the specified server. In this case, it 'caches' responses from the remote server, and
returns subsequent requests for the same content directly

A proxy server has two purposes:

• To keep machines behind it anonymous (mainly for security).

• To speed up access to a resource (via caching).

It is commonly used to cache web pages from a web server. A proxy server that passes
requests and replies unmodified is usually called a gateway or sometimes tunneling proxy. A
proxy server can be placed in the user's local computer or at various points between the user
and the destination servers or the Internet.

Caching proxy server

A caching proxy server accelerates service requests by retrieving content saved from a
previous request made by the same client or even other clients. Caching proxies keep local
copies of frequently requested resources, allowing large organizations to significantly reduce
their upstream bandwidth usage and cost, while significantly increasing performance. Most
ISPs and large businesses have a caching proxy. These machines are built to deliver superb
file system performance (often with RAID and journaling) and also contain hot-rodded
versions of TCP. Caching proxies were the first kind of proxy server.

SWOT ANALYSIS

25
 SWOT Analysis is based on the aspect of strength, weakness, opportunities, and
threat. According to our project, we identify that the system and network they used is
standardized and commonly used. From the aspect of strength, we notice that, International
Subang Airport strength is lies on the secured and common network. If we can see from the
report on the network implementation of International Subang Airport before, we notice that
they are using VADs as the out source of their network system. VADS is one of Malaysia’s
leading Managed ICT Services providers. Growing from our heritage as a joint venture
between IBM Global Network Services and Telekom Malaysia Berhad. As we know choose
the right ISP’s is very important on determining and ensure that the network implementation
work properly and user friendly.

In addition, they also used MPLS. MPLS is, short for Multiprotocol Label Switching,
an IETF initiative that integrates Layer 2 information about network links (bandwidth,
latency, utilization) into Layer 3 (IP) within a particular autonomous system--or ISP--in order
to simplify and improve IP-packet exchange. MPLS gives network operators a great deal of
flexibility to divert and route traffic around link failures, congestion, and bottlenecks. Thus
we may say that the strength of their network configuration is at excellent condition since
they are using the VADs services and have MPLS apart from it.

The other aspect from SWOT analysis is weakness. We can generally see that
obviously the office and the department is build in the old building that might not have
enough supported system or configuration. Nothing much can be done to the configuration
process if the building remains the same. Because, analogy of putting a “big” thing, thus we
also must have “big” place. So same goes with the network. The evaluation must equally
develop and maintain.

Next, we have from the aspect of opportunities. Basically, they have opportunities on
using 100/1000MBps data rate, but they decided to go on 10/100MBps only because, for
them it takes lot of work to be done to configured everything including changing the network
card and etc. in fact the current building that they used does not match the evolutions of new
technology.

Last but not least, the analysis from the aspect of their threats, International Subang
Airport uses to be hack by other, not responsible ones. But, currently, the firewall they are
using, still never been hacked. The watchguard firewall is generally protecting the system
anyway.

NETWORK IMPROVEMENT RECOMMENDATION

26
 Finally, we may recommend on the existing network improvement. As we know,
International Subang Airport, use the star topology. A star topology is one of the most
common network setups where each of the devices and computers on a network connect to a
central hub. A major disadvantage of this type of network topology is that if the central hub
fails, all computers connected to that hub would be disconnected. To prevent this problem,
they should prepare a back-up system or any emergency configuration to not stop the
production and the employees work. Because stopping on the system may affect the quality
and process of work and also may distort their daily routine.

Other than that, now the IPv6 is well known to be better and upgraded internet
protocol. But the International Subang Aiport still using the IPv4. So we recommend them to
upgrade the internet protocol to the latest internet protocol. In fact, currently they are using
Lotus Notes version 6.5. We also want to recommend them to upgrade the system to Lotus
Notes version 8.0. So that the payroll system, e-mail services, internet services, web
authentication would be better and improve their services on that and become more user
friendly.

Last but not least, improvement recommendation on the data rate sends and receives. As
the International Airport, they should have better speed on sending and receiving the data
rate. Thus, once they are moved to KLIA or new building with better configuration, they
should implement better data rate like, 100/1000MBps.

Overall that is all our piece of recommendation on their network implementation.

Based on our limited and not that much knowledge, we manage to finalize the
recommendation needed.

CONCLUSION

27
 The conclusion of this project is, we unconsciously gain and learning
about the important things of network implementation. Other than cabling structure, network
security system, other supported system and etc. Therefore, we may say that this project
benefit us in the way it is. The recommendation we give just based on our knowledge that is
limited to certain information that we know. Perhaps, there is better way to be recommended
to this network implementation.

We also see that most of the company according to their IT Executive’s

opinion used star topology, because it is easy to monitor them all when all the devices is
centred at one spot. Even though there is some information that we cannot obtain, which is
strictly private n confidential to the company, but still, we managed to gather information that
needed and complete the task.

References

28
1. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/localdir/ld31rns/ldicgd/ld3_c
h3.htm

2. http://en.wikipedia.org/wiki/Uninterruptible_power_supply
3. http://compnetworking.about.com/cs/networksecurity/g/bldef_dmz.htm

4. http://www.webopedia.com/TERM/M/MPLS.html

5. http://www.vads.com/main.html

6. http://www.webopedia.com/TERM/D/DHCP.html
7. http://www.webopedia.com/TERM/D/DNS.html
8. William Stallings, Data and Communications, eight
Edition,2007;Pearson International
Edition(Education)

29
RESUME

30
Name : Nadiah Atikah binti Abdullah

Identity Card : 891025-14-6914

Student ID : 2008401582

Course Code : ITT460

Program Code : CS226

Group : CSB26A

Part : II

Role : Existing network infrastructure

Also responsible on ensure that the team objectives

and project were done successfully interpreted.

E-mail : angel_banzai25@yahoo.com

Testimonials : I, as the team leader would gratitude our thanks to

Madam Rozita Yunos for the opportunities she gave

us to complete and experience the project given.

Even though it quite a while but we manage to complete

and gather the information as we told to. The knowledge

and experiences we gain would remain and be as precious

as the beginning. We are hoping to make it better for the next project.

RESUME

31
Name : Nor Raidah binti Rai

Identity Card : 891130-07-5214

Student ID : 2008401594

Course Code : ITT460

Program Code : CS226

Group : CSB26A

Part : II

Role : Responsible on extracting information about the

Network security System.

Also responsible on contacting the person in charge at

International Subang Airport.

E-mail : raidah_aida@yahoo.com

Testimonials : I, as the member of team would gratitude our thanks to

Madam Rozita Yunos for the opportunities she gave

us to complete and experience the project given.

Even though it quite a while but we manage to complete

and gather the information as we told to. The knowledge

and experiences we gain would remain and be as precious

as the beginning. We are hoping to make it better for the next project.

32
 RESUME

Name : Afifah Amirah binti Mohamed

Identity Card : 890222-03-5522

Student ID : 2008401566

Course Code : ITT460

Program Code : CS226

Group : CSB26A

Part : II

Role : Responsible on extracting about the cabling structure

Also responsible on taking photos and prepare several

question to be asked to the IT Executive, Mr. Aizam.

E-mail : fifahmyra@gmail.com

Testimonials : I, as the member of team would gratitude our thanks to

Madam Rozita Yunos for the opportunities she gave

us to complete and experience the project given.

Even though it quite a while but we manage to complete

and gather the information as we told to. The knowledge

and experiences we gain would remain and be as precious

as the beginning. We are hoping to make it better for the next project.

33
 RESUME

Name : Siti Nazirah binti Yacob

Identity Card : 900120-04-5152

Student ID : 2008401602

Course Code : ITT460

Program Code : CS226

Group : CSB26A

Part : II

Role : Responsible on extracting information about

the others supported system

Also responsible on taking photos, printing

the report, collecting money for the use of this project

E-mail : secretlover_zz08@yahoo.com

Testimonials : I, as the member of the team, would gratitude our thanks to

Madam Rozita Yunos for the opportunities she gave

us to complete and experience the project given.

Even though it quite a while but we manage to complete

and gather the information as we told to. The knowledge

and experiences we gain would remain and be as precious

as the beginning. We are hoping to make it better for the next project.

34
DIAGRAMS

35
 EVIDENCES

Figure : The picture in the sever room

Figure :Main frame

Figure : Landscape of the Lapangan

Figure : Malaysia Airport – International Subang Airport

Figure : Lapangan Terbang Antarabangsa Subang Kuala Lumpur

36
Figure : Server Room Figure : Main Frame

Figure : connected to KLIA

Figure : the UPS

37
38