You are on page 1of 16

Chapter Two


2.1 Introduction

In this chapter we will assessment of ministry of foreign affairs LAN, its deigning

concepts and the different departments of the ministry to become conscious the well

management, like security higher performance, availability and scalability for future


2.2 Ministry Of Foreign Affairs Overview

The different sectors of building should be prepared way of sharing devices,

resources and accessibility. The main aim is to resistant maximizing user requirements,

high routine utilities, and reliable LAN connectivity, instead of online work.
2.2.1 Existing products

Some internet services are available inside the ministry of foreign affairs that

allow them to connect through the internet and router for outside gateway, it allows the

ministry to instigate a connection to the hosts by the use of internet to access their data

stored in the computers.

Advantages of computer network sharing center

Network and without network Advantages Disadvantages

Sharing devices such as Viruses can spread to other
printers saves money computers throughout a
Network center Data is easy to backup as all computer network
data is stored on the file There is a danger of hacking.

2.3 Local Area Network

A local area network (LAN) is a group of computers and associated devices that share a

common communication line or wireless link to a server. Typically, a LAN encompasses

computers and peripheral connected to a server within a distinct geographical area such as

an office or commercial establishment. Computers and other devices use a LAN

connection to share resources such as printers anyhow a local area network is a computer

network within a small geographical area such as a home, school, computer library, office

building, or group of buildings so LAN is composed of inter-connected workstations and

personal computers which are each capable of accessing and sharing data and devices,

such as printers, scanners and data storage devices, anywhere on the LAN anyway here

are some local area network topologies.

2.3.1 BUS Topology

Bus topology is a specific kind of network topology in which all of the

various devices in the network are connected to a single cable or line. In general,

the term refers to how various devices are set up in a network. Advantages of Bus Topology

 Very easy to connect computer or peripheral to a linear bus

 Requires less cable length than other topology resulting in lower


 It works well in small networks

 It is easy to extend by joining cable with connector or repeater Disadvantages of Bus Topology

 Entire network shuts down if there is a break in the main cable or

one of the T connectors break

 Large amount of packet collisions on the network, which results in

high amounts of packet loss.

Figure 2.1 Bus Topology from Technopedia.Com

2.3.2 Ring Topology

Ring topology refers to a specific king of network setup in which devices are

connected in a ring and pass information to or from each other according to their

adjacent proximity in the ring structure. This type of topology is highly efficient

and handles heavier loads better than bus topology. A ring also called topology

because messages are passed each device in the ring. Advantages of Ring Topology

 Very orderly network where every device has access to the token and the

opportunity to transmit.

 Does not require a central node to manage the connectivity between


 Point to point line configuration makes it easy to identify and isolate

 Performs better than a bus topology under heavy network load. Disadvantages of Ring Topology

 Bandwidth is shared on all links between devices

 Moving, adding and changing the devices can affect the network

 Communication delay is directly proportional to number of nodes in the


(Figure 2.2 Ring Topology from

2.3.3 Star topology

Star topology is one of the most common network setups also star

topology is a topology for a Local Area Network (LAN) in which all the

computers or nodes are individually connected to a central connection point, like a

hub or switch anyhow star takes more cable than other topologies like bus, but the

benefits is that if a cable fails, only one node will be brought down. Advantages of star topology

Easy Installation and maintenance

It is easy to maintain network. That is why it is so popular.

Adding or removing computers

Adding or removing computers can be done without disturbing the

network. We connect the new computer with the HUB by means of a

networking cable. One end of the cable (RJ 45 connector) is inserted in

computer’s Network Interface Card and the other end (RJ 45 connector)

is plugged into the HUB, and that’s it.

Fault Diagnosis

In a star network topology, finding faults is easy. If a computer is no

more connected with your network, you can check its cable and connectors

or network settings in its Operating system.

Network Reliability

Single computer failure will not disturb whole network,

since all other computers are connected with separate links (wires) to

HUB. Definitely, they will work fine.

Better performance

Star topology can prevent the passing of data through an

excessive number of nodes. By using a Switch, at most, 3 devices and 2

links are involved in any communication between any two devices..

Device Isolation

Each device is separately connected to HUB or Switch and is

isolated. This is why each device works independently. Disadvantages of star topology

In star network topology, data communication depends on HUB. If

central hub fails, then whole network fails.

Since each computer will be connected with HUB by means of a

separate wire, star network topology needs more cable to connect


It is more expensive due to more wires.

(Figure 2.3 Ring topology from

2.4 Requirements of the ministry LAN meets

Connection reliability

 The ministry is providing wired (cables) and wireless (router) can capable

carrying of the signals and waves from the source to the destination, which

actually making genuine the transmition of data in the system to be



 The system must be available at any time internally and externally with the

privileged rules and permissions, so the resources like sharing data,

printers should become ready at any time needed by the users. The internet

connection should establish by the ISP when outside branches or WAN

connections oriented (Telnet) to be effective and efficient.

High implementation

 The system has to maintain an appropriate manner the devices which can

be handle the transmission of data to be the execution of programmers fast,

it must be there such like PCs had good processors, Cisco switches and



 It is a very sensitive topic at any area of internetworking, it discusses the

prevention from outsider and insider attacks to mitigate the damage of the

system. The valid most different type of attackers can be internal or

external attack towards organization. The both has problem, but the

security deals about how to defense system or minimize the organizations

vulnerabilities. To ensure avoidance or decreasing the hacking have to

implement following:

1. Internal organization attack preventions:

 Grantee permissions on users

 Installing monitoring application entire the LAN by the administration

 Alert messages by unauthorized access (watch dog software)

 Authorization, authentication, accounting (AAA)

2. External organization attack prevention:

 Firewalls, and proxy servers


 Access list control (ACL)

 DOS protection software

 Brute force attacks

 Eavesdropping attacks
Central Management:

Is the managing the holy system physically and logically from a central

admin which auditing, allowing, preventing the activities through the entire

network. The admin must perform functioning for configuring devices like

routers, switch.
2.5 System Adjustment

2.5.1 Server Management

Server provides us with powerful tools to react the needs faster than ever before

with greater control and confidence specially Windows server 8 designed to increase the

reliability and flexibility of the infrastructure, helping the ministry and the system to save

time and reduce costs. Windows Server 2008 R2 enables us to take the datacenter and

desktop strategy to a new level such us these

 Remote desktop service

 Remote Desktop Services allows the employees of the ministry to access

applications, data, and even the entire desktop running in the datacenter over

the network. It provides us with both the features and the strength of a

established solution giving the employees flexible access to their data and

applications. To expand the Remote Desktop Services deployment scenarios,

Microsoft has been investing in the Virtual Desktop Infrastructure, also known

as VDI. VDI is a centralized desktop delivery architecture, which enables

Windows and other desktop environments to run and be managed in virtual

machines on a centralized server.

In addition to the new virtualization features, the Windows Server 2008 R2 OS

contains several updates over the previous version to the tools you are most

familiar with.
 rising reliability and the scalability

 Windows server 2008 has been specifically designed to support increased

workloads while utilizing fewer resources.

 enhanced administration

 Windows Server 2008 helps to decrease the amount of effort you expend
managing your physical and virtual data centers by providing enhanced

management consoles and automation for repetitive day-to-day administrative


2.5.2 Routers

Router is a device that forwards data packets along a network, routers use headers

and forwarding tables to determine the best path for forwarding the packets, and they use

protocols such as ICMP to communicate with each other and configure the best route

between any two hosts so The Cisco 1841 Integrated Services Router is part of the Cisco

1800 Integrated Services Router Series which complements the Integrated Services

Router Portfolio

Figure 2.4 Cisco router from

The Cisco 1841 Integrated Services Router provides the following support:

 Wire-speed performance for concurrent services at T1/E1 WAN rates

 Enhanced investment protection through increased performance and modularity

 Enhanced investment protection through increased modularity

 Increased density through High-Speed WAN Interface Card Slots (two)

 Support for over 90 existing and new modules

 Support for majority of existing WICs, VWICs, and VICs (data mode only)

 Two Integrated 10/100 Fast Ethernet ports

 Security

o On-board encryption

o Support of up to 800 VPN tunnels with the AIM Module

o Antivirus defense support through Network Admission Control (NAC)

o Intrusion Prevention as well as state full Cisco IOS Firewall support and

many more essential security features

2.5.3 Flexible, Intelligent Switching For Secure Networks

The Cisco Catalyst 2950 Series Switch is a fixed-configuration, stackable

standalone switch that provides wire-speed Fast Ethernet and Gigabit Ethernet

connectivity. This switch offers two distinct sets of software features and a range of

configurations to allow small, midsize, and enterprise branch offices and industrial

environments to select the right combination for the network edge. Standard Image

Software offers Cisco IOS Software functions for basic data, voice, and video services.

For networks with requirements for additional security, advanced quality of service
(Quos), and high availability, Enhanced Image Software delivers intelligent services such

as rate limiting and security filtering for deployment at the network edge.

2.5.4 Security

Network security starts with authenticating the user, commonly with a username

and a password. Since this requires just one detail authenticating the user name —i.e. the

password, which is something the user 'knows'— this is sometimes termed one-factor

authentication. With two vector authenticating, something the user 'has' is also used (e.g.

a security token or 'dongle', an ATM card, or a mobile phone); and with three-factor

authentication, something the user 'is' is also used (e.g. a fingerprint or retinal scan).

Once authenticated, a firewall enforces access policies such as what services are

allowed to be accessed by the network users. Though effective to prevent unauthorized

access, this component may fail to check potentially harmful content such as computer

worms or Trojans being transmitted over the network. Anti-virus software or an intrusion

prevention system (IPS) help detect and inhibit the action of such malware.

2.5.5 Security Management

Security management for networks is different for all kinds of situations. A home

or small office may only require basic security while large businesses may require high-

maintenance and advanced software and hardware to prevent malicious attacks from

hacking and spamming.

The Top Five LAN Security Issues Facing IT Managers Today

A quick look at the top five security problems shows there is are tools to solve

each one. But the one problem/one tool approach does not solve the full range of security

problems and can be difficult to manage. This approach also begs the question "Is there a

better way to handle LAN security?"

 Porous-Perimeters

The conventional approach to enterprise security has been to apply security at the

perimeter of the network. Today, however, perimeter defenses are no longer

sufficient. Increasingly, sites no longer consist just of predictable managed desktops

but include a mix of unmanaged mobile devices, such as laptops and PDAs.

Sometimes these devices belong to employees, but often businesses must allow guests

such as contractors, partners and others with unmanaged mobile devices to directly

connect to the internal network.

 Increasingly Sophisticated Attacks

Perimeter-based security strategies are also no match for the increasing

sophistication of attacks on the network. The hacker profile has begun to shift from

adolescents crashing systems for fun to professional criminals bent on taking over

systems for profit. New strains of malware appear to have the goal of remotely

controlling the victim's computer. Nothing prevents a remote-access Trojan on an

internal corporate network from being used as a perfect corporate spy..

 Unadoptable Networks

Many enterprises built LANs with the assumption that internal users are
trustworthy. Little thought was given to understanding exactly what devices are

connected to the network, where these devices are located, and what users are doing

with them. As a result, enterprises are finding themselves ill-equipped to deal with

problems introduced by mobile end systems and end users.

Furthermore, the increasing number of regulations on data protection and compliance

verification, including privacy, financial, health records, state information processing

laws, and even anti-terrorism acts, has raised the importance of auditing network


Enterprises need visualization and audit tools that associate different network

identifiers and locations. Such tools could, for example, find the user, access port, and

MAC address when given an IP address. The tools should also be able to display the

location from which the user has accessed the network in a form that can IT can

quickly understand.

 Uncooperative Employees

Even with security awareness programs and employee censure for lax security

practices, users still view security as something that gets in the way of doing their job.

Users will often abort full disk scans, or even disable anti-virus or anti-spyware

applications, if they believe they measurably slow down the computer.

Network access control mechanisms that perform periodic integrity re-assessments

and policy compliance verification, and that have the ability to isolate an endpoint that

fails, can mitigate the potential damage done by uncooperative employees.

 Risky Applications

New types of collaborative computing tools, such as Instant Messaging, VoIP,

and wireless, are increasingly in demand, since they enhance productivity and allow

users to be in touch 24x7. However, many of these tools bring with them increased

security risks, primarily because their reach extends within and beyond the traditional

network boundary. Exploiting vulnerabilities in these applications can provide

hackers a fast path