TERM PAPER PROJECT-DESIGN A SECURE NETWORK 1

Term Paper Project-Design a Secure Network

CIS 534 Advanced Network Security Design

Abstract

This term paper involves putting together the various concepts learned throughout this course. I

am going to design the most secure network possible, keeping in mind your goal of supporting three IT
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 2

services: email, file transfer centralized, and VPN. In the first step I will design a single network capa-

ble of supporting their three different services. Once I fully designed my network, I will provide three

workflow diagrams explaining how my designed network handles the three different transactions. The

first is an internal user sending an email using his / her corporate email address to a user on the Yahoo

domain with an arbitrary address of user534@yahoo.com. The second workflow diagram should show

a user initiating an FTP session from inside your network to the arbitrary site of ftp.netneering.com.

The third workflow is an externally located employee initiating a VPN session to corporate in order to

access files on the Windows desktop computer, DT-Corp534-HellenS, at work. I am going to design

this network for Seagull Pak international logistic services and give it to them. In the First part I will

explain each network device’s function and your specific configuration of each networking device. In

the same section I will Design and label the bandwidth availability or capacity for each wired connec-

tion. In the part 2 first I will explain how my overall design protects the organization from both inside

and outside attacks the and further I will explain how my layered design compensates for possible de-

vice failures or breaches in network security. Further later in the assignment I will mention if I have

bottlenecks exist in my design and in the last segment of the assignment I will explain how to make the

file transfer process more secure. I will draw all four diagrams in Microsoft Visio and bring here in the

word file.

PART 1

Overall network diagram

TERM PAPER PROJECT-DESIGN A SECURE NETWORK 3
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 4
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 5

Each network device’s function and your specific configuration of each networking device.
Company profile:
Seagull Pak international logistic services were established on 2001 with the aim to provide

the standardized logistic services to the Oil petroleum companies in Sub-continent. Initially it started its

operations with the little fleet but with the passage of the time, the higher management decides to

expand its operations keeping the with the requirements of the stakeholders to various remote locations

where the oil is being explored.

Over the span of ten years, the growth of Seagull Pak has touched to billion Us Dollar

annually and its momentum is continuously increasing with every passing day. Seagull Pak has become

the market leader in the logistic services in Sub-Continent with the growth size of its employees up to

five thousands and its various sub-offices across the region.

To meet with the demand of its stakeholders and to make the continuous communication

with them, it has nagged to establish the most sophisticated networking system within the company and

it has also ventured to establish the communication system with its stakeholders for the satisfactory

communication for enhancing the business.

The networking communication at Seagull Pak is continuously upgraded with the arrival of new

technology and it has fostered its business operation accordingly. When the networking system in the

Seagull Pak was introduced, it has increased its communication level with its employee’s-m to higher

level and all reports and correspondence is done through the networking, which is equipped with most

sophisticated devices that are performing well.

The above-mentioned diagram illustrates the entire detail of the devices, which are being sued in

the Networking system at Seagull Pak.

Network Devices and their Role in Network
Multi T1 Services: -The Network is connected to Internet with T1 lines. T1 lines are Fiber optic like

that can provide fast Internet and browsing facility hundreds of users. In Medium business environment

it can provides high bandwidth data communication with Internet. T1 line provides 1.544 Megabit per

Second of Bandwidth. As the network designed requires T1 to handle Data rather than voice

Communication therefore it is connected with Router.

TERM PAPER PROJECT-DESIGN A SECURE NETWORK 6

Router: - In order to provide Seagull Pak a more sophisticated connectivity with internet, the T1 line is

connected to router. There are many options available for selecting the routers in the networking but

more reliable series are Medium Business Cisco router of 2800 series or 3600 series are best option.

These routers provide multiservice integration of voice and data packets without losing the data of

Seagull Pak across its all sub-offices. Furthermore this router also has functionality of handling branch

office connections. The data and voice packets are routed to Internet through best possible path on

internet. Furthermore choice of router helps in increasing Seagull Pak a complete security; the model

chosen for the network under discussion has ability to VPN access and inters VLAN routing. IP

Address Assigned to them is 192.168.20.1

Catalyst switch: -Router is connected with Catalyst Switch that provides fast Ethernet connectivity to

the entire offices of Seagull Pak across the main offices and also to remote sub0offices accordingly

network. The Choice of switch depends on size of network requirements for communication. Therefore

possible choice for Switch as placed in diagram can be Cisco catalyst 2950 series that has many

security features and enable organizations to configure switch according to needs and requirements of

organization. Catalyst switch can provide high level of quality of Services with intelligent data

transportation system that increases the security of network when connected the edge of network. IP

Address Assigned 192.168.20.24.THE Catalyst Switch in Network is connected directly with NIDS

(Network Intrusion Detection system). Its function is to provide First line of defense against any

unauthorized intrusion. Connecting NIDS at the edge of network point is important as it provides

security to whole network by analyzing whole traffic passing through network. Network intrusion

Detection system detects malicious traffic passing through the network and is enabled to take corrective

ensures while it can also record any hacking attempts as log files. These log files can be analyzed later

n order to analyze any security event.

Furthermore Host based intrusion detection system is also installed with DMZ servers and

Corporate Servers in order to provide increased security. Host based intrusion detection system can
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 7

analyze any malicious traffic passing through host/Servers and may take corrective measure in order to

protect data.
VPN 3005-Catalyst Switch is also connected to VPN (Hardware based) from other side. VPN that is

important part of network as it adds functionality to the network as it provides not only secure and

better manageable networking facilities to employees but also help managing security by proving IP

sec capabilities. Whole network traffic in main branch of network is connected to internet through vpn

that enables employees establish dedicated connection to other networks. On the other side VPN is also

connected with access modem in order to provide remote/ teleworkers with vpn based point-to-point

connectivity. While Software based VPN installed on router and pix firewall are also used on remote

access lines through network in order to provide further support to hardware based VPN.
Cisco Pix Firewall: -Firewall Plays important role in providing enhanced security to the network it

filters the Internet traffic passing through the network. Therefore hardware based IP based firewall is

installed in network just at edge connecting point where core computer network meets with outer layer

of network. It is directly connected to Catalyst switch and on the other side to the network. Therefore

whole network traffic will be analyzed for any malicious data packets passing through network. Cisco

Pix firewalls are better option, as it is hardware IP based firewall with Network address translation

capabilities for added security. Furthermore Software based firewalls are also installed on all personal

computers used by employees and routers that connects remote employees to network through remote

access. These software-based firewalls provide added layer of security. THE Pix firewall is then

connected with Catalyst switch for workgroup in order to provide connectivity. This catalyst work

group switch is providing connectivity to DMZ, Access Control Server, Corporate Servers and users

through LAN connectivity.

Web server’s -The Catalyst switch is connected to web server that works as sub network for enterprise

network and it provides extra layer of security to Enterprise network by posing an attacker like

corporate servers. The Attacker can be engaged upfront in order to protect core network of

organization. Web servers including Email servers and FTP servers. The web servers are provided with
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 8

limited connectivity to internal and external networks in order to protect any potential attacks Web

servers are preinstalled with host based intrusion detection system and secure configuration for

increased protection. In order to provide increased security to Data the Web servers are communicate

through web server to external network. While this communication with DMZ is also protected by

application firewall. IP Address 192.168.20.23.

ACS Access Control Server
Authentication and Authorization is an important part of network security. Catalyst workgroup switch

is connected with ACS Radius in order to provide network with access control services. This access

control service include grant or deny access to devices, users/employees and workgroups. ACS Radius

is configured to allow only authorize person to operate inside the network. Anyone who tries to connect

or communicate with network or try to access network resources are first connected with ACs and pass

through access control mechanism predefined in configuration of ACS.IP Address 192.168.20.22

Servers:-Other Side of Catalyst Workgroup Switch is connected to Corporate Servers. These Servers

have database that provides Data storage and access facility to the whole network, in order to increase

protection to corporate web server these web servers are also preinstalled with Host based intrusion

detection system. IP Address 192.168.20.21

Access Point: -Access points are connected to catalyst switches in order connect employees with

network, these access points enable users to get and connection point regardless of distance from the

wired network, these access point help employee get connected to network through wireless

connectivity while it can also help in applying network policies to network users/employees.
Modem-Broadband access modems are used in order to connect remote employees with network. This

Broadband access modem is connected with DSL line that are further connected to users through VPN

connections, Remote workers and users may dial into network through broadband access modems.

Design and label the bandwidth availability or capacity for each wired connection.

Link-Place Max Priority (0) Priority (1) --------------- Priority (7)

Capacity
Internet 50 mbps 40 mbps 40 mbps --------------- 40 mbps
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 9

Comcast
Link1- 300 mbps 200 mbps 200 mbps --------------- 200 mbps
modem to
VPN
Link 2-VPN 400 mbps 325 mbps 325 mbps --------------- 325 mbps
to Local
User
Link 3- 250 mbps 175 mbps 175 mbps --------------- 175 mbps
Router to
IDS, CISCO
PIX
Firewall,
Catalyst
Switch
All other 500 mbps 430 mbps 430 mbps --------------- 430 mbps
link

Part 2-a
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 10

From diagram it is evident when the users are using the networking for communication by

using the FTP server; he/she has to follow the networking procedures for sending and receiving the

mail. Suppose from the diagram, local user is one who sits at the computer 1 and he intends to send the

mail to yahoo (computer 2).

From the diagram, user is connected by the modem through the use of VPN to the Internet

cloud (a internet station which receives and send the request to various users. The Internet cloud sends
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 11

the request to router, which traces the actual destination of the users to whom mail is sent accordingly.
User 1 request is furthers en tot LAN where the various users are connected with various IP address,

which are given to them in the network. User request is further processed by the use of VPN, which is

directly connected to LAN where FTP and mil server is connected.

Part 2 b
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 12

For the safe and secure delivery of file sharing across the network by using the various servers

from one company to another, jonny must follow the following diagram.
In the below mentioned diagram, following devices are used in which the data travels from one

destination to another ones.

Router:- The data and voice packets are routed to internet through best possible path on internet., the

model chosen for the network under discussion has ability to VPN access and inters VLAN routing. IP
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 13

Address Assigned to them is 192.168.20.1 where the user will is requested to send the mail.
Catalyst switch: -
Here the t switch can provide high level of quality o intelligent data transportation system that increases

the security of network when connected the edge of network. IP Address Assigned

192.168.20.24.Jonny mail will be addressed by its initial address to the final destination.
Network intrusion Detection system detects malicious traffic passing through the network and is

enabled to take corrective ensures while it can also record any hacking attempts as log files. These log

files can be analyzed later n order to analyze any security event.

VPN
.While Software based VPN installed on router and pix firewall are also used on remote access lines

through network in order to provide further support to hardware based VPN. Here the exact location of

the Jonny mail will be endorsed

Web servers
The web servers are provided with limited connectivity to internal and external networks in order to

protect any potential attacks Web servers are preinstalled with host based intrusion detection system

and secure configuration for increased protection. In order to provide increased security to Data the

Web servers are communicate through web server to external network.

ACS Access Control Server
Authentication and Authorization is an important part of network security. Anyone who try to connect

or communicate with network or try to access network resources are first connected with ACs and pass

through access control mechanism predefined in configuration of ACS.IP Address 192.168.20.22

Servers:-
Server will accept the mail. It will trace out the recipient request to its original destination.
Modem
Remote workers and users may dial into network through broadband access modems

PART 2C
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 14

The above-mentioned design will protect the organization in the following way:

 It will protect the organization from outsider intervening in the internal ammeters of the com-

pany
 Safe and secure transfer of data is made ensured
 Each user will not able to use the other user’s data without any specific ID

For example, if the user wants to check the existing documents of another user, he will not be
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 15

able to use his ID to check his/her important documents unless and until the network administrator does

not give him the permission.

In the same way, user are given certain restrictions in sending the data which exceeded its

limits, hence he/she will have to take permission from the domain policy in the existing network.
Thus in the network, a certain security exist which puts certain barriers to every users in using the

network connection, so the network security provides the data to be transferred more securable on the

entire network and without any loss of data, all communication like emails and other documents will be

sent from one location to another.

In the network mentioned in the diagram, there is no bottlenecks existed s it is more secure

and reliable with the satisfactory result. File transfers can be made more secure if the proper constrains

in the network are applied. It is the sole responsibility of network administrator to sue all restriction on

all users, which can damage the data, to be transferred from one location to another. Hence all network

policies be applied in the existing network and all software must be upgraded along with the up-

gradation of existing hardware devices when it seems necessary.

Explain how your overall design protects the organization from both inside and outside attacks.
Web application security is quickly becoming a concern for companies. Organizations are cre-

ating, deploying and utilizing web applications in greater numbers and at a more rapid pace than ever

before. As a result, web apps are becoming an increasingly more popular attack vector—accounting for

54 percent of all security breaches last year. While web applications still remain the third most common

attack vector for all companies, it’s the larger organizations—and their larger data stores—that are most

vulnerable. (They’re nearly five times more likely to be attacked than their smaller counterparts.) Com-

pounding the problem is the fact that there’s no one-size-fits-all, silver bullet firewall or next-genera-

tion firewall solution that provides protection from both inside out and outside-it. The shifting land-

scape. Nowadays, about 25 percent of all network security breaches can be attributed to attacks directly

against web servers from outside the company. That figure doubles for larger organizations. The reason

hackers are shifting the attack vector landscape towards web apps and away from remote access or

backdoors is simple: they know large companies have richer, more mature security practices in place.
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 16

They also know that most organizations have improved their ability to limit access and have imple-

mented better authentication controls. It’s no wonder that last year, only 20 percent of all breaches in-

volved remote access services. Backdoor attacks also declined.

With the rise of social media use among employees and applications like Facebook Chat or vari-

ous cloud services including Dropbox, companies have to consider security from an inside-out perspec-

tive. A real need now exists to peer inside web traffic to determine what specific applications are being

used and how they’re being utilized to ensure an enterprise isn’t exposing itself to unnecessary risk.

Companies not only need the ability to see inside applications, they need the ability to deny access to

them or completely shut them down to protect users, their devices and, by extension, resources on the

corporate network, as well.

The outside-in problem is different but equally important. Like inside-out threats, outside-in

threats also exist at the application layer, but these threats involve gratuitous, unwarranted and mali-

cious traffic coming from unidentified sources. This malicious traffic is predominantly aimed at web

applications with the sole purpose of cracking and breaking them down so they can give up sensitive

data like user names, passwords or credit card information. This problem is one of botnets and persis-

tent hackers skilled at web application compromise, and it’s not something next-generation firewalls

(which are built for application visibility and control of the inside-out threat) can help with at all. Iden-

tifying hackers with high accuracy and shutting them down requires a completely different technology

set. Despite the notion that outside-in security requires a different set of controls and technologies than

protecting against inside-out threats, considering security from both perspectives makes perfect sense

and it’s the current best practice. This dual security concern is also stimulating an interest in more

holistic approaches that go beyond so called next-gen security services and aim to protect from both

types of attack vectors in a single offering. Whether it’s securing the mobile workforce, the virtualized

data center, complex applications, or the distributed enterprise, security has never been more challeng-

ing or important. Juniper Networks can help you balance security with access to network resources, in-
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 17

formation sharing and remote connectivity. Our end-to-end security solutions help you connect, protect

and manage across your entire network infrastructure, from the endpoint device all the way to the data

center, so you’re in total control.

Explain how your layered design compensates for possible device failures or breaches in network

security-To reduce downtime, the network designer deploys redundancy in the network. Devices at the

distribution layer have redundant connections to switches at the access layer and to devices at the core

layer. If a link or device fails, these connections provide alternate paths. Using an appropriate routing

protocol at the distribution layer, the Layer 3 devices react quickly to link failures so that they do not

impact network operations. In the TCP/IP model of the Internet, protocols are deliberately not as rigidly

designed into strict layers as in the OSI model. RFC 3439 contains a section entitled "Layering consid-

ered harmful". However, TCP/IP does recognize four broad layers of functionality, which are derived

from the operating scope of their contained protocols: the scope of the software application; the end-to-

end transport connection; the internetworking range; and the scope of the direct links to other nodes on

the local network. Even though the concept is different from the OSI model, these layers are neverthe-

less often compared with the OSI layering scheme in the following way: The Internet application layer

includes the OSI application layer, presentation layer, and most of the session layer. Its end-to-end

transport layer includes the graceful close function of the OSI session layer as well as the OSI transport

layer. The internetworking layer (Internet layer) is a subset of the OSI network layer The link layer in-

cludes the OSI data link and physical layers, as well as parts of OSI's network layer.
These comparisons are based on the original seven-layer protocol model as defined in ISO 7498, rather

than refinements in such things as the internal organization of the network layer document. The pre-

sumably strict peer layering of the OSI model as it is usually described does not present contradictions

in TCP/IP, as it is permissible that protocol usage does not follow the hierarchy implied in a layered

model. Such examples exist in some routing protocols (e.g., OSPF), or in the description of tunneling
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 18

protocols, which provide a link layer for an application, although the tunnel host protocol might well be

a transport or even an application layer protocol in its own right.

Determine whether any possible bottlenecks exist in your design.
A bottleneck, in a communications context, is a point in the enterprise where the flow of data is

impaired or stopped entirely. Effectively, there isn't enough data handling capacity to handle the current

volume of traffic. A bottleneck can occur in the user network or storage fabric or within servers where

there is excessive contention for internal server resources, such as CPU processing power, memory, or

I/O (input/output). As a result, data flow slows down to the speed of the slowest point in the data path.

This slow down affects application performance, especially for databases and other heavy transactional

applications, and can even cause some applications to crash.

A bottleneck frequently arises from poor network or storage fabric designs. Mismatched hard-

ware selection is a common cause. For example, if a workgroup server is fitted with a Gigabit Ethernet

port but the corresponding switch port that connects to the server only offers a legacy 10/100 Ethernet

port, the slow switch port will then pose a bottleneck to the server. Another design flaw common to

storage networks is excess fan-in, where multiple storage devices are connected to the same switch port

in order to maximize the use of that switch port's bandwidth. For example, connecting multiple four-

gigabit (Gb) Fiber Channel storage devices to the same switch port can easily overwhelm the switch

port and result in performance problems if multiple storage devices are active simultaneously. In many

cases, bottlenecks develop over time because administrators fail to track the increasing demands of net-

work and storage traffic.

Bottlenecks can also develop due to poor or sub-optimal configuration of switches or host bus

adapters (HBAs). For example, using multiple Fiber Channel ports to connect devices within the stor-

age switching fabric can improve storage availability and performance but if the interconnected devices

are not configured for load balancing much of the benefit is lost. Similarly, bottleneck conditions can

occur due to hardware failures. From the previous example, suppose that one of two Fiber Channel

links should fail. Although failover should allow the storage device to remain accessible, all the traffic
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 19

that used to be carried by two links now fails over to one -- potentially resulting in a bottleneck if that

traffic exceeds the bandwidth of a single link. Bottlenecks are typically located by systematically test-

ing network performance at various devices along a data path and isolating devices performing notice-

ably slower than other points. Once identified, reconfiguring, upgrading or replacing the offending de-

vice can usually resolve the bottleneck. At the network level, this may involve upgrading a switch or

HBA. For servers, a CPU or memory upgrade may help or the server may need to be replaced entirely

(for example, replacing an aging single-CPU server with a newer dual-or quad-CPU server). Bottle-

necks can often be avoided by proactively monitoring traffic load trends over time and implementing

improvements before serious problems develop.

Explain how to make the file transfer process more secure.
Managing file transfer is a relatively time-consuming effort for IT staff. If FTP systems are used,

then IT must manage FTP servers and deal with user issues as they arise. If email is used instead of

FTP or – more commonly in addition to it, then IT must spend time dealing with email problems that

are caused by the use of email as the file transfer backbone. A dedicated and secure file transfer solu-

tion can make life much easier for the IT department in a number of ways, by reducing the reliance on

email as the file transfer backbone, by allowing IT to. Manage corporate data in compliance with cor-

porate policies, and by eliminating no secure solutions that force IT staffers to scramble when discov-

ery or other problems arise. A serious problem with current file transfer capabilities is that they do not

allow data to be found easily, if at all. For example, if users are employing any of the easy-to-use

cloud-based file transfer or file synchronization solutions, they have addressed their personal require-

ments for file transfer. However, what happens when the organization needs to perform an early case

assessment in advance of a legal action or a regulatory audit? What happens when they need to go

through an e-discovery exercise or perform a legal hold? The dispersion of data across the various file

transfer solutions that might be in use in an organization – and the inaccessibility of these data stores to

IT or legal – can create serious problems for an organization when they need to find data in a timely
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 20

manner, assuming that they can even access it at all.

The choice of a file transfer solution will be dependent on a number of factors, including the size

of the organization, how distributed its employees are, the industry it serves, the regulations that it must

satisfy, its corporate culture and other factors. However, there are a number of issues that decision mak-

ers should consider as they evaluate the best file-transfer solution for their organization:
Make it easy for users and align with existing processes-One of the most important considerations in

selecting a managed file transfer solution is to integrate it as seamlessly as possible into the way that

employees work today. A solution that requires a fundamentally different approach to file transfer, or

that requires significant

Training for end users, simply won’t be used and will be a wasted investment. The key is to deploy a

solution that is as easy to use as consumer-oriented, cloud-based file-sharing options, but that do not

create a paradigm shift.

Reduce (or at last don’t add to) IT costs-Another important consideration is to use managed file

transfer as a way of addressing the significant costs associated with IT having to manage existing stor-

age and other problems

in email and FTP. Because the costs associated with storage-related problems in email systems can sap

IT budgets, not to mention the costs associated with managing FTP servers and the like, a managed file

transfer system can actually pay for itself in short order by reducing these costs. While a managed file

transfer solution should be able to reduce storage and related costs, at a minimum the solution should

not add to the IT departments

Budget requirements.
Allow the management of content throughout its life cycle-One of the fundamental benefits of a

managed file transfer solution is its ability to manage content throughout its lifecycle. Unlike the case

with most email and FTP systems in which Content is largely unmanageable after it is sent, the right

managed file transfer system will permit content to be managed by the senders and by IT with capabili-

ties like making the content available only for a certain period of time or allowing its access only by

authorized parties. This will make data breaches much less likely and will improve the ability to man-

age data in accordance with regulatory, legal and corporate policy requirements. Additionally, some so-
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 21

lutions go beyond file transfer to offer file sharing, sync, commenting, and online workspaces for in-

creased collaboration and productivity.

Satisfy current and anticipated corporate governance requirements-Corporate governance of data

is becoming a much bigger issue as state, provincial and national governments are increasingly focused

on data breaches and the consequences associated with them. Given that 2011 saw a number of major

data breaches, we anticipate that laws and corporate policies focused on governing data will become

stricter in 2012 and beyond. A robust managed file transfer solution will be able to satisfy current gov-

ernance Requirements – such as HIPAA, Sarbanes-Oxley and PCI DSS – and address future ones, as

well.
Improve the performance over conventional file transfer- While most organizations will not fre-

quently send multi-gigabit files, another important consideration in selecting a file transfer solution to

replace FTP or other protocols will be to improve the speed of transfer. This improves the delivery time

for very large files and

Makes better use of available bandwidth.
TERM PAPER PROJECT-DESIGN A SECURE NETWORK 22

Reference:
Bae, T. -S., optimized network of ground stations for LEO orbit determination, ION 2005 NTM,

Cormen, T., C. Leiserson, R. Rivest, and C. Stein, Introduction to Algorithms (2nd).

Kuang, S., Geodetic Network Analysis and Optimal Design: Concepts and Applications, 368 pp., Sams

Publications, 1996.Schaffrin, B., Network design, in Optimization and Design of Geodetic Networks,

edited by Grafarend, E. and F. Sans’s.

Verlag, 1985.Schmitt, G., Second order design of free distance networks considering different types of

criterion matrices, Bull. Geodetica.

Kelly, Sean (August 2001). "Necessity is the mother of VPN invention". Communication News: 26–28

VPN Buyers Guide". Communication News: 34–38. August 2001. ISSN 0010-3632