PROGRAM TITLE: BTEC Higher National Diploma in Computing

UNIT TITLE: Unit 02 Networking

ASSIGNMENT NUMBER: 2

ASSIGNMENT NAME: Consulting and Designing networking systems for Gold Star

SUBMISSION DATE: 26/09/2021

DATE RECEIVED: 20/10/2021

TUTORIAL LECTURER: Nguyen The Duc

WORD COUNT: 5889

STUDENT NAME: Luong Hoang Hai

STUDENT ID: BKC12049

MOBILE NUMBER: 0942603115

1
Summative Feedback:

Internal verification:

2
 Assignment 2
Contents

Lo1 Well-known Application Layer Protocols and Services......................4

I. DHCP....................................................................................................................................................... 4
II. Mail server.............................................................................................................................................7
III. DNS.......................................................................................................................................................... 8
IV. Web server............................................................................................................................................9

LO2 Network Security................................................................................ 12

I. Benefits of network security.............................................................................................................12

II. Network security tools and techniques........................................................................................13

LO3 Design efficient networked systems.................................................. 14

I. Network design for the system.......................................................................................................14

II. Install and configure network services.........................................................................................21

LO4 Implement and diagnose networked systems..................................26

I. Implement networked system based on a prepared design...............................................26

II. strengths and weaknesses of model networking.....................................................................27
III. Design a maintenance schedule to support the networked system.................................28
IV. Recommend potential enhancements for the networked systems..................................28

3
Lo1 Well-known Application Layer Protocols and Services

I. DHCP
 DHCP stands for Dynamic Host Configuration Protocol. Accordingly, DHCP is a protocol that
assigns IP addresses to all devices accessed on the same network via the DHCP server integrated
on the router. 
 In addition, DHCP also has the task of providing the necessary parameters of the network to
the devices. Specifically, information about subnet masks, default gateways and DNS services.
 How DHCP works:
o Basically, the way DHCP works is simple. That is, when a device wants to access the
signaling network, DHCP will perform the sending of a request from the router. The
router then assigns the available IP address.
o Specifically, when there is a need to connect to the network, the device sends a DHCP
DISCOVER request to the server. Next, DHCP server conducts a search for the available
IP address, then, provides the card and DHCP OFFER package.
o Once the address is obtained, the device uses a DHCP REQUEST file pack to reply back
to the server. At this point, the server will send confirmation that the device already
has IP, as well as the time of use until replaced with a new address.
o Because of this mechanism of operation, for small-scale or household networks,
routers act as DHCP servers. As for larger network models, a router will not be able to
manage all devices, so devices should need a dedicated server to perform IP leveling.
1. DHCP server

A DHCP server is a server that makes a network connection. It responds to information when a
workstation (DHCP client) broadcasts a request. In addition, DHCP server is also tasked with
transmitting information in the most reasonable way to devices, and at the same time, performing
default gateway or subnet mask configurations.
2. DHCP client

4
 DHCP Client is defined as a workstation running DHCP service. DHCP Client is used to make
registrations, update information about IP addresses along with DNS records for itself. Specifically,
when an IP address or TCP/IP parameter is needed to work in the network, DHCP Client will send a
request to DHCP Server.

3. Advantages of DHCP
 DHCP has a function that allows automatic configuration. As a result, the network connection
speed of the devices is faster.
 Help manage scientific IP addresses, avoid IP duplication and more stable networking.
 IP addresses, TCP/IP parameters are easily managed through stations.
 Network administrators can arbitrarily change configurations and IP parameters according to
the needs used to upgrade infrastructure.
 Allow devices to move back and forth between networks and receive new IP addresses
automatically.
4. Disadvantages of DHCP
Despite many outstanding advantages, DHCP is not immune to some limitations. Concrete:
 The use of dynamic IP addresses is not suitable for fixed devices, with high frequency of
continuous access such as printers, file servers.
 DHCP is only suitable for small or home network models.
5. Communication messages between DHCP server and DHCP client
 DHCP Discover: This is a packet of information sent to the DHCP server by a device that
requires an IP address to access the network.
 DHCP Offer: This is an information package containing AN IP address, additional TCP/IP
configuration. DHCP Offer is sent a response to the client by the DHCP server after receiving
DHCP Discover.
 DHCP Request: This is the information package that DHCP Client responds to the server about
IP acceptance, after it receives a DHCP Offer.
 DHCP Acknowledge: This is the package of information that the DHCP server responds to the
client to determine that it has accepted the DHCP Request, and, at the same time, orients the
optional parameters to perform the client's access to the TCP/IP network, as well as complete
the boot system.
 DHCP NAK: If the client does not use an IP address because it is no longer valid or has been
used by another machine, the DHCP server sends a DHCP NAK package. After that, the client
must re-implement the subscription process.
 DHCP Decline: When the DHCP Client decides the parameters in the offer are not valid, it
sends the DHCP Decline package to the server and at this point the client must rework the
subscription process.

5
  DHCP Release: This is the packet that DHCP Client sends to the server to free up the IP
address, and at the same time, performs the deletion of existing subscribers.
6. How to handle IP conflict errors with DHCP
 Although DHCP's role is to automatically assign IP to devices, sometimes DHCP itself
encounters errors that cause IP conflict errors. In this case, to fix it, the administrator simply
performs the release of duplicate IP addresses. If the error has not been fixed, restart the
router. However, when you have used both of the above but cannot, it means that the error
arises not due to DHCP or router.
7. Possible attacks with DHCP configuration
In fact, there may be two situations where DHCP is attacked: using an illegal DHCP Client workstation
and an illegal DHCP server.
 When DHCP Client Is Illegal:
In this case, the client workstation is in a situation where it requires sending a continuous IP
level to the server. And the server will automatically issue IP to the client that is not authentic
until the address is out. Of course, the result is to deplete the address source for legitimate
workstations, causing the system to stagnate, many workstations cannot access the network.
This type of attack is very simple, done easily with only bandwidth without wasting a lot of
time for hackers.
 When DHCP servers are illegal:
When hackers break down the network's protective wall, they gain control of the DHCP server
and infiltrate to control the system. There are usually three types of illegal DHCP server
attacks.
o DoS network: Hackers set up an IP strip, subnet mask that prevents workstations from
logging into the system, leading to DoS network.
o DNS redirect: Through DNS changes to workstations, visits will be led to fake websites
containing malicious code, viruses for the purpose of stealing users' information.
o Man-in-the-middle: This type of attack targets the default port by converting them to
a hacker's machine. This means that requests from the client sent to the Default
gateway will be automatically transferred to the hacker's machine before reaching the
default port. From there, hackers easily copy, level all the information of the visitor.
However, this type of attack only helps hackers see the information sent online.
External content sent to the client workstation is not intrusive.
8. Security solutions for DHCP
Each type of attack will have its own DHCP security solution. Concrete:
 Illegal DHCP Client attacks: To deal with this type of attack, you use high-security switches.
They will help limit the number of MAC addresses per port. As a result, the system will not
occur when there are too many MAC addresses used on one port at the same time. When
multiple addresses exceed the specified level, the port will stop serving and they can only be
re-operated at the time set by the administrator.
 Man-in-the-middle attack: You use a highly secure DHCP snooping switch as a security
solution for DHCP against this type of attack. The switches have the effect of limiting the
connection with suspicious signs from DHCP to the ports. At the same time, only highly
reliable connections allow the DHCP response packet to work. Of course, only this port is
entitled to connect to the real server.
 solutions commonly used to secure DHCP servers:
o Secure data storage using the NTFS file system.
o Regularly update new versions of windows and software.
o Regularly scan for viruses for the system
o Screening and removal of unnecessary software or services
o Use a firewall to secure DHCP servers.

6
 o Use physical security for servers
II. Mail server
Mail Server is a server system that is individually configured to send and receive mail on the Internet.
Simply understand Mail Server is like a post office on the Internet is a data center, storing information
retrieval on the internet. Your mail is sent before reaching the recipient's email inbox, it must be via
mail server.

1. Benefits of mail server

Mail server is rated higher than other servers. What are the benefits of the Mail server:
 Creating emails by business domain increases credibility and professionalism in email
exchange.
 High security, which offers many of the features that business email needs.
 Use mail for work anytime, anywhere on any device, syncing data quickly.

2. Mail Server works and some terms

 Outgoing Mail Server: Outgoing Mail Server or Mail Server sends out using smtp (simple mail
transfer protocol). This is a simple mail transfer protocol used to communicate with the server
remotely. It also allows multiple messages to be sent at the same time to different servers.
 Incoming Mail Server:
This method is also known in two forms:
o POP3 (Post Office Protocol version 3): transfer email to the computer containing Mail
Client, usually internally the user's computer through an email application such as
Outlook, Mac Mail, Windows Mail ...
o IMAP (Internet Message Access Protocol) is a more complex method that allows multiple
clients to connect to a mailbox at the same time. Email from Mailbox will be copied to the
client and the original of the email will still be saved on the Mail Server
 TLS Mail Server: TLS is Transport Layer Security. TLS works together with the Secure Sockets Layer
(SHL). The main purpose of providing encrypted shipping for SASL certified logins.
 Webmail: Webmail is an email based on the website. Some Webmail that you have often seen
such as Hotmail, Gmail, yahoo mail. Webmail allows users to access email at any time.
 SMTP-IN Queue: Before distributing messages to the Local queue or Remote Queue. The SMTP
protocol will do an operation to back up all outbound emails from the enterprise's email server at
SMTP-IN Queue. In other words, SMTP-IN Queue is a repository of correspondence information
before it is sent.
 Local Queue: After receiving the correspondence information, the system will automatically
distribute the classification and stack the correspondence in the order in the line before the trip to

7
 the recipient's mailbox. The queue of letters is the Local Queue. To enhance security and keep the
email server system safe. Before the message is sent to the user, the local queue and remote
queue will conduct a virus scan. Then check the spam to be sure of the quality of the message
sent. Avoid the case of mail servers being blacklisted as IP spam.
 Local Mailboxes: Mailboxes are the inboxes of accounts with the company's mail server account
registered.
 Email Authentication: Email Authentication is the feature that confirms the identity of users when
accessing email inbox. This feature helps you secure your own correspondence information. In
other words, Alternate Email is a form of backup email. When you forget your mail server
password, you can use this email to help you get your password back quickly.
 The MX record is about showing the way for email to go to your mail server. The MX Record is
usually accompanied by an A record that will point to the IP address of the mail server. A Pref
parameter has a numerical value to indicate the priority of the mail server. The smaller the Pref
value, the higher the priority.
3. Current mail server services
 Independent Mail Server
The independent Mail Server system is designed for separate organizations for the purpose of
handling large workloads, processing more flexibly for mail and data services. For some large
businesses that want their data only the manager himself should use mail server independently.
We simply hire the service to configure the installation, operation and maintenance of the system.
These standalone mail servers can sync Outlook remotely and Webmasters connect to the data
base, giving you the power and control you need for large-scale operations.

 Mail Server Outlook

Mail Server Outlook is a free email service developed and provided by Microsoft. Although often
used primarily as an e-mail app, Outlook also integrates other features such as calendar, work
management, contact management, notes, etc. Outlook also has some advanced features needed
for multiple users in an organization. Such as sharing mailboxes and schedules, exchanging public
folders, SharePoint lists, and meeting schedules. Outlook mail is developed on a secure and secure
cloud platform.
 Mail Cloud Google
Google Cloud Is a paid mail service launched by Google in 2016. G Suite is widely used by
businesses. With online tools for business including Gmail, Drive, Documents, and Meet. Google
Workspace has the ambition of giving users a workspace in just one app.
III. DNS
DNS (Domain Name System) is a system that allows the corresponding setup between ip addresses
and domains on the Internet.

8
 1. DNS functionality
Each website has a name (a domain or URL: Uniform Resource Locator) and an IP address. Ip
addresses consist of 4 groups of numbers separated by dots (IPv4). When you open a Web browser
and enter a website name, you go straight to the website without having to go through entering the
IP address of the website. The process of "translating" a domain name into an IP address for the
browser to understand and access the website is the work of a DNS server. DNS help to go back and
forth to translate the address "IP" into "name" and vice versa. Users just need to remember the
"name", no need to remember the IP address (IP addresses are very difficult numbers to remember).
2. DNS working principles
 Each service provider operates and maintains its own DNS server, consisting of machines within
each of its service providers' own sections in the Internet. That is, if a browser searches for the
address of a website, the DNS server that resolves this website name must be the DNS server of
the organization that manages the website and not that of another organization (service provider).
 INTERNIC (Internet Network Information Center) is responsible for tracking the domain names and
DNS servers respectively. INTERNIC is an organization founded by NSF (National Science
Foundation), AT&T and Network Solution, responsible for registering internet domains. INTERNIC
is only responsible for managing all DNS servers on the Internet, not the task of resolving names
for each address.
 DNS has the ability to query other DNS servers to get a resolved name. The DNS server of each
domain usually has two different things. First, it is responsible for resolving names from machines
inside the domain to Internet addresses, both inside and outside the domain it manages. Second,
they respond to external DNS servers trying to solve the names inside the domain it manages.
 DNS servers are capable of remembering names that have just been resolved. To use for next
resolution requests. The number of resolution names saved depends on the size of each DNS.

IV. Web Server

Web server is the word used to refer to server software, or hardware dedicated to running software or
websites on the server, from which world wide web services can be provided. A web server processes
requests from clients through http protocols and other related protocols.
1. The characteristics of the Web server
 Web servers can process data, provide information to clients via the internet environment
through the HTTP protocol, which is designed to send files to a web browser or other protocol
If a Server Software program is installed and connected to the internet, any computer can
become a web server. Server Software is specialized software to install and run on any
computer that can meet the memory requirements. Thanks to it, users can access the
information of the website from another computer over the internet.
 People often hire small servers, VPS virtual servers or hosting to store data for their website.

9
  A server can provide both Static and Dynamic content. Static means content that is intact and
easy to set up. Dynamic is content that has been processed or created with data from
database, formatted, pushed into HTTP Template and sent results to users.
2. Popular web servers today

a) Web server Apache

 Apache web server was developed by the Apache Software Foundation and is one of
the most famous web servers in the world. This is open source software, supporting
most operating systems such as Unix, Linux, Windows, Mac OS X, FreeBSD, ....
According to statistics, about 60% of computers run on Apache web servers.
 Apache web server has easy customizations because it has a modular structure. You
can add or modify modules to the server as you like if you feel it's appropriate.
Compared to any web server, Apache is stable and easy to handle when problems
occur. New versions of the Apache web server are capable of handling more requests
than their predecessors.

b) Web server IIS

10
 Web server IIS is a Microsoft product, it has a lot of Apache-like features. However, this is not
open source and adding and editing modules at will is not easy. Web server IIS is capable of
running on all platforms of the Windows operating system.

c) Web server Nginx

Web server Nginx is a free open source server. Nginx includes POP3 and IMAP servers. Web
server Nginx has the advantages of stability, high performance, simple configuration and low
resource use. Nginx does not use threads to process requests but uses an event-by-event
(scalable) programming architecture. This programming architecture uses memory when
loaded small and predictable. Nginx currently hosts about 7.5% of domains worldwide. In
recent years, the majority of web hosting companies have used Nginx.

d) Web server LiteSpeed

Web server LiteSpeed has a lot of Apache-like features. LiteSpeed is capable of downloading
Apache configuration files directly while also acting as a Drop-in Replacement Apache with
hosting control panels. LiteSpeed can be replaced with Apache web server in about 15 Minutes
with Downtime equals 0. The LiteSpeed web server also has the ability to replace all Apache
features and simplify usage.

e) notes when using a web server

 Web server is an application that allows users to search for information related to their
website. Therefore, you need to have a highly configurable computer, store large
amounts of data and meet a large number of users. 

11
  Web servers need to ensure 24-fourth operation to provide information online to
users. The selection of web servers plays an important role in the flow of information
from the server to the computer. Web server rental service is expanding and growing
constantly, it allows to create many service packages so that businesses can make the
most optimal choice. Among hundreds of thousands of web server service providers,
you need to be knowledgeable and alert to choose a reputable address that provides
quality products

LO2 Network Security

I. What is network security?

Network security is a term that describes security tools, tactics, and policies designed to monitor,
prevent, and respond to unauthorized network intrusions, while protecting digital assets, including
network traffic. Network security includes hardware and software technologies (including resources
such as savvy security analysts, hunters, troubleshooters, etc.) and is designed to respond to a full
range of potential threats targeting your network.

II. Benefits of network security

 Cybersecurity exists to help your organization protect not only sensitive information but also
performance, credibility, and even the ability to stay in business. Continuous operation and
intact reputation are the two main benefits of effective network security.
 Companies that fall into cyber attacks often find themselves paralyzed from the inside out,
unable to provide services or effectively address customer needs. Similarly, networks play a
major role in internal corporate processes, and when they are attacked, those processes can
stall, further hampering the ability to organize business, or even continue to operate normally.
 In the face of a wave of identity theft and other dangers associated with the theft of personal
information, many customers have been hesitant to share data with businesses. And if a
cyberattack is to occur, many of these customers are likely to withdraw money in favor of safer
alternatives.
 Reliable network security software and hardware, along with appropriate policies and
strategies, can help ensure that when cyber attacks occur, their impact will be very small.
III. Network security tools and techniques

12
Your network faces threats of all shapes and sizes, and should therefore be prepared to protect,
identify, and respond to a full range of attacks. But the reality is that the biggest danger to most
companies is not 'nightly' threat agents, but well-funded attackers who are targeting specific
organizations for specific reasons. For that reason, your network security strategy needs to be able to
address the different methods these agents can use.
A number of different tools and techniques designed to help you do just that:
 Access control: If threat agents can't get into your network, the extent of the damage they'll
be able to do will be extremely limited. But in addition to preventing unauthorized access, be
aware that even authorized users can be potential threats. Access control allows you to
increase network protection by limiting users' access and resources to only parts of the
network that apply directly to the user's personal responsibilities.
 Anti-malware: Malware, in the form of viruses, trojans, worms, keyloggers, spyware, etc.
Designed to be transmitted through computer systems and infectious networks. Anti-malware
tools are designed to identify dangerous programs and prevent them from spreading. Anti-
malware and antivirus software can also help solve cases of malware infections, minimizing
damage to the network.
 App security: For many attackers, applications are a defensive weakness that can be exploited.
App security helps set security parameters for any app that may be related to your network
security
 Data loss prevention (DLP): Often, the weakest link in network security is the human factor.
DLP's technologies and policies help protect employees and other users from abuse and may
compromise sensitive data or allow data to be out of the network.
 Email security: As with the DLP, email security is focused on protecting security weaknesses
related to people. Through phishing (often very complex and convincing) strategies, attackers
persuade email recipients to share sensitive information or accidentally load malware into the
targeted network. Email security helps identify dangerous emails and can also be used to
prevent attacks and prevent the sharing of critical data.
 Endpoint security: The trend of bring your own device (BYOD) is growing, to the point where
the difference between personal and business computer equipment is almost none.
Unfortunately, sometimes personal devices become targets when users rely on them to access
enterprise networks. Endpoint security adds a layer of protection between remote devices and
enterprise networks
 Firewalls: Firewalls act like ports that can be used to secure the border between your network
and the internet. Firewalls are used to manage network traffic, allowing authorized traffic
through while blocking access to unauthorized traffic
 Intrusion prevention systems: Intrusion prevention systems constantly scan and analyze
network traffic, so that attacks can be identified and responded to quickly. These systems
usually hold a database of known attack methods, so that threats can be recognized
immediately.
 Network segmentation: There are many types of network traffic, each of which is associated
with different security risks. Network segmentation allows you to grant the right traffic access,
while limiting traffic from suspicious sources.
 Event Management and Security Information (SIEM): Sometimes gathering the right
information from a variety of tools and resources can be difficult – especially when time is a
problem. SIEM tools and software provide respondents with the data they need to act quickly.
 Virtual Private Network (VPN): VPN tools are used to authenticate communication between
secure networks and terminals. Remote access VPNs often use IPsec or Secure Sockets Layer
(SSL) for authentication, creating an encrypted line to block other parties eavesdropping.

13
  Web Security: Including tools, hardware, policies, and more, web security is a term to describe
the network security measures that businesses take to ensure secure use of the web when
connecting to an internal network. This helps prevent web-based threats from using the
browser as a point of access to access the network.
 Wireless security: In general, wireless networks are less secure than traditional networks.
Therefore, strict wireless security measures are needed to ensure that threat agents are not
accessed.

LO3 Design efficient networked systems

Gold Star Company has 2 floors each floor of 80m2 divided into rooms: HR, manager, technicians,
staff, server room. company has about 82 devices.

I. Network design for the system

1. First floor

 The first floor has 3 rooms: 1 large staff room, 1 small staff room and server room

a) Small staff room

 It is estimated that each computer will occupy about 1m in length at 90cm in
width, divided into 2 rows each with 5 pairs of computers, i.e. there are 10
machines.
 The pair of computers closest to the Switch (in the first row, close to the
Switch) each machine needs 3 meter of wire, both machines need 6m of wire,
the distance between the pairs in each row is 90 cm, but for the convenience
of moving, moving the machine, then from the second pair of machines we
add 1.5 m of network wire for each machine, that means 3m wires per pair of
machines. In the second row it is the same, the first pair of machines need 6m
of wire per machine, two machines will be 12m, and from the second pair to
the 5th pair each adds 3m of network wire.
 The number of wires required for this room is:
 First row: 6+9+12+15+18=60 (m)
 Second row: 12+15+18+21+24=150(m)
 The whole room: 60+90=150(m)

14
 b) Large staff room
This room is similar to a small staff room but there will be two more rows of computers so the
number of wires needed in this room is as follows:
 First row: (6+9+12+15+18) * 2=120(m)
 Second row: (12+15+18+21+24) * 2=180(m)
 The Whole room: 120+180=300(m)

2. Second Floor
 This floor has 4 rooms including: HR, technician room, director and vice director.

a) HR room
This room has only 10 computers, so there is only 1 row of computers, so the number of wires
needed for this room is:
6+9+12+15+18=60 m

b) Technician room
This room also has only 10 computers, so there is a row of computers, so the total number of
wires in this room is similar to HR room is 60m.

c) Director’s District
This area has 2 rooms for and each room has only 1 computer so only about 10m of network
wire for this area.

3. device selection

a) Switch 24 port
 Device Name: Cisco Switch SG350-28P-K9-EU 28-port Gigabit POE Managed Switch

 Product parameters:

15
 Reviews:
o The SG350-28p-K9-EU Switch lineup is part of an enterprise-optimized solution with
the ability to power 195W PoE power for 24 RJ ports, which minimizes cost efficiency.
o This Cisco SG350-28p-K9-EU Switch switches provide the features you need to
improve the availability of critical business applications, protect sensitive information,
and optimize network bandwidth to provide more efficient information and
applications.
o Cisco SG350-28p-K9-EU is designed with 26 x 10/100/1000 Ports, 2 SFP Slots, 2 mini-
GBIC ports combos are the perfect solution to improve network performance for small
businesses to save more than those costs.
 Featured features:
o Supports Simple Network Management Protocol (SNMP) that allows you to set up and
manage switches and other Cisco devices remotely from a network management
station, improve IT workflows, and volume configuration.
o Encrypted embedded security layer (SSL) that protects migration management data to
and from the switch
o The Extended Access Control List (ACL) restricts sensitive parts of the network to avoid
unauthorized users and protect against cyberattacks.
o Supports advanced network security applications such as IEEE 802.1X port security that
tightly limits access to specific segments of your network. Web-based authentication
provides a consistent interface for validating all types of storage devices and operating
systems, without the complexity of deploying IEEE 802.1X clients per endpoint.
o DoS attack prevention maximizes network uptime when an attack is present.

b) Switch 48 port
 Name: Cisco SG350-52-K9-EU 52-port Gigabit Managed Switch

16
  Product parameters:

 Review:
o This Cisco SG350-52p-K9-EU Switch switches provide the features you need to
improve the availability of critical business applications, protect sensitive
information, and optimize network bandwidth to provide more efficient
information and applications.
o Cisco SG350-52p-K9-EU is designed with 26 x 10/100/1000 Ports, 2 SFP Slots,
2 mini-GBIC ports combos are the perfect solution to improve network
performance for small businesses to save more than those costs.
c) Switch 8 port
 Device Name: Cisco Switch SG95D-08 8 ports

 Product parameters:

17
d) Router
 Device Name: Ubiquiti UniFi AP AC LR

 Product parameters:

e) Firewall
 Device Name: Cisco Firewall ASA5506-K9

18
  Product parameters:

 Features:
o Site-to-site VPN support and remote access VPN, providing high-performance,
high security and high availability access to help ensure business continuity.
o Detailed application visibility and control (AVC) supports more than 4,000
application layers and operations based on appropriate intrusion threat
detection (IPS) policies to optimize security efficiency.
o Provides threat prevention and full awareness of users, infrastructure,
applications, and content to detect threats.
o Filter URLs and categories, provide comprehensive alerts and control of web
traffic, and enforce policies across hundreds of millions of URLs in more than
80 categories.
o AMP provides malware detection mechanisms, sandboxes, with a low total
cost of ownership and premium protection value that helps you discover,
understand, and prevent malware and new threats that are ignored by other
layers of security.

4. the cost of equipment, network wires

 Router: 5

19
  Switch 8 ports :1
 Switch 24 ports: 3
 Switch 48 ports: 1
 The total number of wires from the server room to the switches in the rooms is: 70m
 The total amount of wire salary in the rooms is: 580m
 In addition, we also have to use the network press to be able to connect the network to
devices as well as computers, the type of UTP connector we can use is the type of UTP cat6
RJ45, it is sold in boxes, the number of 100 units / box. We have about 85computers, so we
need 170 heads of network, among other devices we need about 40. So, we need to buy three
boxes of the top.

 The total cost of network equipment is $4155.16


5. Bandwidth selection

 We should choose the F300 PLUS network plan because it has a bandwidth of
300Mbps and a minimum international bandwidth of 15Mbps. The price for this plan is
$435.02 per month
6. Security software
The type of software to use is Kaspersky Endpoint Security for Business

20
 Some features:
 Kaspersky Endpoint Security for Business ADVANCED includes Kaspersky Lab's latest
anti-malware technologies, combining signature-based, proactive and web-enabled
protection – for effective, multi-level defense. With automated updates from the
Kaspersky Security Network on the cloud, Kaspersky provides a rapid response to new
and evolving threats.
 Cybercriminals are increasingly using unpatched vulnerabilities – in operating systems
and applications – to attack corporate systems and steal data or money. Kaspersky's
patch management and vulnerability scanning function provides centralized control
over the detection of application and OS vulnerabilities – and prioritizes
application/OS patching. Kaspersky Endpoint Security for Business ADVANCED plays
an important role in helping eliminate the risk of criminals exploiting vulnerabilities in
the system.
 As enterprise IT network systems become increasingly complex, the task of managing
all the systems on which your business depends has become much more difficult and
time-consuming. Kaspersky Endpoint Security for Business ADVANCED simplifies a
wide range of system management tasks – including configuring, deploying, and
troubleshooting.
 Kaspersky Endpoint Security for Business ADVANCED is pre-configured to help you
manage and protect your systems – as soon as it is installed. Moreover, with the
unified, easy-to-use management dashboard offered together with Kaspersky security
center – your IT team can quickly adopt new system management policies and security
configurations.

II. Install and configure network services

21
1. Split IP address
I will set the IP address for each room as follows:
 Server room: 192.168.1.0/24
 Small staff: 192.168.2.0/24
 Big room: 192.168.3.0/24
 HR room: 192.168.4.0/24
 Technician room: 192.168.5.0/24
 Manager room: 192.168.6.0/24

2. Router configuration
 enable all routers, enable ports and set IP addresses for them.

 Configure Router

3. Server configuration

22
a) DHCP
o Set IP address for DHCP server

o service configuration

o Use IP help-address in router to split IP address

o set up IP locations on devices using DHCP

23
b) Gmail server

o create user and password for each employee

o configure mail on each device

24
c) SSH configuration

Set up SSH on the router

d) Telnet configuration
Set up telnet on the router

25
 e) Firewall configuration
 Step 1: Access Global Configuration Mode
 Step 2: Configure hostname, domain name, enable password, banner mode
 Step 3: Configure AES to encrypt Password
 Step 4: VLAN configuration
 Step 5: Configure the Default Static Route on the Cisco ASA
 Step 6: Configure Telnet, SSH on Cisco ASA
 Step 7: Configure NTP on Cisco ASA
 Step 8: Configure DHCP Server on Cisco ASA

LO4 Implement and diagnose networked systems

1. Implement networked system based on a prepared design

a) Test
 Ping
Set up pings from the computer in the staff small room to the computer in the
technician room

 Telnet

26
  Check devices that access routers via telnet

 SSH

2. strengths and weaknesses of model networking

Following the design and construction of this system, I discovered that it is quite beneficial and
effective for the company's operations. Here are my evaluations of the system once it has been built:
 Strengths:
o The company's activities are also faster and more cost-effective thanks to the

centralized control of the file server and other technologies.

o Convenient for workers and the company's management team to utilize .

o Information is more secure and manageable.

27
  Weaknesses:
o It's hard to upgrade the system.
o The model has not been optimized.

3. Design a maintenance schedule to support the networked system.

The purpose of maintenance is to prevent and reduce system failures so that the user's productivity
and profit may be increased. Can forewarn organizations of problems that may arise in a short period
of time, allowing them to prepare a backup plan and guaranteeing the most efficient administration
of the operating system. When the system has an issue that can't be fixed, make sure the device is
replaced. The software was checked, data was backed up, and fresh system software utilities were
installed.
Items that need to be maintained on a regular basis:

o Server maintenance

 Hardware cleaning
 Error handling – software update
 Improve the performance of the machine
 Data backup
 Specifying records and maintenance time.
o Workstation maintenance

 Check the configuration, antivirus software of the workstation when connecting to the
server
 Back up and store important documents to devices to avoid loss or upside during
maintenance
 Optimize system software, applications, and garbage removal.
 Make sure the applications are running normally.
o Network maintenance

 Configure the network for machines to access the system

 Check network cable systems
 Layout of server diagrams and connected machines in accordance with technical standards
 Check and test the cable network system to confirm if the transmission speed is in line
with the requirements

4. Recommend potential enhancements for the networked systems.

Although the network architecture has been improved, it is still relatively basic and might fail if a
critical device breaks. as a result, the network structure can be enhanced further in the future:
 add routers to increase redundancy
 add redundant servers
 upgrade to private network

28
 bandwidth update
 add a security system

29
30