UNIT 11: BUILD A SMALL NETWORK

INTRODUCTION

LESSON 1- NETWORK
DESIGN

topics LESSON 2- NETWORK

SECURITY

LESSON 3- BASIC
NETWORK PERFORMANCE
LESSON 4- NETWORK
TROUBLESHOOTING
 introduction
At Contoso, we empower organizations to
foster collaborative thinking to further drive
workplace innovation. By closing the loop and
leveraging agile frameworks, we help business
grow organically and foster a consumer-first
mindset.​

20XX presentation title 3

network
design
- is the practice of planning and designing a communications network.
Network design starts with identifying business and technical requirements and
continues until just before the network implementation stage (when you actually do
the work to deploy and configure what was designed). Network design includes
things like network analysis, IP addressing, hardware selection, and
implementation planning. In simple networks, like those found in most homes and
small offices, network design is a straightforward process. In large enterprise
networks, the network design process is often very complex and involves multiple
stakeholders.
Network planning and design is an iterative process, encompassing topological
design, network-synthesis, and network-realization, and is aimed at ensuring that a
new telecommunications network or service meets the needs of the subscriber and
operator.
There are four types of network design, these are:
* Local Area Network (LAN) 
Local area network (LAN), is categorized as either peer-to-peer or client-server. On a client-server local
area network, multiple client-devices are connected to a central server, in which application access, device
access, file storage, and network traffic are managed.
* Wide Area Network (WAN) 
Wide area network (WAN), is a form of wireless network. The larger size of a wide area network compared
to a local area network requires differences in technology. Wireless networks of different sizes deliver data
in the form of telephone calls, web pages, and video streaming.
* Wireless Local Area Network (WLAN)
Wireless local-area network (WLAN), is a group of collocated computers or other devices that form a
network based on radio transmissions rather than wired connections. A Wi-Fi network is a type of WLAN.
* Storage Area Network (SAN)
A storage area network (SAN) or storage network, is a computer network which provides access to
consolidated, block-level data storage. SANs are primarily used to access data storage devices, such as
disk arrays and tape libraries from servers so that the devices appear to the operating system as direct-
attached storage.
The Importance of a Network Design

 Strong Networks Mean Scalability

 Improved Service Levels
 Cost-effective LAN Design
 Security of Networks
Designing a network step by step
- Now that we understand the basics of a network lifecycle model, let’s take a step-by-step look at the
process of designing a network infrastructure. While the specifics of your network design will vary based on
size and complexity, this general framework can help you make the right decisions.
1. Identify the requirements
Before you begin any network design project, begin by gathering information and developing clear business
and technical requirements. Without clearly defined targets, the rest of the design falls apart.
When you create your requirements, don’t overlook constraints. For example, business requirements will
have a budget constraint. Technical requirements may have constraints such as the need to continue
supporting legacy apps.
2. Assess the current state of the network
Chances are, in most networks you’re not starting with a clean slate. Sometimes that’s a good thing that
makes life easier, other times it can complicate a project. For example, if all the structured cabling is already
in place, that’s one less thing to worry about. However, if all that’s in place is Cat5 cable and you need
Cat6A to support 10GBaseT, the existing cabling now becomes an issue to deal with.
Whatever the state of the network is, it’s important you know early in the design process. You need to
assess the network’s current state before you make any specific design recommendations. At the end of
this step, you should understand the network layout, performance, data flows, applications & services on
the network, network security, and physical and logical layout.
Some of this can be achieved by reviewing existing network diagrams, policies, and monitoring tools. In
other cases, you’ll need to use automatic network mapping tools and security scanners to get the full
picture.
3. Design your network topology
Once you know your requirements and understand the current state of your network, you can begin
blocking out the functional components of your network. During this step, you’ll need to consider
both the physical and logical aspects of your network.
When it comes to physical network design, you’ll need to address things like:
• Running copper and fiber cabling
• Number of switch ports required
• Wi-Fi access point positioning
• Rack layout
• Cooling and power
Logical network design deals with things like:
• IP addressing/subnetting
• VLANs
• Data flows
• Network topology
At the end of this step, you should be able to create a static map of the physical and logical
network you’re designing.
Top 5 network design best practices
Now that we have a framework to follow, let’s take a look at some network design best practices
for making better decisions throughout the process.
1. Integrate security early on
- There is a reason the idea of “shifting security left” has become so popular in the DevOps world:
it works. By making security a priority from the beginning of the project, you’re less likely to have
gaps in your security posture. You’re also more likely to improve your overall network performance
because security won’t be inefficiently shoehorned in after most decisions have been made.
Treat security requirements with just as much priority as performance requirements and spec
them into a project early on. Ideally, we should all have a “security is everyone’s responsibility”
mindset, but in practice that isn’t always the case. It’s usually a great idea to have a security-
focused stakeholder(s) involved in the project end-to-end.
2. Know when to use top-down vs bottom-up
- In most cases where you’re starting from scratch, top-down design is the “better” choice. By
designing top-down, you focus on the business requirements and maximize your chances of
getting it right.
However, there are many networks design projects where the resource and time investment in
going top-down just doesn’t make sense. For example, if you’re already familiar with an
organization’s overall business requirements and simply need to expand a network or increase
bandwidth, bottom-up can be much more efficient.
3. Standardize everything
- If it can be standardized, standardize it. It will make troubleshooting, patching, maintenance, and
asset management drastically easier in the long run.
Here are some examples of things you can and should standardize:
• Hostnames (e.g., printer5.office2. lan3)
• Hardware models
• IP address schemes
• Cable colors (e.g., one color for VoIP, one for data, etc.)
• Security policies
4. Plan for growth
- Network bandwidth consumption today isn’t going to be the same a year from now. You have to
consider how much you expect bandwidth consumption to increase over the lifecycle of the
network, and design with that expectation in mind.
5. Create and maintain network documentation
- Missing, stale, or incomplete network documentation is a major source of tech debt, wasted
time, and added frustration. Do your future self — or your friendly neighborhood network
administrator — a favor and make sure your network design and implementation deliverables
include layer 1-3 network maps. Then, once they’re created, be sure to maintain them going
forward.
Network Design Concepts:
Good Network Design
- Good network design follows long-established principles like hierarchical design and
information hiding. Basic network protocols exhibit this through data encapsulation.
Lower layers hide their operation from the upper layers, allowing changes in the lower
layers to not impact the upper layers (i.e., applications).

Network Design strategy

- Strategic Network Design is a quantitative supply chain model that aligns the supply chain
infrastructure (production-distribution network or supply-delivery network) with customer
requirements and the business strategy and optimizes the infrastructure based on Total
Cost to Serve.

Required for Network Design

- When it comes to network design, there are four critical considerations that you need to
take into account if you want a network that is reliable, secure, and runs smoothly. These
include embedded security measures, standardization of software and hardware,
network resiliency, and redundancy.
The Characteristics of Network Design

 Fault Tolerance- A fault-tolerant network is one that limits the number of devices that are impacted by
faults, as the Internet will fail at times.

 Scalability- is the ability of a network to cope with increasing workloads in a cost-effective and
sustainable way, by expanding the network's bandwidth capacity and supporting its physical expansion
to new development areas.

 Quality of Service (QoS)- is a set of technologies that work on a network to guarantee its ability to
dependably run high-priority applications and traffic under limited network capacity. QoS technologies
accomplish this by providing differentiated handling and capacity allocation to specific flows in network
traffic.
 Security- Network security design is the process of designing a network so that it includes measures
that prevent the problems mentioned in the previous sections. As you might imagine, this is no easy
task. The number of permutations for each area are numerous, and constantly increasing. This makes
it difficult to imagine a comprehensive solution. Fortunately, there are a number of ideas that can
improve your chances of success.
Example of Network Design
Network Security
- protects your network and data from breaches,
intrusions and other threats. This is a vast and overarching term that
describes hardware and software solutions as well as
processes or rules and configurations relating to network use,
accessibility, and overall threat protection.

14
The types of Network Security Devices
Firewall
Antivirus
Intrusion Detection System (IDS)
Network Device Backup and Recovery
Content Filtering Devices
Email Security Gateways
Unified Threat Management
VPN Gateways
Wireless Intrusion Prevention and Detection System (WIDPIS)
Proxy Server
Network Access Control (NAC)
Proxy Server
Spam Filter
Web Filter
Network Load Balancer (NLB)
 

15
Network Security Management Tools
 Firewall- one of the most widely used security technologies, and they may be
deployed at several network layers.

 Antimalware- a software, detects, removes, and/or prevents malware from infecting

a computer and, as a result, a network.

 Intrusion Detection and Prevention System- unauthorized access attempts are

detected and flagged as potentially harmful by an Intrusion Detection System (IDS),
but it does not eliminate them.

 VPN- a Virtual Private Network (VPN) is a program that encrypts data and send it
through a public, less secure network using tunneling protocols.

 Cloud-Based Security Tools- cloud providers frequently provide security

technologies that allow businesses to delegate part of their security responsibilities to
them.

16
Network Security five Vulnerabilities to look out for:

1. Malware- typically delivered via email, Malware requires the user to click a link or open
a file in order to execute an attack.
2. Viruses- known for their ability to quickly “infect” other files on a disk or computer. Once
a virus gets into your network, it spreads like wildfire, impacting many system
components.
3. Spyware- as the name implies, Spyware spies on what you’re doing on the computer. It
then collects and sells that data to third parties, typically cyber criminals, with no regard
for
how the data will be used.
4. Phishing- phishing attacks are designed to steal sensitive data. This attack will
impersonate real websites, organizations, and people and appear legitimate with the
intent
to get you to click on the URL or reply. In 2019, 32% of breaches involved phishing.
5. DDoS- Distributed Denial of Service (DDoS) attacks occur when servers and networks
are flooded with traffic. The goal is to overwhelm them with so many request that the
system becomes inoperable and ceases to function. In 2019 alone, there was a 967%
increase in DDoS attacks.

17
How to Ensure Network Security?
• With a colossal surge in cyber-attacks and high reliance on technology in this digital age,
ensuring the security of data and information have become a daunting task. Cyber threats are
accelerating significantly even faster than the enhancements businesses are making.
Computer networks have become bigger and their interconnectivity using a Wide Area Network
(WAN) is worldwide due to globalization. It is hard for current IT security solutions to prevent
cyber-attacks. According to Symantec’s 2019 Internet Security Threat Report (Volume 24),
Form jacking attacks compromised 4800+ websites almost every month. Supply chain attacks
also increased by 78% in 2018. Furthermore, more than 70 million records were also leaked or
stolen due to poor configuration of S3 buckets.

18
What is Network Security?
• SANS institute defines Network Security as the preventative measures taken to safeguard network
infrastructure from unauthorized access, modification, malfunction, misuse, improper disclosure or
destruction of data.
Why Network Security is Needed?
• There is a significant need for network security in a computing environment to protect data and
information from unauthorized users. There are three key components of any network security that must
be in place. These are Confidentiality, Integrity, and Availability, also known as CIA triad. Confidentiality
ensures that the data is not intercepted by hackers when it is being transmitted on a network. Integrity
makes sure that data is not changed, damaged, or manipulated during the transmission over a network.
Availability is also a security service that ensures that the systems and devices are available only to
authorized parties.

19
• What are the Significant Network Security Attributes?
There are a lot of practices that must be applied by organizations in order to prevent attacks on a network.
The following sections elaborate on these practices in details.
Network Security Policy: Network security policy is a written document that stipulates the access
privileges and limitation of authorized users. This essential document also describes the network security
measures that should be taken periodically. For example, the occasional carrying out of risk assessment
tests and disaster recovery plans.
Password Policy: The password policy emphasizes that the password should not be very simple and
associated with a user’s name and his/her birth specification. Instead, it should be strong enough to thwart
password attacks such as Dictionary attacks, Rainbow Tables, or Brute-force attacks. A strong password
should consist of at least 8 characters that involve upper- and lower-case letters, special characters, and
numbers. In addition, employees should be obligatory to change passwords every three months or 90 days.

20
Using a Multilayer Security: Multilayer security is the act of securing the network with a combination of
multiple security tools such as the deployment of antivirus program, firewalls, and intrusion detection
system simultaneously.
Deploying SIEM: Security Information and Event Management or SIEM, in accordance with the Gartner, is
a security tool that supports threat detection and incident response through the real-time collection and
historical analyses of events from multiple events and data sources. SIEM helps organizations to secure
networks and prevent threat actors from infiltrating the network by alarming analysts through security
alerts. Therefore, SIEM should be a part of a corporate network security system.

Keeping Network Up-to-Date: Threat actors often find loopholes in corporate network security by
capitalizing the older versions of the operating system, software, device drivers, or network devices. To
prevent this situation from happening, organizations must run a timely update to keep their operating
systems, device drivers, software applications, and other critical tools up-to-date.

21
Providing Training to Employees: Human is the weakest link in any network. That’s why hostile actors
carry out social engineering and phishing attacks against humans. However, businesses should conduct a
training program for employees to educate them against potential threats and proactive measures to avert
these threats. For example, the users should be prevented to use social networks, torrents, or unwanted
downloads during the office time.
Physical Precautions: Ensuring the physical security of network infrastructure is also essential. For
example, DNS server, data server, and other critical systems and network devices should be placed at a
secure facility where physical controls such as mantrap and biometric locks must be deployed.
Cryptography and Wi-Fi Security: The data must be encrypted before sending it to other places over a
network. Wi-Fi network should also be secured with digital certificates. Conclusion This research article is
based on ensuring network security in.

22
The 5 types of security:
- Cybersecurity can be categorized into five distinct types
- Critical infrastructure security.
- Application security.
- Network security.
- Cloud security.
- Internet of Things (IoT) security.
The elements of network security:
- The CIA triad refers to an information security model made up of the three main components:
confidentiality, integrity and availability. Each component represents a fundamental objective of
information security. And this are the following elements of network security: Firewall, cybersecurity,
encryption, information security, access control, authentication, data privacy, data loss prevention
software, gateway, authorization, spyware, and DDoS mitigation.

23
Basic Network Performance is measured in two fundamental ways: bandwidth
(also called throughput) and latency (also called delay).

The bandwidth of a network is given by the number of bits that can be

transmitted over the network in a certain period of time.
Bandwidth in Bits per Seconds: It refers to the number of bits per second that a
channel, a link, or rather a
network can transmit. For example, we can say the bandwidth of a Fast Ethernet
network is a maximum of 100 Mbps, which means that the network can send 100
Mbps of data.

Note: There exists an explicit relationship between the bandwidth in hertz and the
bandwidth in bits per second. An increase in bandwidth in hertz means an
increase in bandwidth in bits per second. The relationship depends upon whether
we have baseband transmission or transmission with modulation.

24
Network Performance of a network pertains to the measure of service quality of a network as perceived by
the user. There are different ways to measure the performance of a network, depending upon the nature and
design of the network.
The characteristics that measure the performance of a network are:
Bandwidth Throughput Latency (Delay) Bandwidth – Delay Product Jitter BANDWIDTH One of the most
essential conditions of a website’s performance is the amount of bandwidth allocated to the network.
Bandwidth determines how rapidly the webserver is able to upload the requested information. While there are
different factors to consider with respect to a site’s performance, bandwidth is every now and again the
restricting element. Bandwidth is characterized as the measure of data or information that can be transmitted in
a fixed measure of time. The term can be used in two different contexts with two distinctive estimating values.
In the case of digital devices, the bandwidth is measured in bits per second(bps) or bytes per second. In the
case of analogue devices, the bandwidth is measured in cycles per second, or Hertz (Hz). Bandwidth is only
one component of what an individual sees as the speed of a network. People frequently mistake bandwidth
with internet speed in light of the fact that internet service providers (ISPs) tend to claim that they have a fast
“40Mbps connection” in their advertising campaigns. True internet speed is actually the amount of data you
receive every second and that has a lot to do with latency too. “Bandwidth” means “Capacity” and “Speed”
means “Transfer rate”.
More bandwidth does not mean more speed. Let us take a case where we have double the width of the tap
pipe, but the water rate is still the same as it was when the tap pipe was half the width. Hence, there will be no
improvement in speed. When we consider WAN links, we mostly mean bandwidth but when we consider LAN,
we mostly mean speed. This is on the grounds that we are generally constrained by expensive cable
bandwidth over WAN rather than hardware and interface data transfer rates (or speed) over LAN.

25
Bandwidth in Hertz:
It is the range of frequencies contained in a composite signal or the range of
frequencies a channel can
pass. For example, let us consider the bandwidth of a subscriber telephone
line as 4 kHz.

Bandwidth in Bits per Seconds:

It refers to the number of bits per second that a channel, a link, or rather a
network can transmit. For
example, we can say the bandwidth of a Fast Ethernet network is a maximum
of 100 Mbps, which means
that the network can send 100 Mbps of data.

26
Note: There exists an explicit relationship between the bandwidth in hertz and the bandwidth in
bits per second. An increase in bandwidth in hertz means an increase in bandwidth in bits per
second. The relationship depends upon whether we have baseband transmission or
transmission with modulation.
THROUGHPUT is the number of messages successfully transmitted per unit time. It is
controlled by available bandwidth, the available signal-to-noise ratio and hardware limitations.
The maximum throughput of a network may be consequently higher than the actual throughput
achieved in everyday consumption. The terms ‘throughput’ and ‘bandwidth’ are often thought
of as the same, yet they are different. Bandwidth is the potential measurement of a link,
whereas throughput is an actual measurement of how fast we can send data. Throughput is
measured by tabulating the amount of data transferred between multiple locations during a
specific period of time, usually resulting in the unit of bits per second(bps), which has evolved
to bytes per second (Bps), kilobytes per second (Kbps), megabytes per second (Mbps) and
gigabytes per second (Gbps). Throughput may be affected by numerous factors, such as the
hindrance of the underlying analogue physical medium, the available processing power of the
system components, and end-user behavior. When numerous protocol expenses are taken
into account, the use rate of the transferred data can be significantly lower than the maximum
achievable throughput.

27
Let us consider: A highway which has a capacity of moving, say, 200 vehicles at a time. But
at a random time, someone notices only, say, 150 vehicles moving through it due to some
congestion on the road. As a result, the capacity is likely to be 200 vehicles per unit time and
the throughput is 150 vehicles at a time.

Example: Input: A network with bandwidth of 10 Mbps can pass only an average of 12, 000
frames per minute where each frame carries an average of 10, 000 bits. What will be the
throughput for this network?

Output: We can calculate the throughput as- Throughput = (12, 000 x 10, 000) / 60 = 2 Mbps
The throughput is nearly equal to one-fifth of the bandwidth in this case. For the difference
between Bandwidth and Throughput, refer.

28
LATENCY- In a network, during the process of data communication, latency (also known as delay) is
defined as the total time taken for a complete message to arrive at the destination, starting with the time
when the first bit of the message is sent out from the source and ending with the time when the last bit of
the message is delivered at the destination. The network connections where small delays occur are
called “Low-Latency-Networks” and the network connections which suffer from long delays are known as
“High-Latency-Networks”.
Propagation Time: It is the time required for a bit to travel from the source to the destination.
Propagation time can be calculated as the ratio between the link length (distance) and the propagation
speed over the communicating medium. For example, for an electric signal, propagation time is the time
taken for the signal to travel through a wire.
Transmission Time: is a time based on how long it takes to send the signal down the transmission line.
It consists of time costs for an EM signal to propagate from one side to the other, or costs like the training
signals that are usually put on the front of a packet by the sender, which helps the receiver synchronize
clocks. The transmission time of a message relies upon the size of the message and the bandwidth of the
channel.

29
Queuing Time: is a time based on how long the packet has to sit around in the router. Quite frequently
the wire is busy, so we are not able to transmit a packet immediately. The queuing time is usually not a
fixed factor; hence it changes with the load thrust in the network. In cases like these, the packet sits
waiting, ready to go, in a queue. These delays are predominantly characterized by the measure of
traffic on the system. The more the traffic, the more likely a packet is stuck in the queue, just sitting in
the memory, waiting.
Processing Delay: is the delay based on how long it takes the router to figure out where to send the
packet. As soon as the router finds it out, it will queue the packet for transmission. These costs are
predominantly based on the complexity of the protocol. The router must decipher enough of the packet
to make sense of which queue to put the packet in. Typically, the lower-level layers of the stack have
simpler protocols. If a router does not know which physical port to send the packet to, it will send it to all
the ports, queuing the packet in many queues immediately. Differently, at a higher level, like in IP
protocols, the processing may include making an ARP request to find out the physical address of the
destination before queuing the packet for transmission. This situation may also be considered as a
processing delay.

30
Bandwidth – DELAY PRODUCT Bandwidth and delay are two performance measurements
of a link. However, what is significant in data communications is the product of the two, the
bandwidth-delay product.
Jitter- is another performance issue related to delay. In technical terms, jitter is a “packet
delay variance”. It can simply mean that jitter is considered as a problem when different
packets of data face different delays in a network and the data at the receiver application is
time-sensitive, i.e., audio or video data. Jitter is measured in milliseconds (MS). It is defined
as an interference in the normal order of sending data packets. For example: if the delay for
the first packet is 10 MS, for the second is 35 MS, and for the third is 50 MS, then the real-
time destination application that uses the packets experiences jitter.

31
Network Performance Measures

Latency: usually implies the minimum possible delay. Latency assumes no queuing and no
contention encountered along the path.

Goodput: {measured at the receiver} the rate in bits per second of useful traffic received. Goodput
excludes duplicate packets and packets dropped along the path.

Fairness: either Jain’s fairness or max-min fairness is used to measure fair treatment among
competing flows.

Quality of Service (QoS): a QoS measure accounts for importance of specific metric to one type of
application [e.g., jitter and playable frame rate for streaming media].
 

32
Performance Metrics Summary
 The three most general performance measures are: utilization, throughput, and response time.
 In computer networks, end-to-end delay is an important performance metric.
 Queuing models are used to analyze and estimate computer network performance.
Generic Performance Metrics
Utilization:
The percentage of time a device is busy servicing a “customer”.
Throughput:
The number of jobs processed by the “system” per unit time.
Response time:
The time required to receive the response of a request round-trip time (RTT).
Delay:
The time required to perform an operation.
 

33
Network Troubleshooting
- Network troubleshooting in the process of
measuring, identifying, and
resolving network -related issues.
It’s also defined as a logical process
network engineers follow to improve the
overall network operations.
Troubleshooting is a repetitive, rigorous,
and effective process that involves regular
analysis and testing of individual network
components to ensure smooth operations.
Network Troubleshooting Important
- Network troubleshooting is important as it helps IT managers understand
network component issues, reduce downtime, and improve the network's Quality
of Service (QoS) for users. With an effective and reliable network monitoring
system, it’s easier to troubleshoot issues, identify network slowdown quickly,
analyze latency metrics, trace packets, and more. Besides troubleshooting,
network monitoring systems also help manage network configurations and
monitor crucial metrics such as packet data and capacity to
ensure smooth business-critical operations.
Basic Network Problems Cable Problem
- The cable which is used to connect two devices can get faulty, shortened or can be
physically damaged.
Connectivity Problem: The port or interface on which the device is connected or
configured can be physically down or faulty due to which the source host will not be
able to communicate with the destination host.
Configuration Issue: Due to a wrong configuration, looping the IP, routing problem
and other configuration issues, network fault may arise and the services will get
affected.
Software Issue: Owing to software compatibility issues and version mismatch, the
transmission of IP data packets between the source and destination is interrupted.
Traffic overload: If the link is over utilized then the capacity or traffic on a device is
more than the carrying capacity of it and due to overload condition, the device will
start behaving abnormally.
Network IP issue: Due to improper configuration of IP addresses and subnet mask
and routing IP to the next hop, the source will not be able to reach the destination IP
through the network.
Basic network troubleshooting steps
1. Check for local connectivity issues: The first step in troubleshooting network errors is to check
cables, devices, switches, and routers for proper functioning. Teams can also try restarting devices
such as the modem, PC, and router to resolve simple network issues. Another issue could be LAN
connectivity. To identify and troubleshoot LAN connectivity issues, try to ping the destination IP and
check configuration settings and source host.

2. Rectify the duplicate entry of IP address: To check whether the computer is receiving a valid IP
address or not, type "ipconfig" in the command prompt. If the IP address starts with 169, it’s receiving
an invalid IP.

3. Perform a DNS check: To determine server issues, use command “nslookup.” Results such as
refused, timed out or server failure indicate the problem originates from the DNS server of the
destination URL.

4. Check malware protection: Check your malware protection tools to ensure they haven't flagged
any application, program, or settings affecting network performance. 5. Review logs: Reviewing logs
is also one of the best ways to identify and troubleshoot network performance outages and issues.
Logs provide elaborated information on each device, application, and program to help track the root
cause of the issues.
meet our team

NOVIE MAE B.
CYLYN JADE D. CHARIS FAITH A.
KYE JILL L. PUENE​ CASPE​
BARRIOS TAMAYO
member member member
member

38
thank you