Introduction
The world of technology has become increasingly complex and interconnected, requiring businesses to implement a secure network infrastructure to protect their data from malicious attacks and unauthorized users. The analysis of the RMC network will be based on the concepts studied in the CompTIA Network+ course, which covers topics such as network topology and network devices, IP infrastructure, and network security. These topics will be used as a basis for the analysis of the RMC network, as they are essential to constructing and securing a proper network. By following the guidelines in this proposal, RMC can create a secure network infrastructure that will provide them with the protection they need to keep their data safe and secure.
Section 1: Topology and Network Devices
Topology
The most popular network topology is a star topology and is the best choice for RMC due to its scalability and secure connection for each device on the network. In a star topology, the central device is responsible for receiving and sending data to each device on the network, which allows for easy scalability and provides a secure connection (Bistouni & Jahanshahi, 2017). Additionally, the star topology allows easy maintenance and troubleshooting, making it the best choice for an extensive network with 500 users.
Internal Components
The first internal networking component required is a router. A router helps to connect networks, manage traffic and provide security. It is a fundamental device for any network and is essential for RMC’s future growth plans. The router should be able to support many users and the increased traffic that this will bring. A router can also help protect against malicious attacks, as it filters out suspicious data and blocks unwanted connections.
The next internal networking component required is a switch. A switch extends the LAN and allows more users to be connected to the network (Lowe, 2020). It is essential for RMC to choose a switch that can handle many users with minimal latency and packet loss. The switch should also be able to provide additional security features such as port security, access control lists, and isolation.
The final internal networking component required is a server. A server is essential for providing shared resources to the network, such as printers, folders, and other resources (Namara et al., 2020). It should be powerful enough to handle the expected increased traffic and number of users in the next 12 months. Additionally, the server should be equipped with a robust security system to protect against malicious attacks.
External Components
The first external networking component required is a firewall. A firewall protects a network from malicious attacks by filtering out suspicious data and blocking unwanted connections (Bistouni & Jahanshahi, 2017). It should be configured to protect against both internal and external threats and should be able to handle a large amount of traffic and users. Additionally, the firewall should be regularly monitored and updated to ensure optimal security.
An intrusion prevention system (IPS) is the second external networking component required. An IPS monitors the data traffic entering and leaving a network and can detect and block suspicious traffic. RMC needs to choose an IPS that can detect a wide variety of attacks and block malicious traffic before it can enter the network. Additionally, the IPS should be regularly monitored and updated to ensure optimal security.
A virtual private network (VPN) is the third external networking component required. A VPN allows users to securely access the network from outside locations (Namara et al., 2020). RMC needs to choose a VPN that is secure and reliable. It should also be able to scale to the number of users expected in the next 12 months. Additionally, the VPN should be regularly monitored and updated to ensure optimal security.
Cryptography
Cryptography is essential for securing data and protecting critical information from unauthorized access. One of the most common methods of cryptography is symmetric-key cryptography. Symmetric-key cryptography is a widely-used type of cryptography that uses a single key to encrypt and decrypt data (Lee et al., 2019). Symmetric-key cryptography is ideal for RMC because it provides a secure and reliable way to encrypt and decrypt vital data. Using this cryptography, RMC can ensure that its data remains secure and confidential.
Network Protocols
Network protocols are essential for communication between computers on a network. The network protocols used on the RMC LAN will include the Internet Protocol (IP), Transmission Control Protocol (TCP), and User Datagram Protocol (UDP). IP is the primary protocol used to route data on the internet and is responsible for addressing and routing data packets. TCP is a reliable protocol for stream-oriented data, such as webpages, email, and file transfers. UDP is used for faster, connectionless data transfer and for applications that require low latency, such as real-time video streaming. These protocols are essential for communication on the RMC LAN and will ensure that data is transferred quickly and securely between computers on the network.
Network Capability
Connect All Users to Company Resources
The first step to ensuring that the network can connect all users to company resources is to identify the resources that need to be connected, such as printers, scanners, and other items. Once the resources have been identified, the next step would be to create a network topology to determine how they will all be connected. Additionally, the network topology should include wireless access points to allow for wireless access to the resources.
Provide File-Sharing Options
Once the network topology has been established, the next step is to provide file-sharing options. This can be done by creating a centralized file server that securely stores the company’s files and resources. The server can then be configured to allow users to access the files through a file-sharing protocol, such as SMB or NFS. Additionally, the server can be configured to allow for remote access so that users can access the resources from anywhere.
Manage Resources in a Central Location
The next step is to manage these resources in a central location. This can be done by creating a centralized management console to manage all of the resources on the network. This will allow administrators to manage user access, set up user accounts, and monitor network activity (Zhang et al., 2019). Additionally, the console can be used to set up policies and rules for the network, such as data encryption and authentication requirements.
Allow for Internal Users to Access the Internet
Finally, the network should be configured to allow internal users to access the internet RMC should establish an internet access policy that allows only authorized users to access the internet. This could include implementing a secure web proxy server that limits access to certain websites or setting up user authentication and access control systems to restrict access to certain websites and content (Kobayashi et al., 2019).
Allow External Vendors to Access the LAN Remotely
For external users (vendors) can use virtual private network to access the LAN remotely. RMC should also implement an authentication and authorization system to ensure that only authorized vendors can access the LAN. Sherazi et al. (2019) argues that the network should be configured to allow for secure remote access, such as SSH and SFTP, so users can securely access the network from outside the network.
Budget Estimation for Star Topology
The hardware cost is the most significant portion of the budget. The switch and routers are necessary for the network to function properly, and the access points will allow for wireless access throughout the building. Additionally, the firewall will provide a layer of security to protect the network from external attacks. The software cost is less than the hardware cost but is still necessary for a properly functioning network. The network monitoring and management software will allow for the monitoring of the network. The estimate of star topology is shown in the table 1 below.
Table 1: Budget Estimation
Section 2: IP Infrastructure
IP Structure
An IP structure is essential for any network, especially for a network that is expected to grow to 500 users soon. The IP structure for RMC should include static, DHCP, and proper IP class assignment to ensure that the network is configured correctly and securely. It is necessary to ensure that the IP range chosen does not overlap with any other networks to prevent traffic routing issues (Azad et al., 2020). When setting up DHCP, choose an IP range not already used on the network to avoid conflicts.
The IP class assignment should also be considered when designing the IP structure for RMC. It is essential to choose an IP class that will accommodate the number of network users connected and any future growth (Jiang, 2019). For example, if the network supports 500 users, the IP class should be set to Class C, which can accommodate up to 254 IP addresses. This will allow the network to scale as the company grows and will ensure that the company’s data is secure.
Remote Access Plan
Establishing a virtual private network (VPN) connection is the first step in ensuring secure and efficient remote access to the network. A VPN connection creates a secure tunnel between the user’s device and the network, allowing for secure data transmission (Namara et al., 2020). This ensures that the transferred data is encrypted and secure and that users can access the network without exposing their data to potential attackers.
Two-factor authentication should also be set up to secure the remote access process (Namara et al., 2020). Two-factor authentication adds an extra layer of security to the remote access process by requiring users to provide their username and password and the second form of authentication, such as a security code sent to their phone. According to Kobayashi et al., (2019), this adds an extra layer of protection against unauthorized access.
Access restrictions should also be implemented to make sure the network can be accessed by authorized users only. This can be done through user permissions, IP filtering, and other security measures (McLaughlin, 2023). User permissions can be used to restrict access to certain users, while IP filtering can be used to block access from known malicious IP addresses (Restuccia & Melodia 2019). Other security measures, such as firewalls, can be used to secure the remote access process further.
Finally, remote access should be monitored to ensure that only authorized users are accessing the network and that the access is being used for legitimate purposes only. This can be done through network monitoring and logging software, which can provide a detailed view of the activity on the network. This will detect any suspicious activity and help ensure that only authorized users access the network.
Section 3: Security
Secure Access Control Plan
Generating a secure access control plan for all internal users is essential for protecting the company’s data. The plan should include a viable password policy, which includes complexity, duration, and history requirements. The password policy should consist of complexity requirements, which means that passwords must contain a combination of upper and lowercase letters, numbers, and special characters (Restuccia & Melodia 2019). Tchernykh et al. (2019) argue that this will make it more difficult for attackers to guess passwords and will help to keep the network secure. The password policy should also include a duration requirement, which means that passwords must be changed periodically (Zhang et al., 2019). This helps to ensure that passwords are kept up to date and that attackers cannot access the network with expired passwords.
Malicious Attacks Protection Plan
Protecting the network from malware and various malicious attacks is essential to secure the company’s data. The plan should focus on preventing, detecting, and responding to malicious attacks. This plan should include the implementation of antimalware software such as virus scanners, firewalls, and intrusion detection and prevention systems (Bistouni & Jahanshahi, 2017). Firewalls can be used to prevent malicious traffic from entering the network, while antivirus software can be used to detect and block malicious files.
The second step in the plan should be detection. This can be done through network monitoring and logging software, which can provide a detailed view of the activity on the network. This will allow for detecting any suspicious activity and help detect malicious attacks promptly (Sherazi et al., 2019). The final step in the plan should be the response. This can be done through incident response plans, which outline the steps that should be taken in the event of a malicious attack. By implementing these steps, the company can ensure that the network is secure and that any malicious attacks are detected and responded to promptly.
Discussion and Implications
The implications of this study are numerous and far-reaching. First, it is clear that the implementation of a secure, properly designed network is essential for the growth and protection of RMC’s digital assets. Second, this study has highlighted the importance of a comprehensive security plan that includes robust access control measures, secure remote access methods, and a comprehensive malware prevention plan. Additionally, it is imperative that RMC take proper steps to protect its vital data and ensure that it is encrypted to the highest standards. Finally, a detailed IP structure must be in place to handle the company’s future growth, including an appropriate IP Class assignment, DHCP, and static IPs. Overall, this study has provided RMC with a comprehensive plan for ensuring the security of its digital assets and for enabling its future growth.
Conclusion
In conclusion, implementing the proposed secure network infrastructure plan by RMC will protect their network from malicious attacks and unauthorized users. The proposed topology, network devices, cryptography, protocols, and IP structure will provide RMC with the foundation for a secure and reliable network. Furthermore, the proposed remote access plan, access control methods, and plan to protect the network from malicious attacks will ensure that the company maintains the highest levels of security. By following the suggested guidelines in this proposal, RMC can create a secure and reliable network that will allow them to meet their growth needs and protect their data from external threats.
References
Azad, M. A., Alazab, M., Riaz, F., Arshad, J., & Abullah, T. (2020). Socioscope: I know who you are, a robo, human caller or service number. Future Generation Computer Systems, 105, 297-307. Web.
Bistouni, F., & Jahanshahi, M. (2017). Remove and contraction: A novel method for calculating the reliability of Ethernet ring mesh networks. Reliability Engineering & System Safety, 167, 362-375. Web.
Jiang, S. (2019). Marine internet for internetworking in oceans: A tutorial. Future Internet, 11(7), 146. Web.
Kobayashi, S., Otomo, K., & Fukuda, K. (2019). Causal analysis of network logs with layered protocols and topology knowledge. In 2019 15th International Conference on Network and Service Management (CNSM) (pp. 1-9). IEEE. Web.
Lee, C., Kim, S., & Ryu, H. (2019). FDVRRP: Router implementation for fast detection and high availability in network failure cases. ETRI Journal, 41(4), 473-482. Web.
Lowe, D. (2020). Networking for dummies. John Wiley & Sons.
McLaughlin, P. (2023). The past, present and future of cabling technologies, products and standards. Cabling Installation & Maintenance. Web.
Namara, M., Wilkinson, D., Caine, K., & Knijnenburg, B. P. (2020). Emotional and Practical Considerations Towards the Adoption and Abandonment of VPNs as a Privacy-Enhancing Technology. Proceedings on Privacy Enhancing Technologies, 2020(1), 83–102. Web.
Restuccia, F., & Melodia, T. (2019). Big data goes small: Real-time spectrum-driven embedded wireless networking through deep learning in the rf loop. In IEEE INFOCOM 2019-IEEE Conference on Computer Communications (pp. 2152-2160). IEEE. Web.
Sherazi, H. H. R., Iqbal, R., Ahmad, F., Khan, Z. A., & Chaudary, M. H. (2019). DDoS attack detection: A key enabler for sustainable communication in internet of vehicles. Sustainable Computing: Informatics and Systems, 23, 13-20. Web.
Tchernykh, A., Cortés-Mendoza, J. M., Bychkov, I., Feoktistov, A., Didelot, L., Bouvry, P.,… & Borodulin, K. (2019). Configurable cost-quality optimization of cloud-based VoIP. Journal of Parallel and Distributed Computing, 133, 319-336. Web.
Zhang, C., Patras, P., & Haddadi, H. (2019). Deep learning in mobile and wireless networking: A survey. IEEE Communications surveys & tutorials, 21(3), 2224-2287. Web.