Professional Documents
Culture Documents
Proposed ANB Multi Domain Solution
Proposed ANB Multi Domain Solution
Proposed ANB Multi Domain Solution
solution
Report
11/14/2017
Contents
1. Introduction
1.1 Background of the organization
1.2 Scope of the project
3. Design
3.1 Network design
3.2 Proposed Machine layout
3.3 Connecting of the network together
3.4 Plan for deployment of workstations
3.5 DNS records
3.6 Plan for updates and patches
3.7 DFS replication
3.8 Intranet
3.9 Encryption
3.10 Testing check list
3.11 Performance standards and quality expectations
3.12 Threat model
3.13 Threat management Plan
3.14 Develop security policies
3.15 Project plan
3.16 Design auditing and incident response procedure
3.17 Switch hierarchy
3.18 VLANs
4. Implementation
4.1 Installation plan
4.2 System maintenance
5. Maintenance
5.1 Backup plan
5.2 System maintenance
5.3 Disaster recovery
Scenario
Aussie Nuts and Bolts (ANB) is a leading distributor of stainless steel nuts and bolts. We
operate from Welshpool in Western Australia. We have grown significantly in the last two
years and now wish to open another site in Adelaide and Melbourne John Jones, the
companys new IT manager, recently replaced the companys infrastructure at Welshpool and
we now have a streamlined Server environment.
To set up a network and give recommendations on equipment to use in replacement for the
out of date equipment that is currently being used at Aussie Nuts and Bolts (ANB) . Training
may need to be planned for the staff to learn how to use the programs and how to operate the
programs to pass this knowledge on to their clients.
-Delivering a consistent computing environment to users from any computer when their
desktop or laptop computer is unavailable or in scenarios where users are not assigned a
specific computer.
-Minimize data loss by enabling centralized backup of user data and configuration files by the
organization.
-Eliminate the need to manually configure user settings, install applications, or transfer user
files to provide users access to their computing environments on any computer.
Design a solution where users dont have an assigned computer but log on to any available
computer in a pool of computers. This helps reduce hardware and administration costs.
Easing the IT task of implementing centralized backup of user files while satisfying need for
these ANB states that is imperative that all new technology is sustainable and scalable. Allow
for data to be shared at the various sites and to allow for redundancy
We wish to have a system that is resilient and will not fail on a single point of failure.
Allowing users to continue working efficiently in intermittently connected or disconnected
scenarios by enabling uninterrupted access to user and configuration data under these
conditions.
We will monitor the System for 2 weeks after installation; we can make an agreement to
monitor/fix up issues outside of this time for a monthly fee. What this project doesnt include
We will not alter the building We will not provide internet we can recommend an internet
provider
Its going to be important to connect to the server from more than the one location this will
make the server more accessible from Aussie Nuts and Bolts (ANB). The computers will
need to be able to log in on any computer and have access to the network, have access to the
internet, emails and complete other functions that are a requirement for the works to complete
their job.
Disaster recovery data availability and plan Improved stability and availability Enforce health
policy Delegate control Back-ups Efficient use of bandwidth plan will need to be come with
to ensure the sharing of the data between the servers is acceptable due to the replication of the
files these files will need bandwidth A solution will need to be come up with to resolve the
issues in relation with additional security measures. Measures will need to cover files for
managerial files financial department and the design department to ensure the security of the
designs that are being manufactured.
There will need to be a virtual connection to the server so that it can be accessible off-site so
that the server can be fixed by a third party that isnt working at Aussie Nuts and Bolts
(ANB) if Aussie Nuts and Bolts (ANB) contracts someone else to maintain the network they
will be able to access the server easily and make the changes that are needed.
Budget
The budget is limited to 300,000 dollars for the new servers and for equipment upgrade in
each of the 5. The timeline for this project is 3 at each location months which is when the
clients want to start operation the upgraded network.
The internal and external users within the network will have to log into the hypervisor
which is being hosted on the IIS server this server will be located at each site Perth
Melbourne, Perth and Adelaide which will require a log in external users will require a access
licence. The users within ANB will share the resources located within the ANB network
The bare mental servers will have access to both the external and internal network that is
created for the client computers that is used to set group policies for the computers within the
network used to enforce rules within the network. The bare metal servers will have two NIC
network interface cards.
This will give access to the servers for the network administrator the other machines that the
server is hosting will be on a different network and will not be able to see this machine to
ensure that the server is secure from the employees with in the network.
Below is the IP reservation for devices within the network at the location of: Perth
Below is the IP plans for the physical and virtual servers located in: Perth
DC-2
PER -BM-2 Reserved Storage
Operating systems on the server and programs to be saved here 150GB
Company data 250GB
User storage 500GB
File server
PER-BM-3 Reserved Storage
Operating systems on the server and programs to be saved here 150GB
Company data 250GB
User storage 6x 1T drives 6T
Below is the IP plans for the physical and virtual servers located in: Melbourne
Machine Network IP Subnet Network class
Gateway 192.168.100.0/192.168.10.0 192.168.100.254/192.168.10.254 255.255.255.0 C
Router
MEL-BM-1 192.168.100.0 192.168.100.201 255.255.255.0 C
MEL -VM-1 192.168.10.0 192.168.10.200 255.255.255.0 C
MEL -VM-2 192.168.10.0 192.168.10.201 255.255.255.0 C
MEL -VM-3 192.168.10.0 192.168.10.202 255.255.255.0 C
MEL -BM-2 192.168.100.0 192.168.100.202 255.255.255.0 C
MEL -VM-1 192.168.10.0 192.168.10.203 255.255.255.0 C
MEL -VM-2 192.168.10.0 192.168.10.204 255.255.255.0 C
MEL -VM-3 192.168.10.0 192.168.10.205 255.255.255.0 C
MEL -BM-3 192.168.100.0 192.168.100.203 255.255.255.0 C
MEL -VM-1 192.168.10.0 192.168.10.206 255.255.255.0 C
Site Manager 1
Sales 1 6
HR 0 2
ICT 0 1
Marketing 0 1
Design 0 0
Finance 1 2
Production 0 0
Other staff 10
DC-2
MEL-BM-2 Reserved Storage
Operating systems on the server and programs to be saved here 150GB
Company data 250GB
User storage 500GB
File server
MEL-BM-3 Reserved Storage
Operating systems on the server and programs to be saved here 150GB
Company data 250GB
User storage 6x 1T drives 6T
Below is the IP plans for DHCP pool and network device located in Adelaide
DC-2
ADE-BM-2 Reserved Storage
Operating systems on the server and programs to be saved here 150GB
Company data 250GB
User storage 500GB
File server
ADE-BM-3 Reserved Storage
Operating systems on the server and programs to be saved here 150GB
Company data 250GB
User storage 6x 1T drives 6T
Below is the IP plans for DHCP pool and network device located in London
Below is the IP plans for the physical and virtual servers located in: London
DC-2
LON-BM-2 Reserved Storage
Operating systems on the server and programs to be saved here 150GB
Company data 250GB
User storage 500GB
File server
LON-BM-3 Reserved Storage
Operating systems on the server and programs to be saved here 150GB
Company data 250GB
User storage 6x 1T drives 6T
Below is the IP plans for DHCP pool and network device located in Singapore
Below is the IP plans for the physical and virtual servers located in: Singapore
DC-2
SIN-BM-2 Reserved Storage
Operating systems on the server and programs to be saved here 150GB
Company data 250GB
User storage 500GB
File server
SIN-BM-3 Reserved Storage
Operating systems on the server and programs to be saved here 150GB
Company data 250GB
User storage 6x 1T drives 6T
The network users at each location will have limited access to the network, the users will
need to log into the network through the intranet. Located on the intranet there will be
eligible programs that can be accessed on the network. The server will require multiple NICs
this will allow multiple connections to multiple networks ensuring security of the server and
assets in addition of offering a platform in which allows the sharing of information on the
network. In addition to the use of layer 3 switches enforcing VLANs within each location
will ensure the security and confidentiality of potentially sensitive/critical information that
may be related to business services.
Below is an example of the DNS records seen by the DNS manager snap in
3.7 Intranet
Intranet will be hosted at each location Perth, Adelaide, Melbourne, London and Singapore
this will be located on bare metal server number two virtual machine number two at each
location. With fail over clustering enabled at each location this will allow the constant uptime
of the Intranet in the event of a server is brought down for maintenance or outage it will be
replace by an alternative server at the closest location. A forward lookup zone will need to be
created in the DNS manager to covert the web-address to an I.P. address. Reserve look-up
can be configured to look up the users connecting to the network.
The reason for this is in the event someone tries to hack into the network the hacker is stuck
in the hosting server creating a container in which the user is unable to penetrate further into
the network the server will be locked on the VLAN 99 this is the VLAN set for
administration of the network.
Perth \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\PE-FS-1\Production \\Corp-data\PE-
Acme.local 1\CEO 1\Design 1\Directors 1\Finance 1\HR 1\I.T. 1\Marketing FS-1\Sales
Adelaide \\Corp-data\ADE- \\Corp-data\ADE- \\Corp-data\ADE-FS- \\Corp-data\ADE-FS- \\Corp-data\ADE- \\Corp-data\ADE- \\Corp-data\ADE-FS- \\ADE-FS-1\Production \\Corp-data\ADE-
Acme.local FS-1\CEO FS-1\Design 1\Directors 1\Finance FS-1\HR FS-1\I.T. 1\Marketing FS-1\Sales
Melbourne \\Corp-data\MEL- \\Corp-data\MEL- \\Corp-data\MEL-FS- \\Corp-data\MEL-FS- \\Corp-data\MEL- \\Corp-data\MEL- \\Corp-data\MEL-FS- \\Corp-data\MEL-FS- \\Corp-data\MEL-
Acme.local FS-1\CEO FS-1\Design 1\Directors 1\Finance FS-1\HR FS-1\I.T. 1\Marketing 1\Production FS-1\Sales
London \\Corp-data\LON- \\Corp-data\LON- \\Corp-data\LON-FS- \\Corp-data\LON-FS- \\Corp-data\LON- \\Corp-data\LON- \\Corp-data\LON-FS- \\Corp-data\LON-FS- \\Corp-data\LON-
UK.ANB.local FS-1\CEO FS-1\Design 1\Directors 1\Finance FS-1\HR FS-1\I.T. 1\Marketing 1\Production FS-1\Sales
Singapore \\Corp-data\SIN- \\Corp-data\SIN-FS- \\Corp-data\SIN-FS- \\Corp-data\SIN-FS-1\ \\Corp-data\SIN-FS- \\Corp-data\SIN-FS- \\Corp-data\SIN-FS- \\Corp-data\SIN-FS- \\Corp-data\SIN-
SIN.ANB.local FS-1\ CEO 1\Design 1\Directors Finance 1\HR 1\I.T. 1\Marketing 1\Production FS-1\Sales
3.10 Encryption
Encryption can be used to secure data prevent the information being stolen its impossible to
make a plan that is completely bullet proof but trying find a balance between the security of
intellectual data without hindering the use of the computers ability for ease of use. Windows
provides an encryption feature this will give you a key which can be then exported to a server
a virtual server which can be turned off to avoid the keys from being stolen.
Encryption can be used to secure data on USBs and on laptops the certificates can be
exported to a server that stores the keys to the encryption for a later date and shut down to
limit the access to these keys. The designs the financial documents and managerial
documents. To encrypt whole drives can seriously affect the use of the performance of the
device.
Kerberos encryption
Creates and certificate that is used to authenticate the client/server can be transferred and
installed by user, users with certificate can gain access to the documentation Kerberos has
disadvantages however ideally should be paired with other encryption methods.
IPsec encryption
Encrypts the data/packets in transit within the network and outside the network for secure
communications. IPsec tunnel mode transport adds additional encryption to the packet this is
done within the router without the encryption key on the router on the other side it will not be
able read the packets being received. When being sent back the packet will receive an
additional layer of encryption.
Network baseline is used to measure and rate the performance of a network. To have a
baseline the server needs to go undergo testing and reporting of physical connectivity,
network utilization, protocol usage, peak network usage and averages throughput of the
networks usage.
Once this information is collected this can be used to help identify problems with speed,
accessibility and vulnerabilities within the network. With this information future needs and
upgrades will be highlighted to assist in ensuring that the system is working at peak
performance.
Performance should be regularly reviewed on an ongoing basis reports created to ensure that
the network is working as designed. The network can be continuously tweaked to ensure that
the system is getting the most out of the physical machines this creates a benchmark cycle.
See below for a performance check list to get the most out of ANBs network
Phishing emails Education offered to staff Not much can be done technically other
then inform the users of the networks of
what to look for and threats to the network.
Keylogging/Trojans UTM/firewalls/Switches Creating additional granularity maximizing
the likelihood of countering the threat.
Back-doors Firewall Will restrict access unless access is given as
a rule inside router.
Theft/ unauthorised sharing of information Encryption/Auditing Computers/devices without the encryption
certificate installed will not have access to
the document if encrypted with Kerberos.
Auditing can be used to track the access of
certain files located on the network.
Network outage Backup supply of power/UPS
uninterruptable power supply/surge
protectors
Group policies can be used to ensure that the passwords are changed regularly and lock-out
policy this can be donthrough organization units. These can be changed to restrict access to
parts of the computer such as control panel.
Auditing policy
Audit policies can be used to record the uses accessing potentially sensitive material such as
the financial documents of a business or logging into the server. Auditing files can be used so
that the user accessing sensitive files and shared with unauthorized users can be caught.
The security log records when users perform certain actions, this enables administrators the
ability of monitoring of the network. This can be used through event viewer this tool can be
used to monitor the login to the server as well as the users accessing certain files. This leaves
a trail of who accessed what file when and in the event of a malware attack it is documented
when and where.
A member in the ANBs I.T. department will be given the responsibility of being in charge of
the auditing on a rotating basis. It isnt enough to set up Auditing it must also be checked on
an ongoing basis to ensure that the resources being supplied by the company ANB is being
used as per plan.
Perth
50 Production/Service Delivery
55
60
65
70
75
80
85
90
99 I.T./ Administrative
100 Testing
Switch number VLAN 99 HR Management Design department Administration Purchasing Sales Production I.T./ Administrative
Administrative
1 back bone Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 25 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
2 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
3 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
4 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
5 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
6 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
7 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
8 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
9 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
10 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
11 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
12 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
13 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
50 Production/Service Delivery
55
60
65
70
75
80
85
90
99 I.T./ Administrative
100 Testing
Switch number VLAN 99 HR Management Design department Administration Purchasing Sales Production I.T./ Administrative
Administrative
1 back bone Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 25 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
2 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
3 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
4 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
5 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
6 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
7 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
8 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
9 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
10 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
11 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
12 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
13 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
Reserved uses
VLAN #
5
10 HR Management
15 Design departments
20 Administration
25 Information Services
30 Purchasing
35 Sales
40 Production
50 Production/Service Delivery
55
60
65
70
75
80
85
90
99 I.T./ Administrative
100 Testing
Switch number VLAN 99 HR Management Design department Administration Purchasing Sales Production I.T./ Administrative
Administrative
1 back bone Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 25 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
2 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
3 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
4 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
5 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
6 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
7 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
8 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
9 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
10 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
11 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
12 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
13 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
Reserved uses
VLAN #
5
10 HR Management
15 Design departments
20 Administration
25 Information Services
30 Purchasing
35 Sales
40 Production
50 Production/Service Delivery
55
60
65
70
75
80
85
90
99 I.T./ Administrative
100 Testing
Switch number VLAN 99 HR Management Design department Administration Purchasing Sales Production I.T./ Administrative
Administrative
1 back bone Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 25 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
2 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
3 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
4 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
5 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
6 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
7 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
8 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
9 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
10 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
11 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
12 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
13 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
50 Production/Service Delivery
55
60
65
70
75
80
85
90
99 I.T./ Administrative
100 Testing
Switch number VLAN 99 HR Management Design department Administration Purchasing Sales Production I.T./ Administrative
Administrative
1 back bone Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 25 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
2 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
3 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
4 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
5 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
6 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
7 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
8 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
9 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
10 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
11 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
12 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
13 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
5
10 HR Management
15 Design departments
20 Administration
25 Information Services
30 Purchasing
35 Sales
40 Production
50 Production/Service Delivery
55
60
65
70
75
80
85
90
99 I.T./ Administrative
100 Testing
Switch number VLAN 99 HR Management Design department Administration Purchasing Sales Production I.T./ Administrative
Administrative
1 back bone Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 25 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
2 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
3 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
4 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
5 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
6 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
7 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
8 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
9 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
10 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
11 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
12 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
13 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
See below is a table that lists what is required this table includes the delivery time of the
Talk to customer about TO DO Duration in day(s)
Research 5
hardware/software
Create report 14
Configure servers 7
needed
Sign off 1
Total 84
Comments
Phase 1
Below is a table with a few tests used to test the
Testing After the purchasing of the electronic devices they are tested individually before being brought together network
offsite
Connecting the network Combining of the devices/equipment together the creation of shares and permissions testing prior to
together installation then brought down New cables will need to be tested before setting
Final set-up Bringing everything onsite after the tests are ran and passed to ensure minimal hiccups in the installation of up the network to ensure they are working
the equipment
making it easier than going back after
everything is plugged in to find the issue.
Tests to run Comments The data and emails will need to be transferred
Cabling Use cable tester to test for damage to the wire prior to installing
onto the new email addresses that will be set up
for ANB, as well as the migration of data
Test connection Ping NIC, domain, DNS already on the server which will needed on the
Trace route on routers
new server this may take some time if not
Wireshark Test the internal traffic weeks if its done slowly the migration and the
phasing out of the older server and the eventual
Test permissions After creating shares try to access shares without permissions turning off of the old server can be done with
minimal effect on the workers working at ANB.
Programs will need to be installed on the client computers, there will need to be a data base done to record all the computers softwares and
which software key is on which computer. The period that the licences end should also be recorded to make sure that you are not using a product
that is out of licence and violating the licencing agreement of using the software.
Environmental conditions are an important part of the Installation of equipment to make sure the environment doesnt damage the expensive
equipment and to protect the equipment from dust and moisture. Another important part of the Installation plan is to ensure the safety of the
equipment once delivered and installed.
Use the network design plan with the equipment and start placing equipment in the places where is plotted on the visual map. By using trolleys
and correct manual handling technique to minimise the chances of damaging the workers back.
The wires are strapped together to stop the wires from clumping up and the wires crossing over each other and creating a mess. The wires would
run through pipes in the wall so that the wires arent being tripped over by people that pass by. After setting up the computer network the servers
settings should be checked so that the programs will automatically update minimising the need for it to managed as much as if it wasnt already
set up.
Start the migration of data slowly migrating the data and the setting up of the server so not to affect the current network.
Its important to have a security/back-up policy detailing of things of what to do in case of a disaster and information needs to be recovered.
After each full back up notes/descriptions are made on form to be filled out by authorised personnel. The anti-virus software should be updated
as regular as possible
and scanned regularly each day scanning the areas most likely to be at risk. Partial virus scans should be done at lunch every day in the areas
that are most used there should be scanned there should be a full scan every night when no one is using the server as this could affect more
people and making the server slower. There should also be a firewall located on the server to not only protect the server from the outside risks of
viruses but the risks that pose from other people having access to internal computers.
A backup schedule will need to be made and the data should be backed up to more than the one copy in the event of losing the device there are
other places where the data is stored. The data should be stored in a secure location as data can be really important for a business. The devices
should be kept in a well-ventilated room away from any electronic or magnetic signals, away from excessive heat or humidity this will protect
the device from damage. There should also be copies offsite in case of an event of a fire.
Electrical equipment should be absent from moisture as much as possible limiting the chances of water getting into power boards and other
electronic circuits. The whole computer network shouldnt be based on the one circuit multiple circuit boards should be used limiting the
downtime and potential losses from computers not monitoring production.
Portable hard drives should be separated and stored away from high voltage items/ magnets/large tapes as these creates a magnetic field which
can disrupt the data stored on the devices which can result in the loss of data. Electrical equipment should have ventilation and stored in a cool
environment to stop the build-up of hazardous substances. I would also recommend having a backup USB internet dongle/modem that can be
used in the event that the internet goes out this can be used to back up information a temporary fix until the internet is put back in place.
There should be a schedule made for checking the computer every day when not being used either before work or after work to completely scan
the computer for viruses which take because you want the antivirus scanner to go through the computer/server. You should also set the antivirus
system to update when there are available updates to make sure youre as safe as you can possibly be by keeping your system as up to date as
possible.
Software should be monitored within a database to ensure that the business complies with the conditions of use of the software provided.
Databases should include which computer has which software and licence number. The details of the software should be kept in this database
including the expiry and which computer has which licence making sure that the software isnt installed more than the allocated amount.
Reminders can be set to pop up when a software licence key has been expired to remind the operator of business to renew or replace the software
used in that circumstance.
Once the server is set up with windows server update service (WSUS) which is a computer program used to update the Microsoft computers
regularly once new updates come available to the public. The server will have a virus scanner to protect it from attackers from the outside world
who may wish to steal the data or just to damage the computer system itself.
The server would download updates for the anti-virus and other essential software needed for the operation of a business/organisation such as the
ANB on which the computers that it had control over would then be sent the software updates and then installed rather than each computer doing
it individually. By doing this it limits the chances of mistakes its all automatic. This is set up along with while the server is being set up to get it
beyond the period of purchasing the network to make sure the server and network doesnt just break down as the system has stopped being
worked on.
The Disaster Recovery Plan is a managed document. For identification of amendments each page contains a release number and a page number. Changes will
only be issued as complete replacement. Recipients should remove superseded versions from circulation. This document is authorised for release once all
signatures have been obtained.
PREPARED: Date: - -
(for acceptance) I.T. Manager
ANB
ACCEPTED: Date: - -
(for release) Disaster Recovery Report
5.0 Internal
5.1 Account security
5.2 Password
5.3 Encryption
7.0 Requirements
Risk management focuses on what can go wrong and implementing strategies that can deal with the future risks that are possible or likely to
happen during the life of the project roll-out/production environment.
Depatment Function
HR Management -Hiring
-Firing
-Awards & enterprise bargaining
-Pay rates and conditions
-Maintenance of employee records
Design departments Drawings/designs of the current parts in production along with the future prototypes of ANB.
Administration Clerical and record keeping tasks reception, filing and retrieval, mail
Information Services Maintenance of IT infrastructure and associated processes Acquisition of new equipment, backup
of data, maintenance of network, help desk, security measures in place for network.
Purchasing -Acquiring assets, the purchasing of additional servers, computers UTMs etc
-Disposing of assets such as aged computers
-Licence numbers for software/computers
-Practical asset management (in association with accounting)
-Buying goods/services required by the organisation to deliver its services or make its product/s
Sales -Supply of the product to the customer, banking information and potential confidential details.
Production/Service Delivery -Making ANB products and delivering the services the organisation is concerned with
Depatment Function
Design departments -Drawings/designs of the current parts in production along with the future prototypes of ANB.
-work related emails
Production/Service Delivery -Making ANB products and delivering the services the organisation is concerned with
-Delivery of units
-Work related emails
What is a back-up?
A backup refers to copying of a physical or virtual file to a secondary device or site for preservation in the event of a equipment failure, fire or
other unforeseen catastrophes. Back-ups can be executed in different ways depending on the goal and the disaster recovery plan. Back-ups can
be done remotely and automatically.
The security log records when users perform certain actions, this enables administrators the ability of monitoring of the network. This can be
used through event viewer this tool can be used to monitor the login to the server as well as the users accessing certain files. This leaves a trail of
who accessed what file when and in the event of a malware attack it is documented when and where.
Hardware auditing
Software such as (Spiceworks) can be used to do audits of devices this ensures that each device has the right licences allocated to that device,
these licences are not being used on multiple devices simultaneously using the plans/paperwork is a good way to keep track of the components
and software within each device.
Stateful filtering
Looks inside every packet more expensive option, more thorough option
Hardware failure Computers can fail at any time at ANB and can have a significant effect on the Uninterruptable power supply (UPS) / RAID/ MIRROR/ hyper-V replica/ fast
productivity of ANB to function its important that each department at each replacement of parts/ Power generator
location to be able to talk to each other as the products are being produced at
multiple locations simultaneously.
Telecommunications and Power Outages ANB need to have contingency plans in the event of power outages such as Uninterruptable power supply (UPS) / Power generator /VOIP phone
back-up power generators and uninterruptable power supply. The effect for a
business not prepared for an event like this can put production to a halt and the
loss of serious money potentially lives of workers working in the production
line at ANB.
As part of a package to some virus/scanners Administrators can be emailed in real time when threats appear such as suspicious activity to give
the Administrator time as much possible to breach the potential security breach. The server would download updates for the anti-virus and other
essential software needed for the operation of a business/organisation such as the ANB on which the computers that it had control over would
then be sent the software updates and then installed rather than each computer doing it individually. By doing this it limits the chances of
mistakes its all automatic. This is set up along with while the server is being set up to get it beyond the period of purchasing the network to
make sure the server and network doesnt just break down as the system has stopped being worked on.
ANB faces issues of information being accessed by someone who is unauthorized to use it for potential financial gain/sharing information with
third party such as a competitor or insider trading. This can be addressed through adding compartmentalisation within the business to limit
access on a strictly need to know basis giving people enough information privileges required to do their job nothing more.
One of the technological advancements is wireless access to the internet this requires a log in username and a password can be set to clamp down
on access to the network from unauthorised users of the network. People can use their own devices to take advantage of the wireless network and
can be used to connect to the network; this is harder to enforce security/policies.
Wireless frequencies as much as this can be a significant advantage in accessing information around the workplace of sharing information and
accessing of files this information needs to be secured. This information can be accessed through accessed through different frequencies the
main issue with this is simply having an insecure password that can be easily guessed through a password that lacks complexity
See below for available frequencies that can be connected through to electronic devices.
In a networking environment there are many types of firewalls these firewalls include
Types of firewalls Description
Application/Proxy firewalls Proxy service is a method in which information on the internet is retrieved by the firewall and sen to
the desired location and vice versa.
Stateless/Packet filtering Stateless this is achieved through the filtering of traffic using set filters others that are not wanted or
4.3 Intrusion detection alarm
required are discarded. Allowing access from certain ports denying access from others.
Stateful filtering Looks inside every packet more expensive option, more thorough option Some antivirus systems such as Trends
Hardware firewalls These devices are built for the primary reason for the protection of a network these devices are called
business solution can send out emails to inform
UTM (Universal Threat Management) devices they have great granularity and can do many things
simultaneously they range in cost from hundreds to tens of thousands. the systems administrator in the event data is
Software being transferred, or any suspicious activity that
These Firewalls are included in routers and on your computer these Firewalls are less powerful and
can do significantly much less then a UTM (Universal Threat Management) device.
may being done on the network. This gives the
administrator notification in real time so the Administrator has more time to deal with a potential internal or external threat to ANBs system.
4.4 VLANs
Usage of VLANS (Virtual LANS) in addition to increased use of switches are a good security measure to ensure the compartmentalisation and limiting the
access of programs such as packet sniffing or Wireshark that attempt to intercept traffic within the network of the business.
H Rated as High
low N D C A
Likelihood
medium D C B A
high C B A A
A Mitigation actions to reduce the likelihood and seriousness to be identified and implemented as soon as the project
commences.
B Mitigation actions to reduce the likelihood and seriousness to be identified and appropriate actions implemented during
project execution.
H Rated as High
low N D C A
Likelihood
medium D C B A
high C B A A
Grade (combined
Likelihood and
Assessment of
Assessment of
Seriousness)
Seriousness
Likelihood
<R> Natural disaster: Flood From a large amount of Floors raised in server room and Every 3 months Before installation of In this scenario it is -I.T. Manager Loss of time :1 week Immediately after the
rain falling in a short keep electronic devices off the server ensure there is highly important to fact or when safe to do
time, overwhelming the ground where possible. drainage to the protect data from water In dollars:1000s so
storm water system, LOW MED MED outside world, keep as it could affect the
causing inundation. wires maintained network and its
devices.
R1 Electronic: This could have an affect Have complicated passwords, the use Every 6 months Regularly change Administrators should -I.T. Manager Loss of time : 1-2 hours Immediately after the
External/Internal attacks on ABNs ability and of firewalls and VLANs and virus passwords to the be emailed in the event -ANB I.T. employee fact or when safe to do
to ANBs network potentially can be used to scanners wireless, keep the of a breach, network In dollars:UNKNOWN so
access the network LOW C HIGH passwords secret. should be scanned and
threat can be addressed
R2 Power outage Without power the server Have alternative methods of Every 6 months UPS will ensure that If prevention strategies -I.T. Manager Loss of time :1-7 day(s) Immediately after the
and all other operations powering the network UPS/back-up the server is are followed the -ANB I.T. employee fact or when safe to do
stop instantly generator in place. constantly being network should still be In dollars:1000s so
supplied power. back- available for use
up will follow this
LOW A HIGH followed by back-up
power supply brought
online
R3 Hardware failure: Computers can fail at any Uninterruptable power supply (UPS) Every 3 months Ensure that there is The server/hardware -ANB I.T. employee Loss of time : 1-2 hours Immediately after the
Hard drive down time at ANB and can / RAID/ MIRROR/ hyper-V replica/ high availability will need to be fact or when safe to do
have a significant effect fast replacement of parts/ Power through network addressed this will In dollars:100s so
on the productivity of generator balancing and fail come at a cost but if the
ANB to function its over clustering are network is set up
important that each LOW C HIGH functioning and are correctly the outages
department at each enabled will be minimal. Switch
location to be able to talk out the hard drive with
to each other as the a spare.
products are being
produced at multiple
locations simultaneously.
R4 Telecommunications Telecommunications is Use a combination of methods of Every 12 months Telecommunication In the event of an -I.T. Manager Loss of time : 1-2 hours Immediately after the
outages an essential part of ANB communication through VOIP, methods and outage from a service -ANB I.T. employee fact or when safe to do
working in a cost Landlines and mobile phones alternatives should be provider the redundant In dollars:UNKNOWN so
effective and efficient LOW C HIGH through different providers in place before being communications
way. in operation. methods are brought
online.
<P> Natural disaster: IT Manager/ ANB -Have a meeting with the team responsible for the network -Racks Every 3 months When possible
Flood I.T. employee -Check UPs to ensure that power is being supplied to the network devices -Benches to do so
-Ensure back-up has been taken place -Drainage system
-Power up back-up generator
- Turn off non-essential devices
R1 Electronic: IT Manager/ ANB -Isolate affected network if possible/ disconnect from network -Antivirus software Every 6 months When possible
External/Internal I.T. employee -Run antivirus/malware software to eliminate the threat -Data backup solution to do so
attacks to ANBs -Scan all systems to detect any further threats
-Identify where the threat came from
network
-Update/upgrade the relevant software
-Securely backup all data
R2 Power outage IT Manager/ ANB Identify what component is missing, and what function it serves -UPS Every 6 months When possible
I.T. employee Research alternative sources to acquire components -Data back-up policy to do so
Continue with any work that doesnt require that component -Power generator
Identify what caused the equipment no to arrive on schedule
R3 Hardware failure: IT Manager/ ANB -Identify the broken device on inspection -Bare metal server Every 3 months When possible
Hard drive down I.T. employee -Find a spare piece of hardware to switch the old server out -Spare hard drive to do so
R4 Telecommunications IT Manager/ ANB -Have a meeting with the team responsible for the network -VOIP phone Every 12 months When possible
outages I.T. employee - Have a meeting with the team responsible for the network -VOIP directory for each to do so
-Bring online the VOIP network locations
- Give out alternative directory -Mobile phone
<P> Specific software is needed to complete server configuration This software should have -Benches Immediately after the fact or when safe to do so
been delivered earlier into development -rack server
P5 Physical Protection -server rack Immediately after the fact or when safe to do so
-Dedicated server room
-Security measures (locks, etc.)
P6 Natural disaster: Flood Keep cabling protected and electronic devices off the floor -Drainage system within server room Immediately after the fact or when safe to do so
-Isolate cabling from any water source if
safe to do so
P7 Natural disaster: Fire this should be planned for and prevented against using fire protection -Firefighting equipment Immediately after the fact or when safe to do so
and dedicated fire safe server room
6.2 Password
Passwords of users should be updated regularly this can be set through group policy with
mixed characters, with an expiry within a certain period of time to ensure that passwords are
regularly being changed so that in makes these authorised accounts are less likely to be
accessed. This is paired with auditing of specific network files and encryption.
6.3 Encryption
ANB needs to have its data encrypted to ensure the security of the information and
confidentially of the business taking away the users access from the documentation whilst not
on a specified computer. Multiple keys/certificates can be used one public; one private both
required to read the specified files a function of this is included in specified UTM devices. To
limit the chances of packets being intercepted a VPN can be used can be gained through a
Internet service provider or ISP this ensures security, reduces cost and control of remote
devices/sections of the business. Dark lines can be used at a premium these lines have less
users their speed are greater because off these lines have less users they tend to be private and
used mainly by businesses and corporations who have security concerns those who dont
want be part of the general publics traffic.
7.0 Data protection
What is a back-up?
A backup refers to copying of a physical or virtual file to a secondary device or site for
preservation in the event of a equipment failure, fire or other unforeseen catastrophes. Back-
ups can be executed in different ways depending on the goal and the disaster recovery plan.
Back-ups can be done remotely and automatically.
Disadvantages of back-ups being stored on the network is that if there was a hardware failure
the data on the network will be significantly harder to be accessed then the other back-up
alternatives.
B. Media back-ups
The storage of the sensitive data/backups should be stored off site where its less likely to get
damaged in case of a fire. Important to make sure the devices are kept away from the heat
and shouldnt be left in a damp environment where it could damage the disks. Once a month
the data should also be saved to the cloud to make save the data and give it another layer of
protection. There should be more than the one copy of backups which should be locked away
as the data may be sensitive and important to keep this safe.
Disadvantage of this is the device unless stored correctly or in a safe place can be accessed by
unauthorized users which can then be passed on to competition or can be used in cases of
insider trading.
C. Cloud
Cloud services can be purchased through providers, this gives an additional layer on
protection of the data. This data can be accessed by people at each location the log in
information for this would have be to recorded in the event that this information needs to be
accessed in the event of an emergency. The log in information will to be kept purely on a
need to know basis but needs to be simple enough for it not to effect its ease of access.
The disadvantage of cloud storage is, that it requires a significant amount of internet usage
that can potentially cripple the productivity within the business in the event of a disaster and
wanting to download and apply this to the network.
The ideal back-up plan would have a combination of one or more of these stored at strategic
locations.
7.3 RAID
What is a RAID?
RAID stands for Redundant Array for Inexpensive Disk, in general a RAID-enabled systems
used multiple hard disks to improve the performance of the server to increase the level of
redundancy and tolerance for a machine.
The data that is being processed is being shared on all disks so in the event of a disk being
damaged the system will self-heal, the other disks will take up the slack created from the hard
drive that is down.
The advantage of this is it gives the network administrator more time to fix a potential broken
or corrupt hard drive and increases the availability of the server that is essential in ANBs
ability to function.
Signed ___________________________________________
We used the business requirements and specifications to create a system network and a
maintenance plan. The system is installed and set up we believe that we have done everything
that was required in the original agreement. We are able to come past once a week for two
weeks to ensure the system is working as originally designed and to make sure theres no
errors and make sure things are going smoothly for the business.
The system that has been purchased will require the system to be maintained and updated. A
qualified person will be need to monitor the server from time to time to ensure its doing what
it was originally intended to do. We would be able to service the equipment if required for a
monthly fee for one call out a month any more then that call out will cost 50 dollars as a call
out fee and will be charged 50 dollars an hour until the issue is fixed. The system will need to
be serviced from time to time and this is a cheaper alternative then hiring someone who may
not know the system as well as the people that have created it. We can also provide services
to update the software installed on the computers and servicers.
After a period of 6 months when the people are used to using the network and error at this
point the users will give feedback to the managers on the good and the bad about the network.
The review will be used to make improvements to the current software if needed and plan to
fix the downfalls in the current system.