PART 1- Designing wires-based networks: Key technical Goals and best practices:

1) Briefly define the 3 key technical goals in network design. User the format below:
 Technical Goal 1 (Scalability):
Defining (Scalability of Wired Network are not too much scalable especially in large
networks where network is required to design for more than 1000 network nodes.
Scalability issues of wired network can cause for various issues like higher network design
cost, availability, and management of wired network)
 Technical Goal 2 (Cost):
Defining (Wired network considered most cost occurred networks as laying of Ethernet
Cables, Installation of Patch Panels, Ethernet Sockets and laying of Ethernet Cable ducts are
factors those cause for higher cost of wired networks, further maintenance of Wired
networks also higher comparing to wireless networks)
 Technical Goal 3 (Security):
Defining (security of wired network is also important consideration with respect to
network design. Security of installed devices, unauthorized access, and physical access to
network devices are issues related to security of wired network.)

2) For Each technical goal above, discuss four(4) best practices in network design once can
use to reach that goal. Do not use a same best practice more than once in this exercise,
which means you should discuss a total of 12 different best practices. Use the format
below:
 Best practice # 1 for technical goal-Scalability (Use Ethernet Devices with
more number of Ethernet ports or with modular Design)
o Explain how your best practice # 1 improves technical goal 1 (Wired Networks are
considered complex for scalability comparing to wireless networks, as increase in number
of users required laying of cables, deployment of new devise, connectivity, and
management of more end users. Changing network devices repeatedly for meeting
network scalability is not good practice so it is recommend to installed network devise
with higher number of Ethernet ports or network devices those support for modular
design. Devices with modular design like (Huawei Layer 2 Switch 7703, help to insert
Ethernet ports card for increasing number of ports instead of replacing the switch.)
o If this is not a default best practice, briefly explain when it is recommended
(Normally in small to medium scale organization modules design devices are not
deployed, Network Devices with fixed ports are deployed like Layer2 Ethernet switches
with 8, 16, 32 ports. In case of network growth and increase in users, these installed
devices are required to replace that can cause for network downtime and increase cost as
well. It is recommend when it is expected to increase in network users very swiftly like
network in universities or large-scale business organization. Deployment of Modular
design network devices helps to meet network scalability requirement without replacing
devices.)
 Best practice # 2 for technical goal- Scalability (Laying of Extra Ethernet
Cables, keeping in view the future network requirements)
 o Explain how your best practice # 2 improves technical goal 1 (when Ethernet
Networks/Wired networks are going to design the most important aspects is future
network growth consideration, best practice is to lay extra Ethernet (Cat5, Cat6) cables
and leaving more connectivity ports in various offices to meet the future network
requirement. Leaning extra Ethernet socket on required places will help to manage the
future network growth without requirement of laying new Ethernet cables and installation
of new Ethernet sockets.)
o If this is not a default best practice, briefly explain when it is recommended
It is not a default practice in small to medium organization to leaving extra Ethernet
sockets and laying of extra Ethernet cables to meet the future requirement. Only Ethernet
Sockets and cables laid for the requirement network connections and in case of addition
of extra end user nodes laying of extra Ethernet Cable and installation of wall sockets
required to meet the requirement on emergent basis.
 Best practice # 3 for technical goal 1 (Redundant Connectivity for Internet
Services for provision of Internet Services)
o Explain how your best practice # 3 improves technical goal 1 (To meet the scalability of
wired network consideration of redundant Internet connectivity is also an important
consideration as the growth of network required the constant provisioning of network
without Internet services interruption. In wired network, all end users normally share the
internet services through wired networks so availability of redundant Internet Services
connectivity is recommend.)
o If this is not a default best practice, briefly explain when it is recommended
(It is consider as default best practice in business and IT organization for provisioning of
redundant Internet Services connectivity. however, in small-scale organization only for
connectivity with single Internet Services provider is availed that can cause for disruption
of Internet services to end users over Wired Networks)
 Best practice # 4 for technical goal 1 (Segregation of Network in diverse VLANs,
Instead of a combined network that can cause for broadcast storming)
o Explain how your best practice # 4 improves technical goal 1 (Another best practice to
meet the scalability issues of wired network is distribution of network into smaller
multiple LANs using VLANs. Instead of using a single network practice, it is recommend
distributing network into smaller network to prevent from broadcast storming. It is good
practice dividing entire network into segments by deploying layer 2 switches in various
departments that will help to reduce network broadcasts and ease of management.)
o If this is not a default best practice, briefly explain when it is recommended
(It is a default practice in large scale organization for managing scalability and
management issues of network, wired networks divided into smaller segments using layer
2 switched deployments in different departments of organization that helps for reduction
network broadcast storming and also to manage network efficiently and easily. For this
purpose VLAN technology is used for segmentation of wired network).
 Best practice # 1 for technical goal 2- Cost (Efficient Bandwidth Management
Using Load Balancer and Traffic Optimization Techniques)
o Explain how your best practice # 1 improves technical goal 1 (Bandwidth is considered
the most precious resource of network, so bandwidth utilization should must be
optimized in appropriate manners. When redundant links are attach it recommends to use
load balancer devices and various network optimization techniques for efficient
management of bandwidth utilization. Load Balancer devices helps to efficiently user of
bandwidth by load sharing on the connected ISP Links)
o If this is not a default best practice, briefly explain when it is recommended
 Normally it not default practice to deploying load balancer devices that caused for misuse
or wastage of bandwidth resources, cost can reduced through optimal bandwidth
utilization by deploying load balancer devices.
 Best practice # 2 for technical goal 2-Cost (Selection of appropriate technology
for network connectivity, Fiber or Copper Connectivity selection according
to network scenarios)
o Explain how your best practice # 2 improves technical goal 1 (Now a days, Optical fiber
communication considered most effective communication medium in data network due to
faster data transfer and least maintenance overheads. Selection of appropriate
communication medium in diverse network scenarios can help to reduce network design
cost. It recommend that with in building copper Cat5 or Cat6 cable laid for connectivity
of user node, but between various scattered network segments like in different building
laying of optical fiber cable can help to reduce the extra cost overheads)
o If this is not a default best practice, briefly explain when it is recommended
It is not a default practice, normally in Ethernet Networks Cat5 or Cat6 cables are use for
connectivity and communication medium. Within building it is feasible to lay Ethernet
cables but for connectivity of difference Network segment (different Departments) it is
recommended to use optical fiber connectivity as it provides fast communication and less
data losses compare to copper cable. Furthermore, Layer 2 switches with SFP optical
ports are available those helps to connect different network segments using optical fiber
patch cards.
 Best practice # 3 for technical goal 2 (Use of PoE (Power on Ethernet) Devices
for elimination of power consumption expenditures)
o Explain how your best practice # 3 improves technical goal 1 (Recent LAN technology
devices are incorporated with PoE (Power on Ethernet) technology in which power for
various deployed devices in network can provide power source using the same Ethernet
cable used for data transfer. Normally Ethernet Cat5 and Cat6 cable composed of 4
twisted pair (8 wires) from which only two twisted pairs are used for data communication
between devices. Remaining two twisted pairs in advance network devices used for
provision of power source to deployed network devices in network instead of
provisioning of separate power source for each device.
o If this is not a default best practice, briefly explain when it is recommended
It is not a default practice, when network devices are deployed PoE (Power on Ethernet)
option is not considered and power source for deployed network devices are required to
arrange separately that can cause for extra device and power consumption expenditures as
well.
 Best practice # 4 for technical goal 2 (Using one Ethernet Cat5/Cat6 cable for two
Network Wall Sockets Connectivity of User Nodes)
o Explain how your best practice # 4 improves technical goal 1 (Each Ethernet cable either
Cat5 or Cat6 used 8 wires and only four wires (two Twisted Pair) are used for one user
node connectivity and four wires from each wire get waste when connected a single
Cat5/Cat6 cable with one Network Wall socket. For cost reduction practice, it is a good
practice to use single Cat5/Cat6 cable for connectivity of two separate network wall
sockets. Using this practice laying for single Cat5/Cat6 cable for single PC and its cost
will eliminate and on a single Ethernet Cable two User Nodes can connected with Access
Layer Devices. )
o If this is not a default best practice, briefly explain when it is recommended
It is not a default practice and not used mostly, but for reduction network design cost it
can be a good practice to use 4 wasted wires of each Ethernet cable to connect another
user node. Straight Through Cables only used pin numbers 1,2,3, and 6 for data transfer
 so other RJ45 connector can use on these four wires for connectivity of another network
node.
 Best practice # 1 for technical goal 3-Security (Deployment of ACL for blocking
unauthorized Access to network devics)
o Explain how your best practice # 1 improves technical goal 1 (network functionality is
most important consideration and technical goal that is required to achieve and
unauthorized access to network devices can cause for network performance degradation
and network resources unfair utilization (Unfair Bandwidth Utilization). It recommends
to deploy efficient Access Control List policies for prevention from unauthorized access
to network devices and performance degradation. Appropriate resource distribution helps
to enhance network performance so keeping in view who is eligible for what type of
network resource and its appropriate configuration is necessary)
o If this is not a default best practice, briefly explain when it is recommended
Not a default practice, in small to medium size network, normally all users are allowed to
access all network resources like Internet Connectivity, Print Resources, Storage
Resources that can cause for network performance degradation issues.
 Best practice # 2 for technical goal 3 (Deployment of firewall and intrusion
detection system for prevention from attack and specially Denial of Services
attack)
o Explain how your best practice # 2 improves technical goal 1 (security is key
consideration in network design and key technical objective to achieve, Network
functionality and services availability to legitimate users can effect by hackers and
attackers. Denial of Services and Distributed Denial of services attacks caused for
making network services unavailable even for legitimate users and consumption of links
bandwidth. This key security consideration can achieved through appropriate deployment
of firewalls and intrusion detection system, those will make network more secure and
functionality with enhanced performance)
o If this is not a default best practice, briefly explain when it is recommended
It is almost a default practice and in every organization with medium to large scale
network firewalls and intrusion detection systems are deployed to prevent from external
and as well as from internal security threats.
 Best practice # 3 for technical goal 3 (Deployment of physical security of network
premises from unauthorized access)
o Explain how your best practice # 3 improves technical goal 1 (The most important
consideration with respect to network security is physical security of network devices
installed and security of server room, (NOC) Network Operation Centers from
unauthorized access. Keeping network room, server room, Network Operation Center
(NOC) is key technical aspect and objective of network design. Easily access to deployed
network device by unauthorized officials or visitors not recommended.)
o If this is not a default best practice, briefly explain when it is recommended
It is a default practice and on priority considered to make physical network secure from
unauthorized access to keep network secure and inaccessible from unauthorized peoples.
 Best practice # 4 for technical goal 3 (Backups and Disaster Recovery
Management to meet emergency situation, schedule backup practices considered
more efficient)
o Explain how your best practice # 4 improves technical goal 1 (To prevent from network
breakdown and to handle disaster recovery it is best practice to design an automatic
backup policy for all deployed network devices, like switches routers, and server. To
eliminate the increased downtime in case or any disaster and emergency all network
 devices should must configured with schedules backup policies. In case of any incident, it
becomes very easy to recover form network outage with in shorter recovery time.
Furthermore, a centralized backup and recovery system also considered more important
for disaster recover management. Redundancy in network devices like redundant server,
switches and router also a good practice to eliminate the long network outage )
o If this is not a default best practice, briefly explain when it is recommended
Not a default practice, most of the organization and network administrators neglect this
consideration and in case of any emergency or disaster, a long network down time has to
face. This practice recommended when client/server architecture services provisioned to
network users like web services, ftp services, network-printing services.

PART-2

Question No.1

Answer:

As investigation team reported in discovery and investigation of incident that a query from an
administrator’s account was generate to obtain count of rows but such query provides total number of
rows instead the content of the row. The investigation output shows that a query injection attack was
commence to obtain the network access. Reservation system is providing backend databases services to
its users that means it is running with a web service that provides the HTTP services to its users for
reservation. As remote Trojan virus also detected in system Marriott team, have to take action for
deployment of some efficient firewall and intrusion detection systems. For application layer security that
is more appropriate is provisioning a web application firewall (WAP) will provide more secure
mechanism for detection and mitigation of sql query and various types of injection attacks. Further Host
Base Intrusion system (HIDS) deployment will also help for detection of Remote Access Trojans (RAT)
and other various malware. If intrusion detection and antivirus solutions are already deployed, Marriott
team must have to consider either the virus signatures of HIDS systems and anti-virus are updated or
not.

Question No. 2:

Answer:

Network security controls helps for prevention, identification and mitigation of potential security
threated that can generate towards network. These security controls helps for provision of business
activities continuity by eliminating services disruption and disaster recovery etc. confidentiality and
availability are other security controls those related to unauthorized access and integrity of the
transferred data.

Security Control 1(Antiviruses): this type of security control help to meet the security vulnerabilities and
exploits caused by the malware (Malicious Software, Viruses, Worms, Spyware and malicious scripts).
Antiviruses applications are required to update on periodically and frequently basis. Outdated antivirus
signature database can cause for inefficient performance of antiviruses software.

Security Control 2(Traffic Anomaly Detector/Traffic Anomaly Analyzer): these security controls helps
for protecting from denial of service and distributed denial of services attacks. Denial of services attacks
make network congested, inaccessible and unavailable even for legitimate users of network. Distributed
denial of services attack conducted using various scattered infected nodes also known as zombies,
Attacker create a command and control channel with zombies and instruct to generate fake traffic
toward victims for making it in accessible or unavailable.

Security Control 3(Protection against device failure): this security control helps to prevent the condition
where all network devices fail eventually by using redundant network devices or solutions. Examples of
his control include redundant storage devices and technologies like RAID (Redundant Array of Indecent
Disks). Cluster/Server Frames and backup/recovery servers. Solutions for uninterruptable power
supplies (UPS) also examples of this security control.

Security Control 4(Protection against disaster): this security control helps to manage the issues occurs
due to the disasters, these disasters include natural disaster like storms, flood, fire, storms or tsunami
etc. Disaster avoidance and Disaster recovery is solution for this key security control, in Disaster
Avoidance practices are adopt to avoid networks service of functionality disruption using various
techniques like storing multiple data on various locations. Disaster recovery Plan (DRPs) help to identify
the type and response to various types of disaster types.

Security Control 5(Physical Security): this security control helps to control the unauthorized access to
network premises where network devices are install. These network premises like network operation
centers (NOC), Server rooms, and cables should must be protected from unauthorized access using door
locks, security cameras etc. manage the issues occurs due to the disasters, these disasters include
natural disaster like storms, flood, fire, storms or tsunami etc. Disaster avoidance and Disaster recovery
is solution for this key security control, in Disaster Avoidance practices are adopt to avoid networks
service of functionality disruption using various techniques like storing multiple data on various
locations. Disaster recovery Plan (DRPs) help to identify the type and response to various types of
disaster types.

Question No. 3

Security Control 1(Protection against device failure): this security control does not help to prevent from
the security event discussed in case because its only provides the solution for security threats those are
caused by the disaster where entire network fall down and network functionality disrupt. In the given
case only network services are effected and entire network infrastructure is not targeted.

Security Control 1(Physical Security): this security control would not effective for prevention from the
security threated described in the given case. As this security, control only deals with the physical
security of the network devices, network server, cables and physical network infrastructure. In given
case security of physical network devices was not compromise.

Security Control 1(Protection against disaster): this security control is not effective in the given case
because this security control only support for prevention from security concerns like storms, floods, and
fire incidents. An effective disaster recovery plan (DRP) helps to mitigate the issues occurs in case of
disaster recover issues.