Local Area Networks (LANs) connect multiple computers that in a geographically limited area, this can be within the same room or building, to share information and resources. A LAN enables devices to communicate over a network with one another internally, otherwise known as an intranet. Each Kudler location would represent a LAN since each location has an internal network that is sharing local resources. The majority of LANs are connected using cables with copper or optics, but a network setup to communicate wirelessly is referred to as a wireless network. Wireless Networks connect devices without wires, some examples are cellular networks, Wi-Fi networks or terrestrial microwave networks. Wireless LANSs (WLAN) usually connect devices that are very close to each other using the IEEE 802.11 WLAN standards that are marketed under the Wi-Fi name. Kudler plans to utilize WLANs in each location to connect their office computers and printers to the main network.
A wide area network will be setup to connect each locations LAN enabling the centralization of the company’s servers and afford real time access to database information. A wide area network (WAN) refers to the connection between two or more geographically separated LANS, such as the three locations of Kudler’s Fine Foods in different cities. As Kudler Fine Foods continues to grow the need for connectivity has increased. An enterprise network is required since these are networks that join the computing resources of an organization over LANs, WLANs, and WANs. All of these networks share basic building blocks in order to create the functional networks seen today. There are a few requirements when building a network in order for the network to operate. There is the hardware components with the end nodes (i.e. the sending and receiving computers).
The intermediate nodes that perform the data exchange (i.e. , switches, and hubs). And the telecommunication links (i.e. wired & wireless media, connectors, and cables). The end nodes are the systems with network hardware (NICs) and software. The NICs utilize the communication protocols in hardware and interface with the telecommunication links. The data is broken up into smaller portions called packets and then passed to the intermediate nodes for routing to the receiving system. These intermediate nodes can consist of hubs, switches, and routers. Switches support packet protocols and operate at the data link layer and sometimes the network layer. They take the incoming packets, filter them and forward them between the different LAN segments. Routers use tables (headers and forwarding) to, “decide the optimal path for sending the packets, and they use protocols such as ICMP to communicate with each other and configure the best route between any two hosts.”
End and intermediate nodes all require a medium to carry the signals from the requesting system to the receiver. This includes twisted pair copper and coaxial cables with connectors such as RJ-11 and RJ-45 and antennas for the wireless media. Protocols like IP, TCP, and UDP, are used specifically for computer communications and HTTP, FTP, SMTP, etc., for applications. With the amount of data being moved and stored over LANs and WANS, internal and external security concerns must be addressed. A firewall system will be used to prevent malicious users/software from entering the network. Blocking this type of traffic creates a barrier and limits communications to the outside networks. The implementation of a firewall system also allows for partitioning of the network into smaller security domains, allowing sections of the network to remain separate from the rest. The proper implementation of firewall techniques, e.g, packet filter, application gateway, circuit-level gateway, proxy server, will be reviewed.
Each technique will prevent potentially unsafe data from entering the network, but there is no one-size-fits-all technique. Packet filtering is effective, but is vulnerable to IP spoofing and can be difficult to configure. When applying security to target applications, the application gateway is more effective but can degrade performance. To prevent Kudler from placing all of its proverbial eggs in one basket, the firewalls can simultaneously run two or more of these techniques in chorus. Next generation firewalls (NGFW) combine the features of a standard firewall with quality of service (QoS) functionalities in order to provide smarter and deeper inspection. Cisco’s ASA firewalls services meet and exceed the requirements for Kudler’s first line of defense.
To supplement the networks firewall system IPS and IDS systems will also be implemented. Intrusion Prevention Systems (IPS) are designed to, “accurately identify, classify, and stop or block malicious traffic in real time.” An Intrusion Detection System (IDS) will alert as to when malicious data is hitting the network. For the new Kudler network, the Cisco FirePOWER Next-Generation Intrusion Prevention System (NGIPS) Solution will be implemented. Cisco FirePOWER will provide real-time contextual awareness, advanced threat protection, intelligent security automation, high performance and scalability, and optional application control, URL filtering and advanced malware protection