4 Assessment Details and Submission Guidelines Unit Code BN305 Unit Title Virtual...

Question

4
    Assessment Details and Submission Guidelines
    Unit Code
    BN305
    Unit Title
    Virtual Private Network
    Assessment Type

    Assessment Title
    Assignment 2 – VPN Network Design for Small and Medium Enterprise (SME) network and VPN services
    Purpose of the assessment (with ULO Mapping)
    This assignment assesses the following Unit Learning Outcomes; students should be able to demonstrate their achievements in them.
· Describe architectural VPN design for small, medium and large businesses and corporations
· Report on the health of the existing VPN architecture, solution, data, application, and technology
· Discuss the appropriate security design and solutions for varieties of organisations
· Report on the cu
ent and future state of the management of VPN infrastructure and its technologies
· Interpret a roadmap process to transform the VPN architecture to support long-term organisations’ goals
· Implement a process to support the administration and the management of VPN
    Weight
    15%
    Total Marks
    30
    Word limit
    See the instructions
    Due Date
     Week 11
    Submission Guidelines
    · All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page.
· The assignment must be in MS Word format, 1.5 spacing, 11-pt Cali
i (Body) font and 2 cm margins on all four sides of your page with appropriate section headings.
· Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using IEEE referencing style.
· MS WORD file type is used for submission in Moodle. No ‘zipped’ files or other types must be used
    Extension
    If an extension of time to submit work is required, a Special Consideration Application must be submitted directly to the School's Administration Officer, in Melbourne on Level 6 or in Sydney on Level 7. You must submit this application three working days prior to the due date of the assignment. Further information is available at:
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/specialconsiderationdeferment
    Academic Misconduct
    Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at: http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure. For further information, please refer to the Academic Integrity Section in your Unit Description.
Assignment Description
Tasks:
There are two parts to this assignment, i.e. part A and part B.
A. Investigate, design and develop a suitable VPN network for a Small to Medium Enterprise(SME) by addressing the following criteria. See detailed instruction in the next section.                                                        30 marks
Part A description:
The VPN network design in this assignment considers two sites in different Australian cities belonging to the same organization. This is in addition to remote users who should be able to access their work from the company site while travelling.
1. Design a network for this SME
2. Build VPN services for the users
Report must include:
· Introduction
· Scopes and Limitations
· Requirements (Network parts and VPN service parts)
· Solution Design
a. Logical Design
. Physical Design
c. Network Topologies
d. IP addressing
e. Security features and Policies
f. Redundancy and Failover plans
g. VPN service Deployment and implementation
· Refer the sample document included in below for network design, and consider how to deploy and implement relevant VPN services onto the network. You need to choose the right type of VPNs and protocols that satisfy the requirements for remote and
anch to
anch connectivity.
Marking criteria:
Marks are allocated as indicated on each question, taking the following aspects into account:
    Section to be included in the report and demonstration
    Description
    Marks
    Identification and Analysis and description
    Co
ectly identifying, appropriateness, discussion
The document should include all necessary headings and contents to depict a VPN services and network design as per the example provided
    10
    Explanation/justification
    Description and justification
This section should include proper headings and contents to propose a solution for a VPN network. Wireless LAN solution needs to be included.
    15
    Presentation and Referencing
    Structure, presentation, formatting, writing
Multiple Figures and Tables need to be included to properly show the requirements development.
    5
Marking Ru
ic for Assignment 1 Questions-Marks as shown
    Grade
Mark
    HD
25+
    D
20-25
    CR
15-20
    P
10-15
    Fail
10

    Excellent
    Very Good
    Good
    Satisfactory
    Unsatisfactory
    Identification and Analysis and description
    Highly valid and appropriate
    Valid and appropriate
    Generally valid and appropriate
    Valid but no appropriate
    Not valid and not appropriate
    Explanation
justification
    All elements are present and well integrated.
    Components present with good cohesion
    Components present and mostly well integrated
    Most components present
    Lacks structure.
    Reference style
    Clear styles with excellent source of references.
    Clear referencing/ style
    Generally good referencing/style
    Unclear referencing/style
    Lacks consistency with many e
ors
    Presentation and referencing
    Proper writing and referencing. Professionally presented
    Properly written and drawing, with some minor deficiencies
    Mostly good, but some structure or presentation problems
    Acceptable presentation
    Poor structure, careless presentation
Prepared by: Dr Ghassan Kbar XXXXXXXXXXModerated by: Dr Ammar Alazab    August, 2018
Prepared by: Dr. Smitha Shivshankar      XXXXXXXXXXModerated by: Dr. Javed Baloch     December, 2018
WISEIT_proposal_v1
.1.pdf

qfile_636885069846456879_125368_1.docx

Amit · Accepted Answer

Title of the assignment: VPN for SME
Student’s name:
Professor’s name:
Course title: BN305 (Assignment – 2)
Date: 3/20/2019
Table of Contents
1.	Introduction	3
2.	Scope of VPN and its limitations	3
3.	Requirements for VPN to SME	5
4.	Developed solution of VPN for SME	6
5.	Security policies and their features	10
6.	VPN deployment for client and server	11
7.	References:	12
1. Introduction 
The information technology is the most important and essential requirements of modern SME (small and medium enterprises) for effectively executing their business processes. The dataflow for the organizational operations can be easily understood by the employees because of IT involvement. The reliable and most importantly secured networks are most essential for modern SME’s. Thus, the requirements of reliable and secured networks to any SME can easily be fulfilled by the VPN (virtual private network) easily. The secured connective with different branches through internet makes VPN as the most effective connectivity solution. For the presented assignment, I will try to develop the logical as well as physical design of VPN to connect two branches located in two cities for a SME. 
2. Scope of VPN and its limitations 
The VPN implementation requires division in two important phases in which the initial phase is related to design of cables used in VPN, design of wireless LAN, implementation of required network configuration, intranet configuration and capability enhancement with improvements in services of 2 & 3 layers of implemented model. In trailing phases, the identification of VPN redundancies is mainly done. The core switches with required redundancies are selected in this phase. The implementation of remote access, firewall, future extension of servers and IPsec are carried out in this phase. The assumptions required for implementation of VPN are listed below: 
1. The implementation of VPN requires proper analysis of financial condition of SME as some new equipments will also requires to be purchased. 
2. The documentation related to configuration of hardware in existing network are required. 
3. The physical and logical designs of existing network in both cities of SME are also required. 
The implementation of VPN for any SME requires an effective design strategy so that required VPN results can be obtained. Thus, key points of this design strategy for VPN implementation in SME to connect two cities are listed below: 
1. Encrypt the important and sensitive data. 
2. Implement strong authentication for all employees and other users. 
3. The presented network must be simple but robust in nature. 
4. The firewall must be used before implementation of any server. 
5. Make installation of a detection system to detect all possible intrusions. 
6. The users using BYOD concept must provide required authentication and its policy must be effective. 
7. Regular monitoring of network data is essential. 
8. The limited and secured downloads are allowed to all employees. 
9. Effective monitoring of data packet source address is essential. 
10. All unnecessary deployments of certain services must be prohibited. 
 The implementation of VPN for any SME also brings certain risks, so, risk identification with proper mitigation strategy requires identification. So, the VPN implementation risks with mitigation strategies are listed below: 
1. It is possible that shortage of finance may occur in VPN implementation for SME, so, some backup in finance is required. 
2. While migrating to VPN, the crash of server may occur, so, all data must be backup before starting the migration process. 
The VPN brings different possible advantages to SME’s but certain limitations are also their which are listed below: 
1. The intranet development on bases of internet is carried out in VPN, thus, organization have limited controls on it. 
2. The internet speed defines the performance of VPN. 
3. Internet is based on public network so security issues are also there. 
4. The used hardware in VPN implementation may also cause issues. 
3. Requirements for VPN to SME
The requirement analysis for implementing VPN in any SME is carried out in three parts which are explained below: 
1. Wireless access: The certificated of authentication must be used to authorize users to use VPN services. All connected devices must be in protection of firewall and anti-virus programs. The VPN must allow only secured devices to make connection. The policy for internet access for employees must be strong. Adoption of effective encryption must be carried out. Both the branches of SME must have high rate of signal coverage. 
2. VPN security requirements: The firewall must be used before all server implementations. Proper authentication for all users to maintain security of VPN is essential. Make installation of a detection system to detect all possible intrusions. The users using BYOD concept must provide required authentication and its policy must be effective. Regular monitoring of network data is essential. The limited and secured downloads are allowed to all employees. Effective monitoring of data packet source address is essential.
3. VPN network requirements: More than one GBPS data rate is required in VPN. IPsec must implement to maintain security in VPN. The switches with 32 or 64 ports can be considered. Different network zones must be used in both branches of SME. DHCP can assign required IP addresses. The IPv4 network addresses will be preferred. 
4. Developed solution of VPN for SME 
The implementation of VPN for any SME requires different networking components and these required networking components for VPN implementation in any SME are listed and explained below: 
1. Firewall: This is the core element which acts as the primary defense line to VPN of SME. It blocks all unwanted packets of passing data through the VPN. The required authentication in VPN implementation can easily be implemented with help of firewall. 
2. Routers: The delivery of data packets from one branch to other requires connection of internet and branch VPN is connected to internet through the routers. 
3. Modem: for providing internet services required to maintain the connection of one branch with other, modem are the most import VPN component. 
4. Core switches: The network gateway for VPN is developed by the help of core switches. The final VPN implementation with high capacity is assured by these core switches. 
5. Distributed switches: For controlling the Ethernet in VPN implementation, distributed switches are being used. For maintaining the network access through Ethernet, these switches are connected to core switches of VPN. 
6. WAP: For providing wireless connectivity in both branches, the WAP devices are connected to routers used in that physical network. 
7. Servers: All SME’s will generate and collect data and this data is required for so many different operations. This data is stored on the deployed servers. The migration to VPN also requires a backup server to hold the database of SME. 
Based on the above mentioned networking components, the required logical design for VPN implementation in SME connecting two branches is developed. Both the branches located in different cities can easily be connected through VPN from below presented logical design: 
Figure 1: Logical design
For developing the physical design, I have assumed that both branches located in different cities are identical and having same implementations, so, both the branches located in different cities can easily be connected through VPN from below presented physical design:
Figure 2: physical design
Here, M is used for modem, A is used for WAP, C is used for core switches, D is used for distributed switches, F is used for firewall, R is used for router, and S is used for servers. 
The implementation of VPN for any SME connecting two branches requires selection of topology required to connect end users and other devices. As implemented branch shown in physical design are having star topology, so, star topology is recommended to connect all branches and related end user devices. By using the star topology in the physical implementation the addition or deletion of any node or device becomes very easy for the network administrator. The diagram to show the implementation of star topology for connecting two branches is shown in below diagram: 
Figure 3: star topology 
The implementation of VPN in any SME requires allocation of IP addresses so that required communication for identified nodes can be developed. The table to show the IPv4 addressing for both branches located in different cities is shown below: 
	Domain
	Mask
	Network
	Host range
	Total IP
	First branch
	
	Cluster 1
	/28
	172.15.0.0
	172. 15.0.1
	172. 15.0.14
	14
	Cluster 2
	/28
	172. 15.0.16
	172. 15.0.17
	172. 15.0.30
	14
	Cluster 3
	/28
	172. 15.0.32
	172. 15.0.33
	172. 15.0.46
	14
	Cluster 4
	/28
	172. 15.0.48
	172. 15.0.49
	172. 15.0.62
	14
	Cluster 5
	/28
	172. 15.0.64
	172. 15.0.65
	172. 15.0.78
	14
	Cluster 6
	/28
	172. 15.0.80
	172. 15.0.81
	172. 15.0.94
	14
	Cluster 7
	/28
	172. 15.0.96
	172. 15.0.97
	172.15.0.110
	14
	Cluster 8
	/28
	172. 15.0.112
	172.15.0.113
	172.15.0.126
	14
	Cluster 9
	/28
	172. 15.0.128
	172.15.0.129
	172.15.0.142
	14
	Cluster 10
	/28
	172. 15.0.144
	172.15.0.145
	172.15.0.158
	14
	Second branch
	
	Cluster 11
	/28
	172. 15.0.176
	172.15.0.177
	172.15.0.190
	14
	Cluster 12
	/28
	172. 15.0.192
	172.15.0.193
	172.15.0.206
	14
	Cluster 13
	/28
	172. 15.0.208
	172.15.0.209
	172.15.0.222
	14
	Cluster 14
	/28
	172. 15.0.224
	172.15.0.225
	172.15.0.238
	14
	Cluster 15
	/28
	172. 15.0.240
	172.15.0.241
	172.15.0.254
	14
	Cluster 16
	/27
	192.168.0.0
	192.168.1.1
	192.168.1.30
	30
5. Security policies and their features
The implementation of VPN for any SME requires development of security policies with certain defined features. Data protection is the primary and main concern in development of VPN. As VPN is totally based on internet services, thus, security policies require deep implications for SME’s. The key points of security policy developed to implement VPN for connecting two branches are listed below: 
1. Plans for failure condition: The VPN must have a plan for failure condition. The failure of any node, switch or router must not affect the working conditions of complete VPN. Thus, this must be developed. 
2. Education of end user: The security of data must be aware to all the working employees in both branches. The safety and importance of sensitive data must be known to employees working in both branches. Regular workshops for exercising the required security precautions will help to maintain security of data on VPN. 
3. Cache clearing: The web cookies and other cookies store the sensitive information like passwords and user names. Thus, each user must delete all cookies and clear the cache of system when the developed session of working is completed. The data stealing can also be prevented by cache clearing. 
4.   Keystroke detection of spam emails: The keystroke detection of spam emails is must be included in the security policy to ensure the security of VPN. The authentication on bases of biometric devices is also a key stone of security policy. 
6. VPN deployment for client and server
The implementation of VPN for any SME requires certain commands and procedures for VPN deployment to its servers and clients. The procedure to set server VPN to connect two branches are listed below: 
1. Download and run the openVPN.
2. Provide your IP address and 1194 port no. during installation. 
3. Select DNS server of Google and provide client name. 
4. It will automatically add firewall and your VPN server is ready to use. 
5. Certain commands to start stop and restart VPN servers can be used. 
The procedure to set client VPN to connect two branches are listed below:
1. Download and run the openVPN. 
2. Copy the provided client file for configuration. 
3. Use command to check connectivity and restart to system to make connection to VPN. 
7. References: 
Barr, A. J., Deakin, O. M., Nicholson, R. B., & Thorne, C. J. (2016). U.S. Patent No. 9,288,234. Washington, DC: U.S. Patent and Trademark Office.
Bhardwaj, A., Subrahmanyam, G. V. B., Avasthi, V., & Sastry, H. (2016). Design a Resilient Network Infrastructure Security Policy Framework. Indian Journal of Science and Technology, 9, 19.
Bibraj, R., Chug, S., Nath, S. A. N. K. A. R., & Singh, S. L. (2018). Technical study of remote access VPN and its advantages over site to site VPN to analyze the possibility of hybrid setups at radar stations with evolving mobile communication technology. MAUSAM, 69(1), 97-102.
Polezhaev, P., Shukhman, A., & Ushakov, Y. (2015, October). Implementation of dynamically autoconfigured multiservice multipoint VPN. In 2015 9th International Conference on Application of Information and Communication Technologies (AICT) (pp. 211-215). IEEE.
Vidal, S., Amaro, J. R., Viotti, E., Giachino, M., & Grampin, E. (2016, August). Rauflow: Building virtual private networks with mpls and openflow. In Proceedings of the 2016 workshop on Fostering Latin-American Research in Data Communication Networks (pp. 25-27). ACM.
		2

4 Assessment Details and Submission Guidelines Unit Code BN305 Unit Title Virtual Private Network Assessment Type Assessment Title Assignment 2 – VPN Network Design for Small and Medium Enterprise...

Solution

Answer To This Question Is Available To Download

Related Questions & Answers

Submit New Assignment