I am requesting a technical implementation proposal for the included scenario that covers the following topics:
DNS and DHCP
• How had DHCP installation and authorization been implemented?
• DHCP scope design (e.g., lease times, number of scopes, address range)
• Will a form of DHCP fault tolerance be implemented?
• Will DHCP reservations be used for servers?
• How can IPAM be utilized?
• How will IPv6 be utilized?
• How will DNS be implemented?
• DNS Security
• How will DNS be handled for the second and third site?
• What namespace should Fixing Windows LLC implement?
• What types of zones needed?
File Services, DISTRIBUTED FILE SYSTEM (DFS) AND BRANCHCACHE:
• How will the shares be secured?
• Will quotas be used? FSRM be configured?
• Will DFS be implemented?
Remote Services and NETWORK POLICY SERVER (NPS):
• What technology will be implemented to provide secure remote access for users?
• Who should have remote access?
Discuss these other server 2016 Networking concepts:
• HIGH PERFORMANCE NETWORK SOLUTIONS
• SOFTWARE-DEFINED NETWORKING (SDN)
Describe the technical and business reasons for each choice, citing other resources as appropriate. The Windows Server 2016 operating system should be used for all aspects of the solution. The solution should be reasonably detailed. The final submission should contain at least 1650 words excluding the reference page and cover page.
Tags: information systems computer science Network security Windows server California University of Pennsylvania Windows LLC
Unformatted Attachment Preview
Windows Network Proposal – Networking You have been hired by Fixing Windows LLC as an Information Technology consultant to develop a technology proposal. Fixing Windows LLC manufactures and distributes solar panel for the consumer market. Your job is to submit a proposal that meets their criteria. Current Implementation/Concerns: • The company will have 3 locations (Los Angeles, Dallas, and Houston) but are planning to grow rapidly due to high demand in solar panels. Main staff will be at Dallas and Houston offices. • Data security is priority since patent and trademarks are at stake. • Los Angeles sales personnel will need secure remote access to Houston office. • The WAN connectivity is in place and it is not an issue. There is ample bandwidth in place. • Feel free to make other assumptions but they need to be noted in the paper. Topics to Cover: Your document should cover the content presented in the course. The outline below contains recommended points to cover. You are free to add other related information. Describe the technical and business reasons for each choice, citing other resources as appropriate. The Windows Server 2016 operating system should be used for all aspects of the solution. The topics include: DNS and DHCP • How had DHCP installation and authorization been implemented? • DHCP scope design (e.g., lease times, number of scopes, address range) • Will a form of DHCP fault tolerance be implemented? • Will DHCP reservations be used for servers? • How can IPAM be utilized? • How will IPv6 be utilized? • How will DNS be implemented? • DNS Security • How will DNS be handled for the second and third site? • What namespace should Fixing Windows LLC implement? • What types of zones needed? File Services, DISTRIBUTED FILE SYSTEM (DFS) AND BRANCHCACHE: • How will the shares be secured? • Will quotas be used? FSRM be configured? • Will DFS be implemented? Remote Services and NETWORK POLICY SERVER (NPS): • What technology will be implemented to provide secure remote access for users? • Who should have remote access? Discuss these other server 2016 Networking concepts: • HIGH PERFORMANCE NETWORK SOLUTIONS • SOFTWARE-DEFINED NETWORKING (SDN) Submission Requirements: There are specific requirements for the assignment: The final submission should contain at least 1650 words excluding the reference page and also (not counting title page, images, diagrams, tables, or quotations), but may be longer, not to exceed approximately 10 pages’ worth of student-supplied text. (With the required diagram, and other images, title page, etc., the final submission may end up being more than 10 pages in length.) It must be double-spaced, have 1inch margins, and use 12-point Times New Roman or 10-point Arial/Helvetica font. A title page is required; APA format for the title page is optional. • At least one diagram must be included (not counted towards the minimum length described above). You can have more. • The submission must cover all of the 6 major topics outlined above. Each choice should be explained with technical and business reasoning. The solution should be reasonably detailed. • The structure of the final submission is flexible. There is no specific format required, although it should be organized logically and represent a single, unified solution. It is likely that the format will include separate sections for each of the 6 topics required, as well as a summary. • At least one non-textbook, non-LabSim, non-Wikipedia reference is required; preferably, this would be a “best practice” guide or similar content from Microsoft or an experienced provider of Microsoft solutions. • Be sure to properly quote or cite any sources used. APA format is required for in-text citations and the list of works cited at the end. It is expected that you are already familiar with UMUC’s “Policy on Academic Dishonesty and Plagiarism.” It is available in the Academic Policies section of the Syllabus; there are also links in the Webliography. In its simplest form, if you are using text from a source, you must cite and/or quote it. If plagiarism is found, then there will be a penalty to the grade. Introduction This technology proposal is for Fixing Windows LLC, a manufacturing and distribution company that builds and distributes solar panels for the consumer market. Fixing Windows LLC has three locations in Los Angeles, Dallas, and Houston and is planning to open more sites soon. The corporate employees are housed in the Dallas and Houston offices. We have learned through our meeting with the company, that their main priority is data security, primarily because of the intellectual properties owned by the company, namely, their patent and trademark property. The Importance of Data Security Data security is crucial to the long-term success and efficiency of a company. To best protect data, companies must employ industry standard best practices. As a part of our proposal, we will ensure that the following steps are adhered to in your organization. These steps have been used in the industry and provide a solid foundation for data security management (Alert Logic, 2017): 1. Identity and Access Management (IAM) – An effective IAM mitigates security threats by controlling resource access with a strict password policy, the use of multi-factor authentication, privilege control and permission control. 2. Vulnerability Monitoring – Another method of effective data security is to provide regular vulnerability monitoring scans. We will ensure that your organization has a robust scanning solution that offer much more than the standard vulnerability scanning software options. We monitor all the scanned data and distribute the findings to the right personnel to ensure that your security posture is maximized. 1 3. Patch Management – Research finds that most cyber attacks rely on know vulnerabilities, therefore we know that most security breaches can be avoided by applying patching to the company’s infrastructure. We will ensure that an automated patching system is in place and operative. 4. Endpoint Security – We look at companies with the end result in mind. Our proposal is to ensure that we cover your organization from all aspects, including but not limited to, remote employees and bring-your-own-device (BYOD) solutions. Traditionally, antivirus applications are used, however, we go a step further and implement a file integrity monitoring (FIM) system that validates operating systems and helps protect the organization’s network. 5. 24-hour, 7-days a week Monitoring – Rather than passively adopting network solutions, we propose to proactively monitor your network with a state of the art, 24/7 monitory system. 6. Immediate Incident Response – As a part of our on-going support, we employ a National Incident Management System (NIMS) approach to any incident that occurs within your organization. We understand that time is critical, therefore, when an incident occurs, we response within minutes. To best prepare for potential incidents, we conduct test drills using simulated attacks to prepare your staff for an incident. 7. Secure Coding – Research shows that vulnerable web applications are the highest attack vector in the cloud. We implement secure coding best practices such as input validation, output coding, and encryption solutions to mitigate the risk of a web application attack. 8. Lessons Learned – One of the perks of our proposal is that we provide an in-depth lesson learned packed after responding to any security threats or data breaches. We will let you 2 know exactly what worked and what did not work and how we can improve your processes moving forward. 9. Threat Intelligence – The final piece of our protection puzzle is our on-going IT education platform. We help you and your team keep up with the latest threats and mitigate future risks. We provide you with free online resources such as CVE (a dictionary of known vulnerabilities) and access to discussion forums on trending data security topics. Critical Components of Our Comprehensive Plan One of the most critical components of our proposal is the protection of your dynamic host configuration protocols (DHCP) and your domain name security (DNS) protocols. The DHCP protocol dynamically assigns internet protocol (IP) addresses within your network. While efficient in many ways, it can leave your organization vulnerable to attacks. Therefore, we add an extra layer of security in the protocol by ensuring that every configured device on your network is scanned regularly. Additionally, we ensure that your DNS is monitored systematically and that no threats infiltrate your system. Furthermore, to fully protect your data, we follow a precise DHCP installation and authorization format. We provide Active Directory support, which means that your DHCP server becomes an authorized server and thus provides you with the ability to control the addition of DHCP servers to your domain. Authorization must occur before a DHCP server can issue leases to clients. By requiring authorization of the DHCP servers, we prevent unauthorized DHCP servers from offering potentially invalid IP addressed to clients. 3 DHCP Scope – We propose inserting a DHCP scope, which is a range of IP addresses that we will lease out on your behalf to your clients when they make a DHCP request. We will manage the server for you. DHCP Fault Tolerance – As a part of our on-going efforts to secure your data, we will implement a fault tolerance protocol. The protocol is a failover that is used to load balance your client requests between the DHCP servers and thus providing fault tolerance. Should one of your servers go down, the other server will continue to serve IP addresses to your clients. DHCP failover can be configured by either load balancing or by using a hot standby mode where one of the servers is active and the other is passive. When the active server goes down, the passive server immediately takes over. The Utilization of IPAM Internet Protocol Address Management (IPAM) is the administration of DNS and DHCP. These are network services that assign and sort out IP addressees to machines that are a part of a TCP/IP network system. In simple terms, IPAM is a method of managing the IP address space in a network. In our proposal, we intend to use IPAM to effectively manage the amount of space used in your network for IP addresses. We will ensure no duplication of IP addresses and will monitor all IP addresses for safety and security purposes. Since we ensure the highest level of security and compliance in our industry, we use IPAM to manage the state of your network system. In our Windows Server 2016 environment, we can provide end to end IP infrastructure planning, management and tracking services. By using IPAM, we can provide the IP and DNS management capabilities for a large-scale network such as yours. Additionally, we can automate 4 the IP addresses and DNS discovery process and manage the information from a central platform, thereby ensuring efficiency and reducing redundancy. The Use of IPv6 We propose to upgrade your system from IPv4 to IPv6. As a part of this upgrade process, we include enhancements to the IETF which allows us to handle packets more efficiently and to improve performance and increase security. We can do this by reducing the size of your routing tables and revise them to be more hierarchical in nature. The primary function of IPv6 is to allow more unique identifiers to be created. Also, IPv6 provides six distinct advantages (Network Computing Editors, 2011): 1. More efficient routing – Ipv6 reduces the size of routing tables. 2. More efficient packet processing – Ipv6 has a simplified packet header that cause packet processing to be more efficient. Since there is no checksum, it reduces the recalculation times. 3. Directed data flows – This version supports multicast rather than broadcast and therefore allows intensive packets flows such as multimedia streams, to be sent simultaneously to multiple destinations. This effort saves network bandwidth. 4. Simplified network configuration – There is an address auto configuration or address assignment feature built into IPv6. The automation allows the router to send the prefix of the local link in its router advertisements. 5. Support for new services – The advancements made in IPv6 provide confidentiality, authentication, and data integrity, unlike IPv4, which was more susceptible to malware. 5 6. Security – IPSec, which provides confidentiality, authentication and data integrity, is baked into in IPv6. Because of their potential to carry malware, IPv4 ICMP packets are often blocked by corporate firewalls, but ICMPv6, the implementation of the Internet Control Message Protocol for IPv6, may be permitted because IPSec can be applied to the ICMPv6 packets. For your review, here is a diagram of the IPv6 address types and formats: DNS Implementation and Security We propose to implement DNSSEC or Domain Name System Security Extensions as a protocol for securing the chain of trust that exists between the DNS records that are stored in each domain level within your network. This is a multi-level process that ensures an extra layer of network security. Our process requires the “.com” name servers to verify the records for your system. We also verify the root DNS servers for all .com records. The final step in our security process is that the records published by the root will have their integrity verified using a privatepublic key pair, called a Zone Signing Key (ZSK). Namespace 6 Proper name resolution is also important for the users to locate specific resources within the network (Miu, 2001). The namespace used within the organization should not conflict with that which has been used within the internet. Internal and external namespaces should also be used differently for the users to easily recognize them. Subdomains will be created within each of the locations and even on some of the large departments having different users. Zone Types We propose to have your organization use Active Directory Integrated DNS zones to simplify the DNS replication and improve your overall security measures. Active Directory Integrated Zones are stored in partitions inside the active directory and does not require any additional configuration. The DNS zone is configured to allow only secure, dynamic updates to your system. By doing this, we prevent workstations that are not a part of your domain, from modifying your DNS records. 7 File Services As a part of our ongoing efforts to provide quality services, we will implement a Distributed Files System (DFS). Some of the advantages of using a DFS are: • • • More storage than can fit on a single system More fault tolerance The user is “distributed” and needs to access the file system from many places To implement the DFS, we first ensure that the operations are clearly defined. We will build a virtual file system (VFS) interface. The VFS will provide an easy way to keep the same interface and the same operations, but to implement them differently. In a traditional operating system, the operations on a vnode access a local device and local cache. In a similar fashion, we can write operations to implement the VFS and vnode interfaces that will go across the network to get our data. On systems that don’t have as nice an interface, we have to do heavier kernel 8 hacking — but implementation is still possible. We just implement the DFS using whatever tools are provided to implement a local file system, but ultimately look to the network for the data. Quota management will be done to ensure that files are kept secure. By setting quotes, we can effectively implement and plan variation and monitor existing resources that are needed for data and information storage. We will also use a File Server Resource Manager (FSRM) to establish the quotas. Hard and soft quota will be applied. Notification thresholds will be configured to ensure that notifications are initiated if the threshold is reached. We also intend to use employ remote services. We will implement the use of cloud computing services for remote purposes. Authorized users can have access to the database and run programs via the cloud in the same manner as if they were local. We will ensure that password and user authentication measures are in place to provide server management. Network Policy Server (NPS) Network policy considered an important aspect within the windows server infrastructure as it provides a single administrative tool that control access and use of network resources. It would therefore play a major role within the company infrastructure. The approach in which various users and administrator groups access the system is significant in determining the existing setting being applied within every desktop. The two main locations (Dallas and Houston) should have control at their local servers whereas a top or overall administrator in Los Angeles being in charge of the connectivity between the three offices. Due to variations in the locations, different setting could exist between t he offices in such a way that Dallas and 9 Houston have distinct approaches to control. Therefore, under the use of the NPS, application deployment that ought to be applied through the organization will be done from the administrator’s point without being do ne by specific users. Software Defined Networking (SDN) We will implement a Software Defined Networking (SDN) system as a part of our proposal. This system provides isolation from physical networks. It is a control layer between the application layer an d the infrastructure layer. We will install the system and provide the network administrator with additional control measures over the network that allows them to directly define how each device sends traffic over the network. .Conclusion We are dedicated to the utmost efficiency and security of your system. Our proposal is a complete systematic approach to ensuring your network safety and productivity. We view data security as a high priority, and we are the best in our industry in providing these services. Network security is one of the most important aspects to consider when working over the internet, LAN or other method, no matter how small or big your business is. While there is no network that is immune to attacks, a stable and efficient network security system is essential to protecting client data. A good network security system helps business reduce the risk of falling victim of data theft and sabotage (ECPI University, 2019). We are certain that you will be pleased with the outcome of our services and we look forward to taking your organization to the highest level possible. 10 References Alert Logic. (2017). 9 Best Practices for Data Security. Alert Logic. ECPI University. (2019). Importance of Network Security: Safety in the Digital World. ECPI University. Miu, A. K. (2001). Dynamic Host Configuration for Managing Mobility Between Public and Private Networks. USITS. Network Computing Editors. (2011). Six Benefits Of IPv6. Network Computing.com. 11 …