Opp Is Government Building Computer Science
In this introduction I will discuss the whole idea of my project scope and objectives, this chapter it will explained the problems, solutions but in wide also it will describe the place which will decided to perform the objectives and goals. So this chapter include of 4 parts each part describe the second part or all of these parts are interdepends each one is related to the other as problems and solutions.
This project it will implemented in the Public Prosecution, (OPP) is government building for conditions following and issues, it is placed in Muscat,Khwir this building is a headquarter of multiple branches in the Oman, it is consider as the backbone of the branches, OPP have many branches but there are 3 new branches, Nizwa, Samail, Rustaq, the goal of the project is linking the 3 branches to the headquarter in Khawir by using the suitable technique, also provide extra layer of protection inside the branches. OPP have 3 branches which consist Ground floor and first floor, Nizwa branche consists of 5 departments which are divided into 2 department in ground floor are Record dep, Follow the conditions, and the first floor consist of three are store dept, Administrative affaires and IT also meeting room .Rustaq Branch it consist as Nizwa Branch in divided departments, but Samail consist of 4 department which have 2floor is ground floor and first floor so in the ground floor have 2 dpet are follow the conditions and records departments and first floor include of 2 dept are store and IT also meeting room. So each departments in Nizwa and Rustaq have 30 users but Samail have 20 users regardless of other devices, in this situation the project objective or the basic objectives are link those branch and predesign the headquarter network topology with maintenance the network inside headquarter. OPP have perfect budget 80000 R.O just for IT departments or maintenance and developments.1.2 Problems Definitions:
However the reason of chosen this place or OPP because they have old techniques and network system as spread network is not combined and they have 3 new branches need to link them, in addition they have no security or have poor security in wireless network for example as we known this times the attacking are in increasing like sniffer or spoof the passwords and users and this make more danger of the staff or clients privacies, as we know OPP have sensitive information, therefore we need to safe these information by using encryptions tools or equipmentââ‚¬â„¢s that it will discussed in solutions regardless of other services this is major things which is supposed to do in the OPP, whatever right now each problem will discussed in details:
The first problem or issue is wireless is not controlled: this mean all wireless APs in the OPP are not controlled or it is connected directly to the switch without any managed this mean APs wireless are configured to be in normal way, whatever the administrator should to manage all of them, for example if we have 15 or 16 APs in building and need to configure it for all APs this will take time and confuse for the administrator and wasting the time also may be make some conflict in channels or IP addresses. In addition there is one issues that we talk above is about sniffer and spoofing attack tools, these tools are case some problems like overload traffic in the network and broken some websites certificates like SSL secure socket layer, for example if the attacker have extra experience of hacking WAP2 or Web encryptions that is mean there is no any secure in wireless networks and the sensitive information will destroyed from the attacker, consider that person or attacker get password of the wireless and he is trying to get the information as password and users by captures the packets that is mean the sensitive information not secure. If the attacker get the password key even the system has not web login or any system similar to it the attacker can join to the internet network or can attack any user he use the internet in that time in each situations the attacker will get what he need.
There is no parameter network to protect the internal network from outside: OPP have spread services system or mean that is not combined to each other, whatever web server and exchange server are in internal network there is no parameter network for external users that is mean all users in OPP cannot joined to the exchange server from his house or domain services, mean that there is no link available from organization and provider. This is case some danger to the internal network from outside that is mean if the attacker gets the IP addresses of the OPP network he will attack directly to the domain system.
There arenââ‚¬â„¢t any connections in 3 branches: The OPP has multi branches over Oman, but now we have 3 branches are not connected to the headquarter so this branches need to be part of the headquarter which can any users to join in it from anywhere and this branches are not linked to other branches.
The public prosecution includes new 3 branches without any scalability and redundancy: mean that branches have no any scalability and redundancy, scalability mean they have no devices can be increasing in the users or clients or devices like switches or mean there are no more one switch or two switch as depend on number of users, but about redundancy mean the three branches have no backup switches or cables or backup domain.
They have not technique to provide emailing system outside the OU: this problem it is describe the emailing system in OPP which they have no technique or not provided, so the users cannot be communicate to each other from their houses because they use Microsoft outlook as software can be used in OU it is difficult to configure for external users and this make inflexibility and sometimes unavailability, for example if the user using outlook outside the OU may the make mistake in configuration in his outlook software so he will not be connected to the exchange server from OU for example he miss any port number like POP3 or SMTP protocols in configuration this situation if the user request for outlook outside.
Considered that the servers get issues in off days, in this case require some permissions or privileges to resolve problem remotely: technically sometimes the servers get down or some services get errors or stopped whatever the case or sometimes the connections is lost from servers in OU and the administrator out of there or away from his OU and his just can resolve the problems in this system but he is not there and the users in branches or headquarter need to finish their work like home folder is not available the case is connection lost even the servers work, so they will wait for him to resolve and this make some problems in OU.1.3 Project Scope:
Public prosecution OPP is a government building for follow the condition and issues, OPP have multiple branches over Oman, OPP have 3 branches are not connected to headquarter and have no connection, in addition the headquarter have old techniques in wireless network control and security they have poor security they use TMG server as firewall system software, they network very slow case of software firewall, OPP headquarter is old building so the network is not scalability and reliability and redundancy. My plan is upgrade the network infrastructure network, mean that my first plan link 3 branches to link them to headquarter through VPN connection, also provide hardware firewall and replace the software because software is case some delay in filtering but hardware is very fast because it is has ASIC chip inside this chip is like core or RAM speed up the process, whatever I will use 3 layer hierarchy but for our organization it will combined the core and distribution layer in one layer it is called collapsed layer for medium size OU, well as well provide wireless controller WC to control the whole APs in all branches and support authentication system to allow users to login through Active directory and secure the connection.Objectives:
It will provide wireless controller for control the APs in whole branches.
It will provide IPS device to protect the external network and internal network.
It will replace the software firewall and place the hardware firewall ASA 5510.
In addition will provide Remote Administrative to control the system remotely.
I will support OWA for use emailing system outside by providing DMZ.
I will protect the internal network through DMZ zone by adding exchange server, webserver, Lync server.
Provide more layer of protection as support authentication over WC.
Will provide VLAN management over network devices in branches.
Back up servers will be providing for 3 branches.
It will provide Pfsense as open source Linux server for protecting the internal users from sniffing and management the internet traffic.Aims:
Implement the wireless security by using authentication system in wireless controller and configure it to be all configurations update for whole APs.
Improving in network traffic and predesign the network system like use VLAN network.
Implementing Secure the internal network by using DMZ zone.
Configuration IPS device system for them to prevent and detect the attacking.
Configuration ASA 5510 firewall device for VPN site to site branches communication then configure for filtering inbound & outbound traffic.
Implementing OWA outlook web access to provide the reliability and security for login information.
Configure back up servers in 3 branches and connect them to the remote headquarter for provide more reliability and redundancy, mean if the server down the backup remote server is working so the users will not feel if the server down.
Configure VLAN, VTP and Routing Commands to balancing and make the network more flexibility to avoid the broadcasting and loopback.
Enhance the management by configure remote administrative tools or software in DMZ zone to control the system remotely from anywhere.
Lync Server is the best software to communicate to each other by using unified messaging or chatting, but for OPP request I will implemented to be chatting over network and configured to be available for IT staff for communication in every branches just install the client in each PCs and give permissions from them.
Pfsense will implemented in the distribution layer before WLC or after, whatever Pfsense work to stop the sniffing or spoofing IP address and MAC address.Goals of Project:
Reducing the administrative effort by using WC device in each branch.
Get more scalability and redundancy by using backup switches devices and cables also servers.
Get more flexibility and reliability by using VLAN and Routing, ACL and other Commands.
Also enhance security by provide DMZ zone and authentication via WC on the other hand provide IPS device to protect inbound & outbound traffic.
Securely Network by ASA 5501 firewall hardware device to provide VPN connections and protect network from any attackers.
Improving the communication by adding Lync server and support OWA to easily communicate from outside.
Improving the maintains techniques by using Remote Administrative software to control the network from house over the internet.
According to the security issues the Pfsense will take care about the security in external users and internal so no one can get any packets from the destination host if we implemented. Actually this system is from Linux system it will used for future security issues it is free software system and it is not required more performance of PC that will used as this system.1.4 Solutions Definitions:
In in this case I will provide wireless controller to control many APs in one configuration and it will support security method to secure the users entries mean that the device will implemented placed in core layer in each branch and configured by using GUI and connect it to the switch and from switch link the APs to get same update from WC this can be help the administrator to reduce the effort and time management also WC can help us to protect and secure the interconnection media or wireless clients authenticator via AD domain, this technique can provide SSL secure socket layer over HTTP to be HTTPS, so when the user authenticate the SSL protocol used as protection cover or like tunnel and the plain text transferred inside tunnel so the attacker cannot be see what is contain he se encryption as cipher text or symbols and numbers mixed to gather which cannot be understand whatever the attacker use of sniffer tools or spoofing.
Also I will use VLAN technique to manage the network traffic, VLAN is a technique which is used in switches to stop the broadcasting and management the big broadcast domain to subdomains and this can used as privacy if any users no need to communicate with other users we can use VLAN to stop them and this one can give more flexibility in network so it will stop collations domain and broadcast domain so there are no any overload traffic happen.
The suitable connection technique is VPN to connect the 3 branches to the main backbone system, VPN connection is very securely over the internet, VPN have two types remote and site to site, so depend on project scope site to site is the suitable to use it because it used in branches communications. VPN connection is like dial up which provide by ISP provider (Omantel) VPN have multiple encryption protocols as L2TP, PPTP, IPsec, this protocols are using in encryption the tunnels of VPN over the internet it is like pipe or tunnel which have multiple cover, In this case all staff branches will connect to domain headquarter over the dial up VPN connection via internet by linking from ISP. I chose VPN because it is inexpensive than MPLS it is just can be configured in the firewall and make deal with ISP and configured the remote system in branches, but MPLS need for router which is provide MPLS technique and it is very expansive.
Technically I will support OWA (web outlook access) for emailing out the OU, OWA is web page which is used for login information built in exchanger server, OWA technique it is helping the users to emailing to each other from outside via internet connection, OWA is also support some encryption like SSL over HTTP to protect the users passwords from capture the packet we can configure it to use in the organization.
As Administrator will face in the future of coming techniques problems probability I will add remote Administrative control to fixing any problems from his house or manage the servers remotely, this system it will configured in web server and add it as web site or portal system for the administrator, this system software it has some benefit as control the system from outside if happen any problem he directly will connect to parameter network and from parameter he will get permissions to solve the problems this case if the problems it can be solved remotely no need from the administrator to came there.
Securely the DMZ zone or extra layer of protection is very important from this time to prevent any attack from outside, so it will provide, DMZ zone is called also parameter network, DMZ zone contains of some servers as exchange, web etc. These servers are connected to the firewall as one port from it so the firewall has 3 interface cards one for exiting network and second for internal network and third is for parameter network, DMZ zone propose is to increasing of protection or extra layer of protection it is put the internal network in safe place away from any attackers trying to attack the system.
Article name: Opp Is Government Building Computer Science essay, research paper, dissertation