Technical Plan and Implementation New Charter Housing Trust Group

Question: Case study of New Charter organization. Answer: Introduction The task includes primary requirements on designing Virtual Private Network over a case study of New Charter organization. At first, the assignment addressees the essential design of the VPN network along with security and business objectives ("Social Housing Program Protects Network Inside and Out", 2016). The business and security objectives are included as with showing the new network design configuration. The assumptions are attached for depicting entire security scope inclusion. The description is attached in this study for showing the network specifications and design components. The justification is assigned for showing the entire objectives based design of the network as well (Liao, WU Dai, 2016). The components are shown for further addressing of the network procedures; the implementation of the planned network is depicted to show the entire scenario of the design. Network Diagram for the Case Study Figure 1: VPN Network Design Security and Business Objectives in Case Study The security and business objectives are included as per the case study consideration. The organization New Charter Housing Trust Group required incorporating a low-cost yet scalable network connection architecture connecting more people in one grid (Liu et al., 2015). Their primary goal of business is to connect more people from lower income background with serving 20,000 citizens in UK. Their business initiatives are included as following: To provide low cost implementation of Virtual Private Network with serving more residents and corporate staffs To integrate the management units into the existing IT network with mitigating the difficulties To implement the network with legacy hardware and software without any discrepancies in interconnection To implement the network with including access controlling for proper policy and maintenance planning The security considerations are included as following in form of techniques for mitigating the risks and discrepancies. To include potential policies in the organization practices with including deployment of technology To recommend several security and privacy considerations under the network for mitigating the risk of packet transmission without exploit To incorporate the suitable security guidelines under the network connection for privacy maintenance To minimize the security and maintenance cost with increasing the performance later on with connecting the components in network architecture as well Assumptions in Network Design and Security Primary and essential consideration is that the users and personnel should consider entire process with care and sincerity. The organizations personnel and their staff should be included with suitable level of maintaining the secure and private network (Gharam, Salhi Boudriga, 2015). The assumptions in network design and security are included as following. These assumptions are attached for showing which parts are to be considered as the security concerns. The assumptions are important for determining whether the considerations are in the project scope or not. The assumptions are included herewith: The network will be incorporated with access controlling for the users under blocking access to unidentified users The network will be under some users, those who are identified in the grid The network is to be implemented with suitable structuring and configuration The IP addressing is necessary for setting the architecture at a certain packet passing rate Staff and users will be accounted with primary and essential knowledge of interconnection within the grid The staff and personnel will be aware about the network security policies and they would not be violating the rules of the security policy The security and privacy policy will be activated at the time of VPN implementation Description of Network Diagram The system is depicted with including the crucial prerequisites of segments associated in the network. The configuration is made do with considering effortlessness in design with stressing the availability procedure. The switches have RIP routing convention incorporated into the design for appropriate bulk of packet passing through the connected network architecture. The RIP convention is appended for particular bundle going in the system. The switch to switch passage is recognized as 10.0.0.0 and the change to switch portal is distinguished as 192.168.10.0 and 192.168.20.0 individually. The switch is incorporated into the system chart with passing the parcels all through two doors of 192.168.10.1 and 192.168.20.1 too. The switches are interconnected in the middle of the PCs and switches. The switch is possessed with quick Ethernet ports as fro 0/1 to 0/24; there are 24 quick Ethernet ports. The IP locations are in space of 192.168.10.0 and 192.168.20.0 individually. The association is kept up with adaptability as far as segmenting the two areas with two separate doors as 192.168.10.1 and 192.168.20.1 individually. The security encryption as "AES" is incorporated into the outline also. The verification is put as pre-offer mode. The verification is put through with sharing the key however the switch design alongside some IP address ranges. The key is pre-shared as to setting up the privacy in the middle of the frameworks for preparatory SA development. The system outline is dynamic with "isakmp" convention in the 10.0.0.0 entryways through the interfaces fa0/0 and fa0/1. The convention is incorporated into the outline for securing the encryption under the PCs in IP address scope of 192.168.10.2 to 192.168.10.255 and 192.168.20.2 to 192.168.20.255 separately. The computers are communicating with suitable packet passing as shown in the following figure. Figure 2: Ping test in between first and second PC The AES encryption is actualized with hash code "SHA" under the system engineering for fortifying the security and bundle passing component. The figure key is relegated as "toor" in the configuration, and the key is pre-shared under the IP ranges. The sharing imparts in the PCs without interpreting the message physically. As secure 'SHA 256' calculation is utilized alongside AES encryption for irregular hash-code era under a reasonable key task. The calculation is compelling inside Virtual Private Network, as it has no issues in decoding messages without a moment's delay. The security approach 10 is incorporated into the usage, as it is good with VPN arrangement with all parts of protection in bundle passing. The strategy is helpful inside the system for making the NAT conceivable under VPN setup too. Justification of Network Design The network design is justified as it is aligned with security and design initiatives as well. The necessary alignment with objectives is included along with suitable and essential design requirements. To provide low cost implementation of Virtual Private Network with serving more residents and corporate staffs; the VPN is implemented. It is feasible with low cost yet higher performance network architecture. To integrate the management units into the existing IT network with mitigating the difficulties; is implemented with dynamic IP configuration under the architecture as well. To implement the network with legacy hardware and software without any discrepancies in interconnection; as the VPN configuration does not require more important components in this aspect. To implement the network with including access controlling for proper policy and maintenance planning; the network is considered with access control lists in the process. The security considerations are included as followin g in form of techniques for mitigating the risks and discrepancies. To include potential policies in the organization practices with including deployment of technology; the security policy is included as isakmp. To recommend several security and privacy considerations under the network for mitigating the risk of packet transmission without exploit. To incorporate the suitable security guidelines under the network connection for privacy maintenance; the policy documents need to be distributed to the users and staff. To minimize the security and maintenance cost with increasing the performance later on with connecting the components in network architecture as well. Description of Major and Required Equipment The requirements of hardware and components are included as following with specifications in the network diagram. The design is managed with considering simplicity in architecture with emphasizing the connectivity process. The required hardware components are quite popular in market within limited cost as well. 2811 Router: The routers are general with two fast-Ethernet interfaces as 0/1 and 0/0. The routers have RIP routing protocol included in the configuration for suitable packet passing regardless of gateway. The RIP protocol is attached for specific packet passing in the network. The router to router gateway is identified as 10.0.0.0 and the switch to router gateway is identified as 192.168.10.0 and 192.168.20.0 respectively. 2950-24 Switch: The switch is included in the network diagram with passing the packets throughout two gateways of 192.168.10.1 and 192.168.20.1 as well. The switches are interconnected in between the computers and routers. The switch is occupied with fast-Ethernet ports as fro 0/1 to 0/24; there are 24 fast-Ethernet ports. General PC: The personal computers are generic with no extra requirements regarding the network connection. The IP addresses are in domain of 192.168.10.0 and 192.168.20.0 respectively. The connection is maintained with scalability in terms of sectioning the two domains with two separate gateways as 192.168.10.1 and 192.168.20.1 respectively. VPN Tunnelling and Encapsulation Requirements The VPN tunnelling and encapsulation requirements are included with including the security policy in the process. The security encryption as AES is included in the design as well. The authentication is placed as pre-share mode. The authentication is put through with sharing the key though the router configuration along with some IP address ranges. The encapsulation requirements are included as following: isakmp protocol: The protocol is assigned with mentioning a key as toor in the network architecture. The key is pre-shared as to establishing the confidentiality in between the systems for preliminary SA formation. The network design is active with isakmp protocol in the 10.0.0.0 gateways through the interfaces fa0/0 and fa0/1. ipsec protocol: The protocol is included in the design for securing the encryption under the computers in IP address range of 192.168.10.2 to 192.168.10.255 and 192.168.20.2 to 192.168.20.255 respectively. AES encryption: The AES encryption is implemented with hash code SHA under the network architecture for strengthening the security and packet passing mechanism. The cipher key is assigned as toor in the design, and the key is pre-shared under the IP ranges. The sharing helps to communicate in the PCs without deciphering the message manually. SHA 256 algorithm: As secure SHA 256 algorithm is used along with AES encryption for random hash-code generation under a suitable key assignment. The algorithm is effective within Virtual Private Network as it has no issues in decrypting messages at once. Security Policy: The security policy 10 is included in the implementation, as it is compatible with VPN configuration with all aspects of privacy in packet passing. The policy is beneficial within the network for making the NAT possible under VPN configuration as well. Implementation of Planned Network The implementation of the planned network is quite simple in this aspect. The routers are connected though the cross-over cables within the gateways as 10.0.0.1 and 10.0.0.2 within them. The switches are connected with computers and routers with straight cable wiring. The PC gateway is identified to be 192.168.10.1 and 192.168.20.1 as well. The computers are configured with 192.168.10.2 to 192.168.10.255 and 192.168.20.2 to 192.168.20.255 IP addressing. The routers are included with RIP packet routing procedures. The cryptography is assigned with security policy 10, along with pre-shared authentication of key. The encryption is implemented with AES security over packet passing. The hash code SHA is attached for showing the random key generation with mapping the access-list 101 in IP range of 192.168.10.0 to 0.0.0.255 and 192.168.20.0 to 0.0.0.255. Again, the second router is incorporated with access-list of 101 within similar ranges of IP addressing. The mapping is supported with CMA P and TSET compatibility for key matching of toor. Figure 3: isakmp Cryptography active in first router Figure 4: ipsec Encryption Shown in red outline Conclusion The assumptions in network design and security are included for managing the in-scope requirements only. The network design is justified as it is aligned with security and design initiatives as well. It is feasible with low cost yet higher performance network architecture. To implement the network with including access controlling for proper policy and maintenance planning; the network is considered with access control lists in the process. The RIP protocol is attached for specific packet passing in the network. The protocol is assigned with mentioning a key as toor in the network architecture. The cryptography is assigned with security policy 10, along with pre-shared authentication of key. The encryption is implemented with AES security over packet passing. Bibliography Ahmed, B. A., Saleem, Y., Waseem, S. (2015). AN IMPLEMENTATION OF MULTIPROTOCOL LABEL SWITCHING VIRTUAL PRIVATE NETWORKS AND INTERNET PROTOCOL SECURITY USING GRAPHICAL NETWORK SIMULATOR 3 AS AN EDUCATIONAL TOOL.Science International,27(3). Burke, C. (2015). Implementation and Evaluation of Virtual Network Functions Performance in the Home Environment. Chen, Y. L., Chen, P. W., Wang, C. H. (2015, October). Performance improvement for CMT-SCTP via load-balancing virtual connections. InComputing and Communication (IEMCON), 2015 International Conference and Workshop on(pp. 1-7). IEEE. Dumka, A., Mandoria, H. L., Dumka, K., Anand, A. (2015, March). MPLS VPN using IPv4 and IPv6 protocol. InComputing for Sustainable Global Development (INDIACom), 2015 2nd International Conference on(pp. 1051-1055). IEEE. Gharam, M., Salhi, M., Boudriga, N. (2015). An LTE-Based VPN for Enhancing QoS and Authentication in Smallcell Enterprise Networks. InCryptology and Network Security(pp. 248-256). Springer International Publishing. Ghilen, A., Azizi, M., Bouallegue, R. (2015). Q-OpenVPN: A New Extension of OpenVPN Based on a Quantum Scheme for Authentication and Key Distribution. InCryptology and Network Security(pp. 238-247). Springer International Publishing. Gladstone, P. J. S., McGrew, D. A. (2015).U.S. Patent No. 9,178,697. Washington, DC: U.S. Patent and Trademark Office. Han, S. B., Phan, T. (2015).U.S. Patent No. 9,178,761. Washington, DC: U.S. Patent and Trademark Office. Kim, B., Oh, S. (2016). Implementation of Data Visualization of Harmful Information Filtering System.International Information Institute (Tokyo). Information,19(3), 987. Liao, T., WU, B., Dai, X. (2016).U.S. Patent No. 20,160,134,591. Washington, DC: U.S. Patent and Trademark Office. Liu, V., Tesfamicael, A. D., Caelli, W., Sahama, T. R. (2015). Network security and performance testing for health information system management. Lospoto, G., Rimondini, M., Vignoli, B. G., Di Battista, G. (2015, May). Making MPLS VPNs manageable through the adoption of SDN. InIntegrated Network Management (IM), 2015 IFIP/IEEE International Symposium on(pp. 1155-1156). IEEE. Priyanka, B. H., Prakash, R. (2015). A Critical Survey Of Privacy Infrastructures.arXiv preprint arXiv:1512.07207. Social Housing Program Protects Network Inside and Out. (2016). www.cisco.com. Retrieved 29 May 2016, from https://www.cisco.com/c/dam/en/us/products/collateral/security/new-charter-housing.pdf Zhou, L. (2015, January). Implementation of Linux VPN Gateway based on Netlink communication. InControl Engineering and Information Systems: Proceedings of the 2014 International Conference on Control Engineering and Information Systems (ICCEIS 2014, Yueyang, Hunan, China, 20-22 June 2014).(p. 399). CRC Press. Zhuang, S., Li, Z., Baohua, S. O. N. G. (2015).U.S. Pate.