Intrusion Detect Algorithm: Campus Network Solution Design And Security Features Essay.

Discuss About The Intrusion Detect Algorithm Campus Network?

The report is prepared for a medium sized enterprise to connect all the departments if the organization and improve the current capacity of the organization for the accommodation of its future growth. The technologies that can be applied for the development of the solution are documented in the report. The report contains the scope and limitation of the network and the requirements such as the hardware and the software for the development of the network solution. The logical design, physical design and the network topologies are developed and an IP addressing is created for each of the department. The security measures that can be applied for increasing the security of the network are also discussed in the report. Redundant link are created for responding to the network failover and implementation of VPN service for allowing the remote users to connect with the resources of the network.

The main scope identified for the development of the project are listed below:

• To integrate the existing network of the organization with the new devices and equipment for reducing the cost of the network.
• Configuration of the network services and configuration of the routing devices as per the requirement of the organization.
• Up gradation of the existing servers of the organization and enabling virtualization of the server for handling more number of request from the client.
• Wireless access point should be installed in the network for allowing the users with wireless devices to connect with organizational network.
• Securing the access point for securing the network from illegal access.
• Increasing the redundancy in the network for removing the failover point and increasing the availability of the resources in the network.

The limitations identified for the development of the network solution are listed below:

• Compatibility of the previously installed networking devices with the newly installed devices.
• The finance and budget of the proposed solution should be approved for deployment in the organization
• The security of the network should be high and the flaws in the system should be removed for increasing the quality of the network.
• The network administrator should be efficient skills and knowledge for configuration of the network devices according to the needs of the organization.

The requirement for the development of the network solution can be categorized into different sections such as general and product requirement, service and network requirement, security and hardware cabling requirements.  

• The proposed network solution should be created following the quality of standards for each of the device installed in the network.
• The intranet and the internet traffic should be divided for reducing the response time of the system and high level design should be shown for ease the management process.
• The servers should be stored in a separate room under lock and key for restriction of the physical access.
• Virtualization should be applied on the server for balancing the loads and handle number of request at a time.
• The current network should be covered and it should be extended for inclusion of the current network components for the development of the network solution.
• A proper addressing plan should be created for allocation of IP address to different VLAN and dividing different subnet for saving the address space.
• Configuring the server with DHCP to allocate the IP address to the Pc connected in the network automatically.
• Installation of a firewall in the entry and exit point of the network for securing the network traffic securing the network from unauthorized access.
• Encryption of the communication channels for securing the network from different types of attacks
• Use of encryption and password in the wireless access points for reducing the risk of illegal access
• Use of proper cabling for interconnecting the device installed in different location of the network.

For the development of the network solution for the medium sized organization different types of network topology is selected. A ring network is used for connecting the nodes in the finance department and rest of the network is connected using the star topology. The switch acts as the central point of communication for the network. The administrative building is used for the installation of the servers, data centers, routers and the core switches. A firewall is installed in the network for allowing the access of the authorized remote users to connect with the core resources of the network.

Subnet Name	Needed Size	Allocated Size	Address	Mask	Dec Mask	Assignable Range	Broadcast
Administrative network	50	62	172.39.30.128	/26	255.255.255.192	172.39.30.129 - 172.39.30.190	172.39.30.191
Finance Network	100	126	172.39.30.0	/25	255.255.255.128	172.39.30.1 - 172.39.30.126	172.39.30.127
Sales Network	200	254	172.39.28.0	/24	255.255.255.0	172.39.28.1 - 172.39.28.254	172.39.28.255
Dispatch Network	150	254	172.39.29.0	/24	255.255.255.0	172.39.29.1 - 172.39.29.254	172.39.29.255

A multilayer security design should be applied for the development of the secure network solution. A backup mechanism should be created for each of the device installed in the network and a dedicated hardware device should be installed in the network for limiting the access of the core network resources to all the users connected in the network [8]. The network should be divided into modules such as internet access, remote access or VPN, network management and services, wireless network and user services. For securing the internet access packet filtering, authentication, audit logs and physical security devices such as firewall, IPS should be applied. For securing the server it should be installed in the DMZ zone and it should be configured to run only required services for protecting it from intrusion attacks [12].

Requirements

Thee remote access and the VPN should also be secured with the application of authentication and authorization mechanism. The point to point established between the remote user and the remote routers should use CHAP authentication and the RADIUS server can be used for centralizing the data management and authenticating the dial in and the dial out service [1]. 

If one of the link in the network the fails then a backup link should be used for reaching the destination nodes connected in the network. The core network should have redundant links and dual channels should be created for establishment of connection between the source port and the destination address [3]. For the management of the business traffics in the medium scale enterprise network a load balancing mechanism should be applied for increasing the reliability of the network. A reliable data communication should be created for increasing the availability of the resources and increasing the availability of the VPN connection.

A VPN software is required to be selected for establishment of a VPN tunnel between the user and the organizational network for securely communicating with the network components. The internet is used for establishment of the connection between the remote user and the network [11]. With the implementation of the VPN service in the network the following benefits can be gained by the organization such as:

• Extension of the geographical connectivity
• Reduction in the operation cost
• Reduction in the time taken for transmission for the remote users
• Simplification of the topology of the network
• Improvement in the productivity

For securing the data connection in VPN the following methods are used

• Data confidentiality – The data is encrypted before sending to the user connected via the VPN because the data is sent in a public network and it can be access by any third party user for illegal use.
• IPsec – It is applied for increasing the security levels and using strong encryption algorithm and comprehensive authentication mechanism for securing the network. The two modes tunneling and transport are utilized, where in the tunnel mode the header of the data packet is encrypted and in the transport the payload is encrypted [5]. For the application of IPsec the system is required to be compliant with the protocol and same policy should be set in the network.
• PPTP/ MPPE – multi protocols are used in PPTP utilizing the multiple point to point protocol. 40 bits and 128 bit encryption is used for encrypting the communication channel.

Data Integrity – It is important to check the data on deceiving on the other end for ensuring that the data packet contains all the information and it has not been tampered.

Authentication of data origin – The source of the data should be identified and it should be applied for protection against different types of attacks.

Data tunneling – In this process the data packets are encapsulated into another packet for transmission in the network [2]. It is used for hiding the identity of the users and protecting the source from where the packet is generated.

Conclusion

From the above report it can be concluded that the network solution is prepared after analyzing the requirement of the medium sized organization. The internet security policy that can be applied for increasing the security of the network is created aligning the business requirement. A list of the equipment are created for analyzing the requirement and designing the network. A failover scenario is also required to be created for responding against the needs emergency condition and mitigation of the risk associated with the development of the network solution. Separate VLANs are created for each of the department and groups for creation of separate channels of communication and reduce the congestion in the network.

References

Brewer, "Advanced persistent threats: minimising the damage", Network Security, vol. 2014, no. 4, pp. 5-9, 2014."IEEE/ACM Transactions on Networking society information", IEEE/ACM Transactions on Networking, vol. 24, no. 5, pp. C3-C3, 2016.

Langenhan, VMware View Security Essentials. Packt Publishing, 2013.

"Optical Switching and Networking", Optical Switching and Networking, vol. 10, no. 4, pp. 463-464, 2013.

Subramaniam, M. Brandt-Pearce, P. Demeester and C. Vijaya Saradhi, Cross-Layer Design in Optical Networks. Boston, MA: Springer US, 2013."Introduction to Information Security", Network Security, vol. 2013, no. 12, p. 4, 2013.

"The Practice of Network Security Monitoring", Network Security, vol. 2014, no. 10, p. 4, 2014.

Wang, "The Design of Improved Elman Network Intrusion Detection Algorithm in Digital Campus Network", Advanced Materials Research, vol. 1049-1050, pp. 2096-2099, 2014.

Kermanshahi, Y. Shafahi and M. Bagherian, "Application of a new rapid transit network design model to bus rapid transit network design: case study Isfahan metropolitan area", Transport, vol. 30, no. 1, pp. 93-102, 2013.

Yadegari, M. Zandieh and H. Najmi, "A hybrid spanning tree-based genetic/simulated annealing algorithm for a closed-loop logistics network design problem", International Journal of Applied Decision Sciences, vol. 8, no. 4, p. 400, 2015.

Liu and W. Qu, "Design of Campus Network Database Access Based on Encryption", Applied Mechanics and Materials, vol. 608-609, pp. 331-335, 2014.

Hosapujari and A. Verma, "Development of a Hub and Spoke Model for Bus Transit Route Network Design", Procedia - Social and Behavioral Sciences, vol. 104, pp. 835-844, 2013.

"The Comprehensive Evaluation Research of Campus Network Security Based on the Analytic Hierarchy Process (AHP)", INTERNATIONAL JOURNAL ON Advances in Information Sciences and Service Sciences, vol. 5, no. 7, pp. 809-816, 2013.