Orchid Bridge University Network Infrastructure Essay Proposal.

Describe the Network Construction and Administration.

The Orchid Bridge University is a private school that provides degree courses in the Information Technology (IT) area. The university provides an online school platform where students and lecturer are able to access to the teaching resources anywhere on the go. The school have expanded over the years, with the increase in student enrolment as well the number of staff and lecturer. With the increase in population, there is a need to have a well-managed campus IT infrastructure. The infrastructure shall comprises of communication & resources management, IT security, authentication and user access management.

The University has engaged with our team to propose a network infrastructure that enables both the staff and students to be able to share resources. Security protection, data backup and performance monitoring are included in the proposed structure. A server with active domain directory will be implemented for the purposed of resource sharing and network management.

The proposed network setup shall fulfil the daily operation requirement to meet the future expansion of the school. 

The school required for a network infrastructure to be available online for 24/7 and to be protected against cyber security threat.

The following shows the identified requirement specification for the proposed network infrastructure:

Area specification	Requirements
Operating system	Window server 2016 Operating system will be implemented to provide the necessary services to the staff and students within the university. Active Directory (AD) domain will be defined in the Window Server for different user. The client PC will be the Ubuntu Operating System, in which the staff will be using the Linux OS to access to the services.
User access management & network services	This involves creating the necessary group policies to be applied to different groups of user such as students and lectures. Each of the user group will be assigned with a group policy for accessing to different file directories. Password policy will be enforced across all user groups to be followed as well. Login permission will be defined for each user groups
Communication & resource management	The following items will be included as part of the infrastructure: Email services. Common communication platform among users. Printing services. A necessity for the staff in printing out documents. Policy will be defined on the specified user group that have access to the printing services. Remote access services. Provides a convenient platform to access to the school network outside the school compound.
Performance management	Monitoring the server is a crucial role of the network administrator to ensure that the servers are running at a stable rate. Having an understanding of the network traffic load would enable the administrator to divide the load accordingly, and to resolve any minor problems before it leads to serious outrage.
Backup	Having a data backup plan forms the basic foundation to recover from a disaster. The plan shall include the items to be back up, the duration, the scheduling as well as the method to be implemented.
IT security	Having a secure network infrastructure in place will prevent a malware attacker or hackers from attempting to access to the school network and data.   The infrastructure shall have a security policy shall covers the following: Physical security Logical security Firewall Data Protection Act for the protection of personal data
Web server failover	Having an additional web server in the network will serve as a failover mechanism in the event the primary server is down. Such implementation will ensure that the user will have access to the online resources without any disruption when the primary server fails to operate.

Directory service is referred to as the distribute information infrastructure to administrate, locate and manage network resources and also some items which are commonly used such as folders , users, files ,storage, other devices from network and groups.

On evaluating the gathered requirements from user, the finest set of result is to categorize the Active Directory facility from Microsoft Inc.

Centralize Management

Account formed by the user in Active Directory is being treated as an object , and this allows to handle the project for group policy. For illustration, there are multiple services managed under the AD this are , printer , email and file sharing , each profile can manage the resources related to the network and this increases efficiency by reducing the chances of multiple data entry.

This goes same for the new service provider , users are granted right to access and does not require any further amendment.

In addition to other features, AD also provides great flexibility in expanding the network structure for multiple domains. While connecting to multiple domains, it results in forming of domain tree, where single or multiple domains are being joined together.  

Security provided by the AD is high. The data are being encrypted and thus provides secure place within the network. Therefore, AD utilizes the group policy object to manage the user control access and also helps in authenticating the data.

With AD one can integrate the DNS record , that includes IP address within the name of the computer this can easily be interpreted by administrator or client.

While building the AD, well maintained and informative guide is required so that it can help others to understand the tree easily. Below mentioned diagram represents the Domain Tree object of the Orchid Bridged University.

For gaining the permission for login of an individual or for a group of users, the secured and the most convenient method is Windows Authentication feature ,this verifies the identity of the users across the whole domain tree and in addition to this also supports many authentication protocol , including Digest ,Kerberos, Secure Sockets Layer and Transport Layer Security.

Requirement Specification

After creating a structure for domain tree , the credential for each individual user groups are being created as follows:

Active Directory users and computers

All accounts are having its own unique domain ID for login based on their date birth year and name.

User Account Information of Alex Koh

The Policy Management for group in Windows Server 2016, this allows officer to change and they manages the level of security for user credential, this includes strength of the password, policy for lock out, password expiry duration and etc.

The main aim is to manage the permission required to access a file and this is needed to be controlled by different groups. Also , publishing a mutual file is a fact of general association among the branches inside the campus. In Orchid Bridge University, all the collective folders and records are resided in file server, which is hosted by IT Service branch. This folder is granted with different access permission.

The table listed below states all the access permission that can be controlled by Active Directory:

Permission Type
Full Control	Permits reading, writing, changing, and deleting of files and subfolders
Modify	Permits reading and writing of files and subfolders; allows deletion of the folder
Read & Execute	Permits viewing and listing of files and subfolders as well as executing of files; inherited by files and folders
List Folder Contents	Permits viewing and listing of files and subfolders as well as executing of files; inherited by folders only
Read	Permits viewing and listing of files and subfolders
Write	Permits adding of files and subfolders

Figure 5: Folder Access Permission Type [7]

User Group	User	D:/head	D:/lecturer	D:/student	D:/server	D:/database
Head Master	Muthu	Full Control	Full Control	Full Control	No Access	No Access
Lecturer	Alex	No Access	Full Control	Full Control	No Access	No Access
Student	Randy	No Access	No Access	Full Control	No Access	No Access
Server Administrator	Andy	No Access	No Access	No Access	Full Control	Read & Execute
Database Administrator	Eric	No Access	No Access	No Access	Read & Execute	Full Control

This screenshot tells about the access permission for folder of different group of user: 

Access Permission for folder of Accounting and Finance

Printer plays a very important role in everyday , there are many documents available in the University which are needed to be printed , and in case the printer break downs then this will impact the works in University and will lead to unnecessary delay or work and operation.

Feature of printing pool enables the high accessibility for providing printing service. Printing pool is basically a logical printer consisting multiple printers connected through physical printer ports.  These physical printer ports are visible to users. The job is being sent to the logical printer from the user , hence logical printer will assign a printer from the queue available at the physical printer. In case anyone of the printer breakdowns the logical printer assigns the task to other printer in the queue.  

The virtual IP address hosted for the Printer server is 192.168.32.135

In AD , split printer is treated as an entity. Administrator have the control over the access permission for resources. In the present situation, everyone is allowed to print as the permission is set to allow.

Virtual Private Network is referred to the use of public network for establishing a network among the corporate , and this networks have similar security ,functional and management description, replaces the conventional way of dial-up access. VPN is an substitute for existing business private wide area network, some of the features of original wide area networks does not changes with VPN, this includes high reliability , multiple protocol support and high degree expansion.

VPN basically have three applications, specifically Extranet , Intranet  and direct remote access (Remote Access). Remote Access (Remote Access) VPN connects mobile users and undersized offices through internet for accessing the company network resources through telephone dialling. Intranet VPN uses Internet for head office and division offices and connects to a fixed location , for becoming company’s overall network. Extranet VPN and Intranet VPN are connected in order to extend the corporate business partners, for example customers and suppliers in order to attain the principle of contribution information with each other. 

Active Directory

Characterstic of VPN includes : 

1. VPN uses low cost bandwidth in the use of equipment , also based on the architecture wide area networking can be done , this will save the money and will reduce the total cost of corporate network. According to an analysis, when LAN-to-LAN connections is compared with VPN , the saving cost for leased line is around 20% to 40%; and for remote access, it saves up to  60% in comparison with direct dial-up VPN . 

2.  VPN architecture style is flexible, when there is a need for expansion in the network it can be easily achieved by the VPN. VPN platforms provides full scalability to  large business headquarters, small area office , and constant for  person dial-up users, is also incorporated in the overall VPN architecture. In addition to this, VPN policy also has a wide-area system bandwidth for future expansion.   

3. VPN architecture uses good security this includes Tunnelling, Encryption, Authentication, Firewall and hacker Investigation and Prevention System (Intrusion Detection) technology. This ensures that the transmission of data will be safe and secured, and no one will be able to steal data or in case it is being stolen then the person will not be able to read it.
4. Management in VPN is easy , devices are being arranged properly and requires less physical line , the network is relaxed, irrespective of the new entrants via the internet path. Certified VPN Client provides tunnels with encryption for use in the branch-office, the user can create a secure tunnel to the corporate network. In addition, highly confidential information shared. Limited user can also attain the similar reason by the LAN encrypted tunnel between computers. 

1. The core of certification can authorise the identity of a consumer effectively. It makes the certificate impossible to forge and by implementing it you can transparently and seamlessly enhance the toughest security polices of the corporate field.
2. The RADIUS server is used to get the centralized remote access mode of authorization and authentication. The access can be given to different types of users receding in different level of the operating authority. High level capabilities of security can be given by the implemented applications. It can be secured from the aspect of user authentication system and from the lookout of the cost effecting. Whenever the data is transmitted from a community system to a private system, the receiving end should ensure the security by using the VPN data encryption. So to establish a secure connection each of the packet needed to be encrypted while transmitting and decryption is needed at receivers end. The encryption and decryption is a quite heavy process for the VPN device thus it takes most of the computing power. The hardware based encryption and decryption is faster and easy to manage compared to the software based encryption and decryption. Also, the possibility of damaging the data is less in the hardware based compared to the software based encryption and decryption.

From the analysis of the above data we determined that it does not matter that what kind of VPN network is used, still the interconnection between the distribution networks can be achieved which can be used for information sharing. Hiring expensive digital dedicated lines is not required at all. That means it is satisfying all the needs which are safety, reliability and low costing in the wide area of the networking.

The VPN services allow the users of a non-school network exposure to control the school system of the internet access. The user of the VPN firstly, need to connect to the web services by their own, thereafter they can use connect to the private VPN of the school to access the campus network. After the connection has established through the VPN network the website of the school and email can be accessed. Also, the files can be shared through it.

To use the school VPN some special services are required to follow:

1. The VPN services are must only be open for the staffs of the school.
2. The VPN service is free of cost.
3. The VPN can be accessed online and from the school network at the similar time but network access and school network access cannot accessed at the same VPN.
4. The user have to agree with the guidelines of the network of the campus. The credential information of the VPN network must not be shared publicly.
5. Leaving the network can lead to termination of the VPN services.  

Backup purpose 

Data backup form an essential process for an organization and the amount of data generated will be huge as the school’s population grows.  In addition, essential data are required to be kept by the University for auditing and back tracking purpose, such as financial record and student particulars, as well as to be able to retrieve required data as and when needed. Having a backup strategy will ensure that the data files are backup periodically so as to prevent data loss resulted from natural disaster and cyberattack, and the school will be able to recover them as soon as possible. 

Backup methods 

3 backup methods are proposed for the online school, which are discussed as follow: 

Full back up occurs when the entire data in the server are fully back up, in which it will copy all the data files from the server and other storage and store onto another set of media. Full backup will ensure that the data are protected against loss since the full data are back up. This method is typically done on a weekly basis. Fast and easy recovery is possible as the complete data is readily available. More storage spaces are required and time consuming in backing up the data.  

This method will consolidates all the data that have been updated or modified since the last full back up or in the last incremental backup. Less storage spaces are required and allow retention of multiple versions of the same files. An incremental backup are done after the initial full backup. Longer durations are required to restore a specific files and the recovery will not be complete if the backup fails. 

Similar to incremental backup, differential backup will create a copy of the changed data from the previous backup, but the differences is that differential backup will store the changed copy of the data from the previous last full backup. Less storage spaces required and able to restore the last full backup and last differential backup. The downside is that it is slower and would require an initial full backup first. Recoveries are incomplete if one of the backup methods fails. 

Centralized Management

The purpose of implementing a backup policy in place is to ensure that there is always one or more restorable points available for user to restore the data state. The following will discuss on the backup responsibilities as well as the type of data to be backup. 

The server administrators under the IT department are responsible for ensuring that the required data are to be back up successfully. Regular testing on the data backup is to be conducted on the storage media, on a monthly basis. This also includes checking on the physical condition of the storage media as well. Doing so will ensure that the data stored on the backup storage media can be completely restored to the end-user workstation, as and when required. 

Documentation on the data backup is to be done by the server administrator, for record keeping and back tracking purpose. 

The documentation shall include the following details: 

A catalogue on which files are backed up on which tape

Type of backup being done and the content

Logs file on when the backup was done and the backup duration.

Monthly backup test result

Hardware and software requirement 

SAN will be the main option for data backup. It connects directly to the network and backup the data automatically from the server itself. All the data files and storage disk are located on the same network. Such approach provides high backup speed as it reduces the server storage capacity and improves on the data availability. Multiple servers are able to retrieve the same data, hence avoid the same information from duplicate across the network. 

Tape has the capability to store data for a long duration and able to retrieve as and when required. The proposed tape for storage would be the Linear-Tape Open (LTO). LTO have the capability to store data up to 30 years offline. It is known for its durability and stability; such properties will ensure that the school would be able to meet the industry regulation for data retention.  The tapes are to be stored in a cool, humidity-controlled location and shall be free of any magnetic fields. 

The server administrator will be responsible for backup the essential data for the online school. All the data are to be retained for a period subjected to the retention policy. Approvals are to be obtained from the server administrator before any disposal or erasure. 

The following table shows the type of data to be back up and the proposed storage media:  

Type of data	Backup media proposed	Proposed storage duration	Remarks
Financial & accounting records	Tape	5 years for each Financial year	The data may be retrieved for auditing purpose and to check on the financial health status from the authority.
Students & staff particulars	Tape	10 years	The particulars are to be retained upon the student graduated from the school and the staff no longer in the school.  This includes the termination of the login account to the online learning portal system.
Students exam result &  transcript	Tape	Life-long	There may be cases where the student may request for the retrieval of their exam results from time to time. Tape will be able to store the result for a long period of time to cater for such requirement.
Teaching materials	Disk on the Storage Area Network	5 years	The syllabus contents are refreshed every 5 years, and such content are to be kept before the new syllabus replaces the old teaching content. Hence storing the data on the SAN would be able to support the dynamic changes to the data.
Exam papers and written script	Disk on the Storage Area Network	3 years	The exam scripts are to be kept in the event the students may want to dispute on the exam results.

Backup schedule

The following shows the proposed schedule for the data backup, the backup will commence in the wee hours:

Day	Time	Backup type
Sunday	12:00am	Full backup
Monday	01:00am	Incremental backup
Tuesday	01:00am	Incremental backup
Wednesday	01:00am	Differential backup
Thursday	01:00am	Incremental backup
Friday	01:00am	Incremental backup
Saturday	01:00am	Differential backup

The full backup will commence at 12:00am, as extra time are assign for full data backup to be implemented.

The following shows the hardware to be implemented for the backup

The following shows the proposed data recovery methods for the university, which is subjected to different delivery period:

The server administrator will ensure that every possible attempt being done to recover the required data within 1 working data. But that is not subjected to natural disaster or catastrophic events such as flood or fire damaged, which may not be available for long duration.

Security and Authentication

Next best available time will be allocated for such request, and will usually be within 3 to 5 working days.

The staff/lecturer who wishes to restore any files from the server is to submit a request to the system administrator. The request for the restoration shall include the following details:

File name

Directory file

Last modified date and time

Estimated date and time in which the file was destroyed/ deleted.

Both the system and data forms an important assets to the university, which required to be made available to the staff and students as and when required for their officially work or usage. Security protection on the system and data would become crucial, and the University have the rights to safeguard and maintain the integrity of such information and data. The network and physical security plays an important role, which serve as a first line of defences in protecting the overall infrastructure and information for the university. Proper handling of storage media and ensuring stable power supply are an essential means to ensure data security and services are running as per normal.

Physical security

The following discussed the proposed physical security implementation:

All servers and network equipment (router & switches) as well as the network cabling are to be placed in a secured room. Each of the equipment is to be mounted into the rack, secured with unique key access. The access to the server room is through card access, and the same policy goes for the backup storage media as well. Only authorised personnel are issued with the access card to enter the room, external personnel are to be escorted at any point in time in the secured room.

CCTV(s) are to be implemented to monitor the activities inside the database, it served as deterrence for any personnel trying to disrupt the services in the data center.  It is proposed to be place near the entrance of the room, near to the equipment racks & storage media. Extra surveillance shall be proposed to be place near to the important server where it store sensitive data such as the financial record. The video recording will be captured and store at a secured location where the server administrator have access to the room.

The laptop locks serve as a precaution to prevent anyone from physically taking the laptop away from the work desk or at any location. The laptop locks will be provided to the staff and lecturer to physically secure the laptop on their desk when they are not around. The locks are to be secured with a PIN, as predefined by the staff.

Biometric access will be implemented for the access to the data center, in the form of thumbprint verification. Logging will be enabled in the system, in which to keep track of the personnel who enter the room, as well as the duration that the user enters and leave the secured room. 

The server administration has the rights to assign the appropriate permission to access to the data center, the files stored on the server as well as the routers and switches configuration. The assignment of the privileges will be based on the individual roles and responsibility in the school. For instance, the server administrator has the rights to access to the server setting and the equipment configuration. Each of the personnel is to follow the password policy guideline implemented, for their own laptop/desktop and also to change the password frequently. 

Windows Authentication

Operating system security 

Both the server and the client’s PCs are to be installed with the anti-virus software. It serves as a protection to the end-user by detecting and removing away malware and viruses. A schedule time shall be set on the client PC and the server to perform regular scan & checking on the machine. 

Windows server 2016 provides the options for the administrator to define what are the services required for the network. Unwanted network services and network ports are to be removed accordingly; those critical ports are to be remained for the necessary operation of the network. For example, the telnet network services will be removed from the server. Permission shall be assign to appropriate personnel to access to the registry entries.

New security patches are usually release for the purpose of keeping the server up to date, and also for the equipment firmware. The new release patches are to be tested on a test environment before implementing on the actual production network. The purpose is to ensure that the new patches are working during the testing stage and not bringing the actual network down. Documentation on the security patches being applied to the server are to be documented down by the server administrator for record keeping purpose.

The following shows the proposed solution for removing unwanted or damage storage media and hard copy document:

Old hard disks are to be degaussed and reused accordingly to the health of the disk. Performing degaussing will completely remove the unwanted information from the hard disk. Damaged hard disks with corrupted sectors are to be shredded with a special hard disk shredder.

Hard copy document and the ID access card of ex-employee are to be shredded with a paper shredder, where it will completely destroy the documents, prevent dumpster diving.

Power is an important source to ensure that the equipment and server are operating and to serve the user at any point of time. The following shows the proposed solution to handle power failure

Uninterruptible Power Source (UPS) are proposed. UPS will be able to provide continuous power supply to the equipment while ensuring that the server administrator are given ample time to locate the source of the power failure.

Power generator will served as a secondary standby in the event the power failure stretches beyond the capabilities of the UPS. Both the UPS and power generator will be tested on a monthly basics and documentation are to be done for such testing.

The university shall ensure that all the personal information of the students and staff are kept & handle in a confidential and secure manner. Consents are to be agreed by the student and staff for the collection and usage of such information, and to be used within the University itself.  Only authorised personnel shall be allowed to manage and access the information with the permission.

The following shows the overall usage purposed for each group’s information:

Types of data	Usage purpose
Student information	Student information verification check Student enrolment and admission Assigning of student ID pass Registering students for exam. Issuing of exam result transcript and graduate certificate Assigning login account to the online learning portal.
Staff & lecturer information	Assigning staff ID pass Payroll information Assigning login account to the online learning portal. Keeping track of accessing to network resources. Displaying lecturer details on the webpage.

According to the requirement provided in the coursework, Internet Information Service is being used to setup the web server for hosting a simple HTML temple file over 80 port.  Port 80 and 90 has to be allowed on firewall, also port is needed to be forwarded on the router. Hence, users get access to our province web page.

This also allows binding between diverse ports with same IP address. The reason behind this is redundancy. In case port 80 is down, we can access port 90.

To monitor the disturbed AD services the consistent data dictionary need to be maintained. Many types of important indicator can be identified and resolved before they can create a larger problem.

According to the author this is impossible to monitor a physical and logical state at the same time and how much they know about it.

Performance is additional important aspect to explore the key area of a system weather the system is working on a healthy load or it exceeding the healthy limit. We can never relay on the physical manpower to detect the logical physical state of a time and we can never afford to supervise the problems growing with the time as they may can enlarge in future. 

Many issues can be resolved by just monitoring the AD before some can say that there is some problem.

More stable applications that is used in backend of the server will improve drastically.

The users will have faster login into the server and reliable resources.

Operational productivity may be impacted by the unnecessary help-desk issue.

Improvement in the total service for more reliability.

High level of customer satisfaction as many issues will be resolved.

With the automatic system of monitoring all the problems can be dragged into a centralized view.

Better output can be achieved as resolution is planned way ahead.

It is ensured that the supported AD must be running on the each domain.

Critical services are functioning.

Maintaining the data integrity by using the end-to-end encryption.

The LDAP queries will be faster answered.

Full control over the CPU utilization.

In a large environment it is nearly impossible to ensure the consistency of the data without systematic data monitoring. The admins will have to face hard time to manage and resolves the raised problems as they will not know what type of problems will come in their way. Common problems that can be avoided by the monitoring:

Account disabled

Log in error.

Domain control error.

Account related problem.

Inconsistency of the data integrity.

Issue with the applications.

Problems with the security.

Sometimes the most dangerous problem may not give an alert. So it necessary to check the log every time. Solution monitoring can generate the reports periodically and can give early sign of the risk. It helps to review the reports to take some early actions. 

This are several list of things that our group has chosen for implementing our coursework for efficient monitoring on configuration data and critical areas. This are some software tools that we choose to implement for our coursework to assist us with capable monitoring on critical areas and configuration data.  

“Important platform for immediate functioning intelligence which helps in collating all the information logs in order to analyze, search and visualize the data. This is very much useful in case of troubleshooting or investigating incidents or even to stay away from service deprivation or outages.” 

While using incorporated PRTG Network Performance Monitoring, we recognized the  real-time visibility of the works going on within the network. We’re able to analyze the bandwidth consumption that may alert probable choke point. In case the application finds any overcrowding within the pipeline of network, server are just generating from one exacting basis host. Even the physical and logical state examine the nodes, such as ports going down, PSU module faulty or even overheating due to fan breakdown. Anything that is supported by the device SNMP, we are able to collate using our monitoring software. 

As we mentioned earlier within our report, there are different servers that are running different services (AD, Email, Monitoring) and not forgetting our off site base across WAN. 

SurgeMail is a Windows Server supported for windows OS. The mail have the following features:

Mail

Contacts

Blogs 

The interface allows the user to direct configuration, services, spam filtering and mail settings.   

Administrator can add new user or delete user easily   

SurgeMail also have the space disk reading on the mail. This is for the administrator to monitor on the usage of the mail for users. 

SurgeMail have the logs of user who have entered to the account to send or receive mails.  

SurgeMail have the Spam Control. This is to allow the administrator to block certain sender have have been detected for spamming. 

Reference 

Enterprise Features, 2015. Backup Types: Full, Incremental, Differential. [online]. https://www.enterprisefeatures.com, https://www.enterprisefeatures.com/backup-types-full-incremental-differential/ [Accessed 7 July, 2018] 

TechTarget, 2008. Full, incremental or differential: How to choose the correct backup type. [online]. https://searchdatabackup.techtarget.com, https://searchdatabackup.techtarget.com/feature/Full-incremental-or-differential-How-to-choose-the-correct-backup-type [Accessed 7 July, 2018] 

Stronghold Data, 2017. 5 reasons it’s more important than ever to have a data backup and recovery plan . [online]. https://www.strongholddata.com, https://www.strongholddata.com/5-reasons-data-backup-recovery-plan/ [Accessed 7 July, 2018] 

Kevin Lo, 2012. Your Organization's Backup Strategy. Best practices for planning effective backup systems at your organization. [online]. https://www.techsoup.org, https://www.techsoup.org/support/articles-and-how-tos/your-organizations-backup-strategy [Accessed 7 July, 2018] 

BojanaDobran, 2018. Data Backup Strategy: The Ultimate Step By Step Guide for Business. [online]. https://phoenixnap.com, https://phoenixnap.com/blog/data-backup-strategy-guide-business [Accessed 7 July, 2018] 

Jim O'Reilly, 2016. Data Backup Strategy: 7 Considerations. [online]. https://www.networkcomputing.com, https://www.networkcomputing.com/data-centers/data-backup-strategy-7-considerations/2018824628 [Accessed 7 July, 2018] 

Peter Hofflund, 2013. 5 Benefits of LTO Technology. [online]. https://www.bigdatasupplyinc.com, https://www.bigdatasupplyinc.com/5-benefits-of-lto-technology [Accessed 7 July, 2018] 

Bill Silvey, 2017. A comparison of backup media: tape, disk, cloud storage, and more!. [online]. https://community.spiceworks.com, https://community.spiceworks.com/storage/articles/2776-a-comparison-of-backup-media-tape-disk-cloud-storage-and-more [Accessed 7 July, 2018] 

Simon Sharwood, 2017. Five types of tape for backup or archive. [online]. https://www.computerweekly.com, https://www.computerweekly.com/feature/Five-types-of-tape-for-backup-or-archive [Accessed 7 July, 2018] 

Spam Laws, 2018. How Storage Area Networks Are Used to Backup Data. [online]. https://www.spamlaws.com, https://www.spamlaws.com/how-storage-area-networks-work.html [Accessed 7 July, 2018] 

SNIA, 2018. What Is a Storage Area Network? . [online]. https://www.snia.org/, https://www.snia.org/education/storage_networking_primer/san/what_san [Accessed 7 July, 2018] 

Antony Adshead, 2017. Backup 101: Incremental vs differential vs synthetic full backup. [online]. https://www.computerweekly.com, https://www.computerweekly.com/feature/Backup-101-Incremental-vs-differential-vs-synthetic-full-backup [Accessed 7 July, 2018] 

Karla Bradshaw, 2017. 4 Reasons Why Businesses Need to Regularly Back Up Information. [online]. https://www.dobson.net/, https://www.dobson.net/4-reasons-why-businesses-need-to-regularly-back-up-information/ [Accessed 7 July, 2018] 

Steve Macke, 2017. Using Storage Area Networks to improve the restore times from backups. [online]. https://www.bcs.org, https://www.bcs.org/content/conWebDoc/3012 [Accessed 7 July, 2018] 

Andrew Tarantola, 2013. VPNs: What They Do, How They Work, and Why You're Dumb for Not Using One. [online]. https://gizmodo.com, https://gizmodo.com/5990192/vpns-what-they-do-how-they-work-and-why-youre-dumb-for-not-using-one [Accessed 7 July, 2018] 

Lan Paul, 2017. How—and why—you should use a VPN any time you hop on the internet. [online]. https://www.techhive.com, https://www.techhive.com/article/3158192/privacy/howand-whyyou-should-use-a-vpn-any-time-you-hop-on-the-internet.html [Accessed 7 July, 2018] 

Desire Athow, 2018. What is a VPN? A closer look at virtual private networks. [online]. https://www.techradar.com, https://www.techradar.com/news/what-is-a-vpn [Accessed 7 July, 2018] 

Aditya Tiwari, 2017. What is VPN (Virtual Private Network)? How it Works?. [online]. https://fossbytes.com, https://fossbytes.com/vpn-virtual-private-network-works/ [Accessed 7 July, 2018] 

Andre Bourque, 2017. 5 ways your company can benefit from using a VPN. [online]. https://www.computerworld.com, https://www.computerworld.com/article/3184651/networking/5-ways-your-company-can-benefit-from-using-a-vpn.html [Accessed 7 July, 2018] 

WhitakerUSA, 2018. 5 Ways to Destroy a Hard Drive – Data Destruction Equipment and Methods. [online]. https://www.datastroyer.com, https://www.datastroyer.com/destroy-a-hard-drive/ [Accessed 20 July, 2018]

Scott Lowe, 2011. Five tips for securely destroying data. [online]. https://www.techrepublic.com, https://www.techrepublic.com/blog/five-apps/five-tips-for-securely-destroying-data/ [Accessed 20 July, 2018] 

Venkat Rao, 2016. 5 common data center power design mistakes. [online]. https://www.computerweekly.com, https://www.computerweekly.com/tip/5-common-data-center-power-design-mistakes [Accessed 20 July, 2018] 

Stephen J. Bigelow, 2017. Choosing UPS systems for the data center. [online]. https://searchdatacenter.techtarget.com, https://searchdatacenter.techtarget.com/feature/Choosing-UPS-systems-for-the-data-center [Accessed 20 July, 2018] 

Aaron Parson, 2018. What Are the Differences Between Logical & Physical Access to the Computer?. [online]. https://www.techwalla.com, https://www.techwalla.com/articles/what-are-the-differences-between-logical-physical-access-to-the-computer [Accessed 20 July, 2018] 

Dave Sweeney, 2013. Logical and Physical Access Control: The case for dual-factor authentication . [online]. https://www.security-net.com/, https://www.security-net.com/blog/logical-and-physical-access-control-the-case-for-dual-factor-authentication/ [Accessed 20 July, 2018] 

Carol Scheafer, 2017. Understanding the Difference Between Physical Access Control and Logical Access Control. [online]. https://www.mintcontrols.com, https://www.mintcontrols.com/understanding-the-difference-between-physical-access-control-and-logical-access-control/ [Accessed 20 July, 2018] 

Ralph Goodman, 2016. 5 ways physical security breaches can threaten your network. [online]. https://www.itgovernanceusa.com, https://www.itgovernanceusa.com/blog/5-ways-physical-security-breaches-can-threaten-your-network/ [Accessed 20 July, 2018] 

Trend Micro, 2017. Protecting Physical Security Systems against Network Attacks . [online]. https://www.trendmicro.com, https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/protecting-physical-security-systems-against-network-attacks [Accessed 20 July, 2018] 

Peter Giannoulis and Stephen Northcutt, 2015. Security Laboratory: IT Managers - Safety Series. [online]. https://www.sans.edu, https://www.sans.edu/cyber-research/security-laboratory/article/281 [Accessed 20 July, 2018] 

Deb Shinder, 2007. 10 physical security measures every organization should take. [online]. https://www.techrepublic.com, https://www.techrepublic.com/blog/10-things/10-physical-security-measures-every-organization-should-take/ [Accessed 20 July, 2018] 

Greg Schulz, 2007. Data security services: Physical and logical data security strategies. [online]. https://searchitchannel.techtarget.com, https://searchitchannel.techtarget.com/tip/Data-security-services-Physical-and-logical-data-security-strategies [Accessed 20 July, 2018]