Project for Information Security Course: Designing The Topology

Planning  the project

As a part of our Information Security Course in Haaga-Helia, we are going to implement a working topology in Cisco Packet Tracer software. We are working in group of three students.  As it is Information Security Course, our goal is to accomplish secure and fully working network.

When I started planning the topology, my ideology was to create a network for a medium-size company. This company has three departments: Management, Production and Research Team. Management has their own network segment. Production and Research Team are behind the same router but Research Team is separated in their own VLAN so Production can’t access their equipment, but Research Team can access Production’s. The company has two networks for servers. One in DMZ so they can be accessed from the outside securely. Second is inside the private network and can’t be accessed from outside of the network without VPN connection. The company has also WLAN which can be accessed with a password. Also, there needs to be a public network for simulating the Internet. From Internet we should be able to communicate with company’s website and email server. The whole network should be accessed with VPN connection. Picture below is the first draft for this topology.

Firewall

The firewall will be a physical Cisco ASA 5505 device. The idea is to able to access only the DMZ without VPN connection and whole network via VPN. I’d like to encrypt all data at least between Email-, file- and HTTP(S)servers and clients.

Naming devices

I’m going to name equipment as follows.

Only four first letters from segments name for example, management = mana
If there is more than one router or switch on one segment, they will be named1.st = rmana
2.nd = rmana2
….

Router = r[segment][number]
Switch = s[segment][number]
Printer = p[segment][number]

If a server is dedicated to a segment, it will be named = srv[segment][number]
If a server is in DMZ or inside the network, it will be named = srv[number] For example 1.st srv1 2.nd srv2 etc…

We’re not going to name any client device manually, they will be what Packet Tracer names them.

Addressing scheme

I’m going to implement these network segments in private IPv4 addresses. The Public Network will be simulating the Internet so it’s going to use public IPv4 addresses.

IP addresses will be allocated as efficiently as possible, but still I’ll leave some room for potential growth. There is about 10 network devices in the core network at the moment. But if the company will grow in next five years and expand their business in few new departments, it would be too much work to subnet the whole network again. Just because we were too cheap with the addresses. So I’ll give it subnet mask /26 for 64 hosts, there is plenty of room for expansion but it is not too generous either.

This is not necessary, but it’s good practice and gives a little more complexity for this assignment.

Addressing table will be made beforehand in Excel for clarifying the work share and make changes easier. The address table will contain name of the device, IPv4 address and port which it is set to.

Leave a Reply

Your email address will not be published.