INTERNET SERVICE MANAGEMENT
Managing users in a domain based network begins right from the pre-installation procedures through implementation and to post –installation of a network. It is one of the most critical tasks that a system administrator takes into consideration as it holds the key to a secure system.
In pre-installation techniques, the organizational policies are taken into consideration so as to clearly define the roles of users of the network. Organizational policies determine the authority of each person as well as the access levels they are to be allocated in the network. Greeeitng.com is using a system where the customers who are remotely connected to the network are capable of accessing the system and performing some specific tasks which include designing their own greetings cards and saving them in their accounts upon which the designers at Greeting.com can view them and convert them to professional greeting cards as specified in the customers design.
The customer therefore has some access into the network which is facilitated by a user specific account. This user specific account is also accessible by the designers at Grreting.com. On the other hand, each department will have its own shared drive of 100 Gb accessible only to members of the specific department. The printers will only be accessible to every other user except for the customers who cannot command direct printing of documents.
Thus to implement these technicalities, the network will be managed through a role based technique. The organizational policies at Greeting.com will provide the guideline along which the designers of the network can define the roles of each user. The user profile will therefore be part of the system requirements. This will be used as the metric along which the access levels will be assigned (Donnelley , J. E, 2006, August 29). The Accounts Department or the Finance department will be the only department that will have access to all shared hard drives of other departments. The presence of a user profile defining their specific role within the organization will then be translated from the policy scheme to the underlying software that will control the network. Thus the interface available to each user will only allow them access only to the levels defined by the organizational policies. This essentially means that the software will produce user interface that will require authentication of each particular user and three data input for authentication will be compared to the user profile upon which, if they match, the user will be allowed access to the levels specified in their profile.
Since this is a domain based network, the policy applying to a domain will function in the same way even to the sub-domains. The use of a single user profile will facilitate this and thus here will be no need to redefine the levels on each and every terminal or server (McFedries, P. 2008). On the other hand, the system will use a password system that will be computed form the resource identification using a secret algorithm. This will ensure password controlled capabilities. It will be responsible of identifying the resource being requested as well as authorising access to it. The password system will be able to distinguish hardware resources from software resources through an underlying coding scheme. Since each user will have their personal accounts through which they can access the system, the naming scheme will be based on a random method with the user given a capability to change the name of their account together with the password. This will however be limited to three times of changing with verification of personal details to match the details in the user profile being a critical factor. The purpose of limiting this is to prevent spoofing attacks which target on predicting the password and user names by interfering with the naming and password systems. The login system will also be limited to three chances of inputting wrong values. The account will in this case be blocked and the user will be required to resubmit their details again to match those in the user profile. The most important file in terms of security will thus be the user profile file.
The company Head Office is in Soho will require adequate proficiency in its network connection and functionality. Therefore, a proper cabling system with several hubs that will provide little overhead to data traffic will necessary. To optimize the Local Area Network capabilities, there is need to use a hybrid/ mesh topology but one that will exclude the bus topology at any point of connection. Within the departments, the network will use the star topology where there is a central server with equal rates of access to it for each user. The mesh topology will be specifically used to interconnect the departments within the head office. This will ensure that communication between the departments especially in terms of resource sharing and network management (National Institute of Standards and Technology 2002, July).
The network will be under the control of routers with each department having its own router. They will be configured to function in unison along the network so that there is no conflict in routing, subnet traffic control, logical and physical address mapping or frame fragmentation. These will form the network layer of the LAN. Within the departments, the network will be shared using switches that are connected to each terminal’s network interface card. The connection to the network interface card of each terminal will facilitate data sharing between terminals within a department. These will form the data link layer of the LAN. These connections will be done high quality, low resistance cables that will provide the physical medium for the transmission of bits and volts (Microsoft Windows 2000 server distributed systems guide, 2002).
Network monitoring will be based on session tracking and thus the issues of session of establishment and termination will be critical. The RPC logical ports will be used to provide this session tracking capability. The data moved along the LAN will be encrypted by a secret algorithm and decrypted at by a counter algorithm on the recipient side. The system will maintain the algorithm within the main server kernel so that it is not tampered by users or attackers. At the presentation layer, only a replica of the algorithm will be available so that in case of any altering, it can be sent to the presentation layer in its original form from the kernel.
The network operating system across departments will be similar while the client operating system will be checked for compatibility with the Network operating system most preferably, the windows client operating system. A Windows network operating system that can withstand more than 100 terminal computers will be used. It should be able to provide the perfect platform for a complex network but with easy functionalities and maintenance (Microsoft Windows 2000 server distributed systems guide, 2002).
Network security forms the most important aspect of the organization. The network security policies that will be implemented will be classified into three types but all will work simultaneously to ensure little or no hitches in network security. These will include technical policies, administrative policies and physical policies. The technical policies will address all issues relating to the hardware and software that form the core of the LAN. These measures include use of a Virtual Private network to ensure security of incoming and outgoing data along the path, use of Intrusion prevention systems that will alert the system administrators in the case of any illegal activities taking place within the network either in traffic or on software, Three-time password solutions to prevent illegal checking of the password encryption algorithm, the use of Network Admission Card Systems especially on server machines to authenticate the access and fitting and configuration of routers with Access Control Lists (ACLs). The ACLs will be part of the organizations policy towards using security certificates to gain access into the network. The VPN will be crucial in handling, maintenance and update of distributed file systems since they are stored as duplicates rather than original copies. The VPN will go a long way in providing a safe route along which duplicate copies at different sites of the network can be modified with little concern on the source of update.
Administrative policies will include setting, adherence and training the staff on security policies and standards. Proper procedures for hiring staff and frequent audit of the LAN will also fall under this category.
Physical policies will include proper physical security of server rooms and terminal machines that would lead someone to gain entry to sensitive data.
A Private website for the company will not only provide faster connection of speeds but will also enable workers to work indoors especially in handling customer request and concerns online. The connection to be used will be the T1/E1 since most of the network connections within the company are based on a pint to point strategy (Shinder, T. W., Shinder, D. L., & Grasdal, M. 2001).
The ISP will provide the company with two different subnets. One is for the connection of the LAN to the Wide Area Network. This will provide the parent connection to the remote servers. The other subnet will be the company’s Public IP Block.
The T1/E1 has been favoured over the DS3/E3 since it offers a consistent data speed of 2 megabytes /sec and due to the requirement of effective communication between the designers and the customers (Trivedi, B. 2013).
The WAN subnet will not require configuration since this is originally done by the ISP. The Public IP Block will however be configured to fit the LAN but the routing information and share policies will remain similar.
Routers, switches and hubs will not be changed but will be updated to reflect so that they can be set within the bandwidth provided by the WAN and subsequently by the Public IP block.
References
Donnelley , J. E, 2006, August 29, Managing Domains in a Network Operating System, Retrieved from http://www.webstart.com/jed/papers/Managing-Domains/
McFedries, P. 2008), Networking with Microsoft Windows Vista: Your guide to easy and secure Windows Vista networking, Indianapolis, Ind: Que.
Microsoft Windows 2000 server distributed systems guide, 2002, Redmond, Wa: Microsoft Press.
National Institute of Standards and Technology 2002 July, Risk Management Guide for Information Technology Systems, Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/nist800-30.pdf
Shinder, T. W., Shinder, D. L., & Grasdal, M. 2001, Configuring ISA server 2000: Building firewalls for windows 2000, Rockland, Mass: Syngress.
Trivedi, B. 2013, Computer networks, New Delhi, India: Oxford University Press.
