Network Solution For Singapore Gaming Academy

Campus Background

The report is prepared for Singapore Gaming Academy providing a brief description of the campus and the current problem faced in the campus. A network solution is proposed for the university with proper IP addressing scheme for all the interface of the device used for the configuration of the network solution. A list of the hardware and the protocol used for the implementation of the network is given for estimation of the cost of the network solution. The security of the network is also implemented with the application of the password protection and configuration of the firewall. A biometric device is added with the network solution for increasing the security of the network and maintaining the attendance schedule of the students. The network is also configured with VOIP protocol for communicating with the different branches.

Singapore Gaming Academy has 200 nodes in the campus and they are needed to be connected for improvement of the connectivity and communication in the network. The nodes are located in different department and they are required to be connected in different vlan for increasing the security of the network and communicate with the other department securely. With the implementation of the vlan in the network the network would become flexible and it can adopt the future expansion of the network easily. Moreover a VPN connection is configured for the allowing the remote user to access the network elements.

The main problem identified in the current network of Singapore Gaming Academy is the slow network speed and limitation of the bandwidth for supporting the network to send and receive multimedia files over the network. The current framework of the organization uses the token ring infrastructure and it is not suitable for handling congestion in the network and increase the network downtime. There is risk regarding single point failure because all of the network traffic passes through the main router and thus if the main router stops working the whole network would collapse.

The network is connected using a single channel and the devices connected in the network can get access of the other device in the network and thus the network becomes vulnerable. There is no network administrator for monitoring the activity of the network and maintain the access rules in the network.

The main objectives followed for the development of the WAN solution for the Singapore Gaming Academy are listed as follows:

• To create a list of hardware required to be installed in the campus for the mitigation of the problem faced by the users.
• To increase the security of the network and deploy biometric device to track the records of the students and the other users using the system.
• To provide wireless access to the users using mobile devices and secure it from unauthorized access.
• To implement VOIP support in the network for communicating with the different departments and other universities.

Implementation of LAN and WLAN for the Academy which replace the current wired 100Mbps Ethernet network         

Implementation of access points for wireless access for the students, staff and guests

The wireless access point is installed for the students, staffs and the guests for increasing the flexibility of the network and help them to connect their handheld devices like mobile, pda to connect with the university network solution. The staffs can use their laptops and share files with the other users connected in the network using the wireless access points. The coverage area of the wireless access point should be analysed for the installation of the device. Proper encryption is used for securing the wireless access point and increase the security of the network.

Current Issue Encounter

All the department are connected using a gateway router and different vlan are created for the voice and data such that there is no congestion in the voip transmission. Each wing have different router and IP routing is configured in the router such that each of the branches and departments are connected with each other.

The IP address is allocated to the interface of the hardware device installed in the network.

Network	Location	Function	IP Address Range
LAN	Lab 1 @ East Wing	Data	172.16.1.0/24
LAN	Office @ East Wing	Voice	192.168.1.0/24
LAN	Office @East Wing	Wi-Fi	192.168.2.0/24
LAN	LAB @ East Wing	Wi FI	172.16.1.0/24
LAN	Classroom	Data	192.168.2.0/24
WAN	MPLS connection, partnering University	Gateway Router 1 connection	1.0.0.0/24

For the development of the network solution an estimation of the hardware required is made for each of the location and given below:

Location	Network Equipment	Quantity	Function & Remark
SERVER ROOM (DMZ ZONE) @EAST WING	Cisco Catalyst 2800 24 Port Layer 3 switch.	2	LAN connection for 20 staffs PC, access switch
SERVER ROOM (DMZ ZONE) @EAST WING	Acer Altos R720 Rackmount Servers	2	WEB Server and File Server
SERVER ROOM (DMZ ZONE) @EAST WING	Cisco Catalyst 2800 Router	1	Gateway router
SERVER ROOM (DMZ ZONE) @EAST WING	Lacie 2 TB 10/100/1000 Back-up Device	1	Backing up of network information
SERVER ROOM (DMZ ZONE) @EAST WING	APC Back UPS RS	20	Providing backup in emergency condition
Computer Lab @ East Wing	Netgear WG302 Managed Wireless Access Point	2	Wi-Fi connection for staffs and students
CLASSROOM @ EAST AND WEST WING	Cisco 2960 24 ports switch	2	LAN connection for 20 staffs PC, access switch
Computer Lab @ East Wing	Samsung Laser Printers	1	For enabling printing service
SERVER ROOM (DMZ ZONE) @EAST WING	ASA 505 Firewall	1	Firewall for internet connection
OFFICE	Cisco 7960 IP phone	20	Call Manager for VOIP

Different switching protocols are used for the development of the network and Vlans are created for data and the voice for avoiding congestion in the network.

The configuration of the switches with the spanning tree protocol helps in maintaining the redundant path in the network and it also avoids the loops for the paths that are interconnected with each other.  A root bridge is selected for each of the vlan in the network for communication in the network.

It is used for creation of a high speed Ethernet link by combining more than one channel for fault tolerance and decrease the congestion in the network. The ether channel can be used on the layer 3 switch and a virtual link can be created for the increasing the availability of the bandwidth and reducing the bottleneck situation in the network. With the implementation of the ether channel the redundancy in the network can be improved and thus decreases the network downtime.

Different VLAN are created for the voice and data such that there is no lag in the voice channel and sufficient amount of bandwidth is allocated for each of the channel. A small lag in the voice channel can degrade the quality of communication and thus QoS implemented for maintaining quality in the network. The port of the switch are allowed access to the voice and the data vlan for dhcp pool is created for allocating Ip address to the nodes connected on the port.

Three routers are used for designing the network and routing is necessary for communicating with the different interface of the router and redundancy is created between the routers for connecting with the other university.

Router eigrp is used for the communicating with the other interfaces of the router and it consumes less resources in the network and it can also adopt the new changes in the network easily. Instead of changing the entire routing table of the routers only the changes are updated and thus it reduces the load of the network. Diffused Update Algorithm is used for calculation of the shortest distance and sending and receiving the data packets.

It is used for combined multiple routers and serve as a single router virtually in the network. A virtual Ip address is used for the router that allows the device connected in the network to connect with the gateway of the virtual router created using the HSRP protocol. It is mainly used for fault tolerance and it also support disruptive failover for the Ip traffic in the network. If a link fails the other link can be utilized for communicating with the network.

Objective

The routers and the switches are configured with full duplex transmission for supporting VOIP and support encoding the voice and data transmission. The number of device used in the network is calculated for the calculation of the bandwidth to be allocated for the voice channel. The VOIP is implemented in the network for handling phone operation and providing additional flexibility in the network such as installation of a voice gateway and configuring policy map. It is used mainly in the multimedia sessions and it can be used for internet telephony and provisioning the communication service in the organizational network. The VOIP is quite similar with the traditional digital telephony but the only difference is that the voice signals are encoded and transmitted as an IP packet in the VOIP network. Cisco 7960 phone is used for the exchanging the voice and the router is configured with telephony service protocol for assigning phone number to the phone connected in the vlans of the network solution.  

The button of the telephone are configured from the router and the call manager is used for registering the extension number used for the internal communication in the network. The switches are configured with trunk protocol for allowing the dhcp server to allocate Ip address to the device connected in the network.

Wireless access point is installed at different location of the network such that the flexibility of the network is improved and it allows the users to connect their hand held device in the organizational network. Each of the floors in the campus have an access point that it operates in different frequencies such as 2.4 and 5.0 GHz for maintaining standards and data transfer rate in the organizational network. The access point are secured with encryption algorithm for restricting unauthorized users to access the network. Different SSID are used for the access point such that it can be identified easily and coverage area of the wifi signal are analyzed before implementation of the wireless access point in the network.

Password Protection 

Password protection is important for maintaining the security of the network and restrict the unauthorized users to access the resources. Different encryption algorithm are available and they are applied in the wireless access points for protecting the devices. The routers and the switches are also secured with password protection and by default CISCO is used as a password and login. For entering the privilege levels the username and password is required to be provided and thus the network is secured from unauthorized changes.

Access List (ACL)     

An access control list is prepared and configured in the gateway router for restricting the unauthorized users to access the servers and the main resources of the network. Access Control list can be configured using a range of IP address and the dhcp pool can be blocked. The biometric device installed in the network can be accessed by the network administrator and all the other users are blocked from accessing it. The web server is also protected from public access and all the unknown users are blocked from accessing the web servers. And the http traffic are blocked from the unknown IP address.

Proposed Network Solution

Switch Port Security

Enabling the switch port security helps in controlling the network traffic and it can be configured in the switch by entering the global configuration mode. The mac address of the device connected to the port can be bind and used for tracking the user. There are three different modes for the switch port security such as protect, restrict and shutdown. In the protect mode the request from the IP address that are not allowed are dropped and in the restrict mode the frames from the not allowed Ip address are dropped with addition of a log entry for creation of a security violation evidence in the network. In the shutdown mode a violation alert is created and the port is disabled.

Firewall          

A firewall is installed in the network for increasing the security of the network and a dmz zone is created for restriction of physical access of the firewall. A firewall policy is created for protection of the network elements and the organizational information from unauthorized access. It is also used for monitoring the ingoing and outgoing traffic in the network and ASA 505 firewall is used for the configuration of the network solution. It acts as a barrier between the trusted sources and the untrusted sources for providing positive control and dropping the suspicious data packets.

Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)          

For the management of the security risk both detection of the intrusion and its prevention is necessary and both uses the similar technology for preventing the security issues arising in the network. The IDS and IPS can be used instead of firewall because it a complex task to maintaining thousands of access control rules. In case of the IPS deny rules are set and when a packet is sent in the network the rule list is checked for dropping the packet and if no reason is found the packet is passed.

The intrusion detection system is a tools used for monitoring the network traffic and the data flow in the network. Different point can be selected for monitoring the data traffic and a protocol analyzer can be used for analyzing the flow of data in the network and controlling the data traffic in the network. Network scanning tools can also be used for analyzing the unauthorized agents accessing the network resources and evidence can be collected for illegal activity in the network.

After detection of the suspicious activity it should be prevented and inbound and outbound rules must set for securing the entry and the exit point in the network.

Biometric       

Biometric device can be installed in different points in the network for securing the network from illegal access and maintaining the records of the users accessing the system. The installation of the biometric device in the dmz zone reduces the risk of physical access of the servers and the other devices in the network. The device uses the physical characteristics for the identification of the individual who are permitted the access of the resources installed in the network. There are different types of biometric device and it uses automated methodology for the identification of the identity of the personnel by analyzing the physiological characteristics of an individual. Scanning of the fingerprint, iris, voice recognition and face and signature can be used for the prevention of the fraud identity and identification of the valid student. The biometric device can also be used for maintaining the record of the attendance of the students and providing access of the labs to the students.

IP Address Allocation

Type of Biometric	Cost	Accuracy	Ease to use	Complexity	Required device
Fingerprint	Low	Medium	High	Low	Fingerprint scanner
Signature verification	Low	low	High	Low	Touch interface with stylus
Iris Scan	Medium	High	Low	High	Infrared Camera
Voice recognition	Low	Low	High	Medium	Microphone device
Face recognition	High	High	High	High	Infrared camera

With the implementation of the biometric device in the organizational network the authenticity of the individual can be confirmed by scanning the characteristics. The advantages are listed below:

Establishment of the accountability

The accountability can be established and the action of the users can be tracked for reducing the risk of misuse of the organizational resources and increase the efficiency of the network.

Addition of convenience

the individuals not need to carry external identity proof or remember their password for logging or getting access of the system and adds convenience in the organizational network.

Difficult to forge

The fake information can be identified when it is compared with the original information inputted in the device and it is difficult for the hacker to forge

Improvement in return of investment

The accuracy of the system can be improved and the accountability can also be improved when it is compared with the traditional attendance system.

Accuracy in the identification

It identifies the unique physiological character of an individual and makes the identification process accurate.

Reduction of the administrative cost

biometric device are easy to setup and it can be installed in the organizational network for maintaining the records of the users and it requires no training and thus reduces the cost of administration.

There are some disadvantage of the installation of the biometric authentication system in the current network of the university and they are listed as follows:

• The biometric device cannot be managed remotely i.e. the alteration of the information added in the device is not possible and it act as a barrier for remote recovery and regaining the control of the biometric system once its security is compromised.
• The biometric information stored on the computer can be stolen for exploitation and planting of the evidence.
• Risk of identity theft because the biometric information are stored in a computer and it can be used for creating fake copy of fingerprint.

The network is designed maintaining the future growth of the organization and the IP addressing plan is created for the accommodation of new computers in the network. Extra IP address are reserved for future expansion of the organizational network. Proper cabling plan is used for handling the traffic in the network and routing is used for sending and receiving the data packets in the network using different channels. The creation of the vlan helps in segmentation of the network and reduces the congestion in the network. Immediately 20 computers can be added to any of the departments and the web server can be configured to serve as a corporate website.

The network can be configured with vpn setup for allowing the remote users to connect with the network. The server using in the network is required to be configured for vpn and a localized backbone is used for sending and receiving the TCP/IP packets. Leased lines are used for connecting with the other networks for reducing the cost of the network. Multi-protocol label switching is used for connecting with the different branches of the university and it also facilitates the creation of the VPN connection. It is mainly used for increasing the efficiency of the telecommunication and the working principle of the protocol is to find the shortest path and direct the data depending on the shortest path labels. The virtual links are identified and ATM, DSL or frame relay can be used for transmitting the data packets in the network.

For the multimedia courses offered by Singapore Gaming Academy large amount of data transmission is required and thus the MPLS is used for maintaining the quality level of the network and provide better service.

Hardware

IPv6 address scheme needs to be used for configuring dual stack network and communicate with the networks configured with Ipv6 address. The router is required to be configured with a dhcp pool to allocate the Ipv6 address to the device connected in the network and communicate with the device configured with IPv6 addressing scheme. Configuration of the devices with IPv6 address helps in reducing the risk of packet loss and helps in increasing the efficiency of the network solution.

Network Diagram for Implementation of WAN to automate the data transfer between the school and possible two overseas campuses in Asia Pacific

Network Diagram for Implement access points for wireless access for the students, staff and guests

Network Diagram for backbone network

Add firewalls in all the network diagrams

Conclusion     

It can be concluded from the above report that the current infrastructure of Singapore Gaming Academy is not secure and it should be developed for increasing the reliability and reducing the network downtime. A future proof network solution is suggested for the organization and the existing problems are identified for the mitigation of the problems and develop a network design. The created network solution meets all the needs of the organization and wireless access point are installed in the network for increasing the flexibility of the network. The VOIP protocol is used for implementation of telephony service in the network and different network channels are used for data and voice for improvement of the quality of service and reducing congestion in the network.

Armbrust, M., Xin, R.S., Lian, C., Huai, Y., Liu, D., Bradley, J.K., Meng, X., Kaftan, T., Franklin, M.J., Ghodsi, A. and Zaharia, M., 2015, May. Spark sql: Relational data processing in spark. In Proceedings of the 2015 ACM SIGMOD International Conference on Management of Data (pp. 1383-1394). ACM.

Berger, H. and Jones, A., 2016, July. Cyber Security & Ethical Hacking For SMEs. In Proceedings of the The 11th International Knowledge Management in Organizations Conference on The changing face of Knowledge Management Impacting Society (p. 12). ACM.

Cater-Steel, A., Tan, W.G., McLeod, P. and Thompson, M., 2013. The Australian National Broadband Network. Management of Broadband Technology and Innovation: Policy, Deployment, and Use, 31, p.81.

CEPAL, N., 2016. Exploring cooperation between the Republic of Korea and the Community of Latin American and Caribbean States (CELAC) in the areas of innovation and SME internationalization strategies.

Colombo, M.G., Croce, A. and Grilli, L., 2013. ICT services and small businesses’ productivity gains: An analysis of the adoption of broadband Internet technology. Information Economics and Policy, 25(3), pp.171-189.

Cruz-Cunha, M.M., Varajao, J. and Trigo, A. eds., 2013. Sociotechnical Enterprise Information Systems Design and Integration. IGI Global.

Davies, R.J., 2014. The development of a methodology for measuring the effect of broadband quality on SME performance (Doctoral dissertation, Cardiff University).

Doherty, E., Ramsey, E., Harrigan, P. and Ibbotson, P., 2016. Impact of Broadband Internet Technologies on Business Performance of Irish SMEs. Strategic Change, 25(6), pp.693-716.

Gerber, T., Thomson, K.L. and Gerber, M., 2013. VoIP: a corporate governance approach to avoid the risk of civil liability. J. Int’t Com. L. & Tech., 8, p.281.

Giambene, G., 2014. Introduction to Telecommunication Networks. In Queuing Theory and Telecommunications (pp. 3-60). Springer US.

Jahongir, A. and Shin, H.K., 2014. Factors Influencing e-Commerce Adoption in Uzbekistan SMEs. Management Review: An International Journal, 9(2), p.67.

Mazidah, S., 2015. ICT Usage In Malaysian SMEs: Analysis On ICT Adoption And Perceived Attributes (Doctoral dissertation, Universiti Teknikal Malaysia Melaka).

Mohlameane, M.J. and Ruxwana, N.L., 2013. The Potential of Cloud Computing as an Alternative Technology for SMEs in South Africa. Journal of Economics, Business and Management, 1(4), pp.396-400.

Oliviero, A. and Woodward, B., 2014. Cabling: the complete guide to copper and fiber-optic networking. John Wiley & Sons.

Olupot, C. and Kituyi, G.M., 2013. A Framework for the Adoption of Electronic Customer Relationship Management Information Systems in Developing Countries. The Electronic Journal of Information Systems in Developing Countries, 58.

Pillay, P., 2016. Barriers to information and communication technology (ICT) adoption and use amongst SMEs: a study of the South African manufacturing sector (Doctoral dissertation).

Quinn, P. and Guichard, J., 2014. Service function chaining: Creating a service plane via network service headers. Computer, 47(11), pp.38-44.

Quinones, G., Nicholson, B. and Heeks, R., 2013. Positioning Research on e-Entrepreneurship in Emerging Economies: A study of Latin American Digital Ventures.

Rana, N.Y., 2013. Designing and optimization of VOIP PBX infrastructure.

Regis Jr, J., 2014. Securing VoIP: Keeping Your VoIP Network Safe. Elsevier.

Sadique, S.A.M. and Shah, P.N., 2016, March. To use software defined networking technology in telecommunication for 5-G network. In Electrical, Electronics, and Optimization Techniques (ICEEOT), International Conference on (pp. 1046-1049). IEEE.

Sahhaf, S., Tavernier, W., Colle, D. and Pickavet, M., 2015, April. Network service chaining with efficient network function mapping based on service decompositions. In Network Softwarization (NetSoft), 2015 1st IEEE Conference on (pp. 1-5). IEEE.

Wong, W.Y., 2015. Framework of Six Sigma implementation analysis on SMEs in Malaysia for information technology services, products and processes (Doctoral dissertation, University of Nottingham).

Wu, X., Zhu, X., Wu, G.Q. and Ding, W., 2014. Data mining with big data. ieee transactions on knowledge and data engineering, 26(1), pp.97-107.