center4500452120Network Design11540067000Network Designcenter790007945755CS 625 term project
1154000CS 625 term project
Table of Contents TOC o “1-3” h z u
Definition of the Organization: PAGEREF _Toc520659473 h 2Kind of employees in the company: PAGEREF _Toc520659474 h 3Physical Infrastructure PAGEREF _Toc520659475 h 5Headquarter Infrastructure PAGEREF _Toc520659476 h 5Hotel Infrastructure PAGEREF _Toc520659477 h 7Application Requirements – PAGEREF _Toc520659478 h 8Local Area Network Design PAGEREF _Toc520659479 h 11Networking Requirements PAGEREF _Toc520659480 h 12Requirement Analysis PAGEREF _Toc520659481 h 13Network Design Strategy PAGEREF _Toc520659482 h 13Products Used PAGEREF _Toc520659483 h 14Backbone Network Design PAGEREF _Toc520659484 h 15Network Security and Management PAGEREF _Toc520659485 h 17MAC-flooding attacks PAGEREF _Toc520659486 h 18Protecting the network against unauthorized access PAGEREF _Toc520659487 h 19Ways to improve wired network security PAGEREF _Toc520659488 h 20References- PAGEREF _Toc520659489 h 22
Definition of the Organization:FAHRENHEIT, Hotels and Spa is located at the heart of downtown Miami, across the Bayside Marketplace, America Airlines Arena and the Port of Miami. Our biggest attraction is the hotel’s location, which is only a few minutes from Miami International Airport (MIA), and has easy access via 836 East, I-95 South or I-395 East exit Biscayne Blvd.
Our guests are surrounded by the excitement, adventure and action of one of the liveliest cities in the country. Bayside Marketplace is just across the street, which provides our guests with the option of great food, fun and shopping. The guests can take their kids to the Miami Children’s Museum or Jungle Island which are both a few miles away from the hotel, the guests can also visit the Miami Art Museum, or the Performing Art Center, a few blocks away.
Corporate travelers have never had it better. In downtown Miami, our hotel’s guests are close to many major businesses, such as US Federal Courthouse, Bacardi USA and FedEx. Our hotel provides two meeting rooms which can accommodate up to 75 and 90 people, respectively. The Business Center located in the hotel also makes it extremely easy to work as well.
The hotel’s outdoor pool keeps you cool, while the Fitness Center lets you work up a sweat. The tour desk can help make your stay better by assisting you with transportation, shows and city tours. The FAHRENHEIT Bistro Cafe & Lounge serves great Continental food all day long.
There are three buildings in Miami and one in Tampa, FL. The other buildings are located in the following places:
Kind of employees in the company:The hotel business can be considered as a truly “people business” as it not only exists to serve the people, but also to achieve that it requires the services of people (it’s employees). Each and every hotel operate on same fundamentals in which they rent the rooms, offer room services that include food and beverages, gourmet food, vintage wines, etc. but the quality of service depends entirely on the staff that works there. Hotels vary not only in size but in character, in type of clientele, and in scope of activities. Every hotel has different priorities in order to achieve their goal of providing their customers maximum satisfaction. It is the duty of the management of the hotel to determine the departments, and the number of employees in each, needed for its own operation.
The General Manager-The General Manager of any hotel is responsible for defining and interpreting the policies established by top management. He can be considered as the focal point for the rest of the staff, who has been appointed by the top management to ensure that their policies are being implemented properly.
The Staff-Any hotel, unless it is a really small one, is like any other business enterprise, where it is almost impossible for one person to personally supervise all the different phases of the operation. For the purpose of this discussion, the staff is grouped into four main categories:
The management policy-making and implementing team-the general manager and their primary department heads
Sub department Heads
Assistant Department Heads
General Staff and Operating personnel.
The employees at FAHRENHEIT Miami (headquarters) include:
Chief Executive Officer (CEO)
Chief Financial and Operating Officer (CFOO)
Chief Information Officer (CIO)
Chief Marketing Officer (CMO)
and Human Resource Department (HR)
The HQ at Miami also has an inhouse specialized Technical/IT Department consisting of:
Additionally, the following employees are located at all the other locations throughout the globe:
Director of operation
Physical InfrastructureHeadquarter InfrastructureDimensions for Headquarters at Miami:
Building A Building B Building C
Length 300m 200m 200m
Breadth 200m 100m 100m
No. of floors 4 2 2
Buildings A, B and C have lobbies with seating areas and lounges for guests and potential clients.
Building A- The Building A present in the compound is the main office. The building contains workspace and the cubicles for the employees. The workspace area is enough to accommodate 50 employees, while also accommodating 4 main cabins for executive officers (CEO, CTO, CFO, CMO).
The main building (Building A) has 2 more floors which has 5 small meeting rooms and 1 large conference hall. Additionally, there is cafeteria and a food court for the employees which is located at the top floor of the building.
Building B- This building consists of 2 floors. The bottom floor is for parking, and also provides storage space and other building utilities. The other floor has a lobby.
Building C- It houses the front-end desk on the first floor and accounts and HR office on the second floor.
Hotel Infrastructure10 floors with 20 rooms in each floor.
Swimming pool area
The other organizational buildings will all be hotels with similar layout and architecture at the following locations,
FAHRENHEIT is preferred by its customers for all purposes ranging from an extended stay for recreational purposes, a short business trip, or as a space for a corporate event arrangement. We at Fahrenheit try to ensure that the service provided to our guests is flawless in every aspect and in order to achieve this we need effective communication between the hotel staff, this is achieved by building a backbone network infrastructure in the hotel to provide full spectrum of modern communication services such as:
High speed internet access
Secure data transfer
As mobility is one of the most crucial aspects of operation for the hotel staff, the development of wireless Wi-Fi network that covers and provides high speed connectivity throughout the whole premise of the hotel became one of the most important objective of our telecommunication partner.
Application Requirements -In order to remain ahead of the competition in the modern world every hotels, motels or private resorts need to be up to speed with latest technologies so that they have the competitive edge over their rivals. It is a widely accepted truth that the hotels which are able to adapt the latest technologies with ease are more successful as compared to ones that are still dependent on out dated technologies. The key features of any Hotel Software Systems are Multi- Module Systems, Select Module Systems and Basic Reservation Systems.
Multi- Module Systems or MMS as it is known is basically a software solution which is used mainly by three-star to five-star rated hotels or resorts. This solution is works most efficiently and is most suitable for hotels that have 100 rooms or more.
Select Module Systems or SMS as it is known is designed more towards a single property reservation.
Basic Reservation System or BRS is a solution that provides a more basic reservation-processing unit for any hotel.
In order to cater the ever changing and ever-increasing demands of the customers, top chain hotels and resorts have to use the state of the art equipment. The hotel reservation software is installed on state of the art hardware provided by IBM, Sony or HP. The hotel owners realize value of having a sophisticated Operating system and software in their hotels. The hotel reservation software systems provide multiple purposes as they can also be used for employee records and for hotel security monitoring along with its main functionality of enabling the reservations.
Our hotel uses the Hotel hospitality/sales and catering software. This software is designed majorly for food/beverages and event management purposes. This software helps in smooth and efficient operation of the in-house restaurant, lounge, bar, room service and kitchen. There is a POS module which is linked to the hospitality/sales and catering software that records spa/golf/club charges and posts to the guest folio/ledger for one comprehensive itemized billing. This software can also track the sales and analyze employee productivity.
One of the most common module used by hotels is the property management system (PMS), which generally contains some or all of the following integrated software:
which will have some or all of the following integrated software: hotel management (front desk, back office, spa/golf/club management), reservation/billing, hospitality/sales and catering, POS (point of sale), Internet booking engine, and hotel accounting.
Features like individual bookings, check-in/check-out, rate management, and room management/availability are all included in the Reservation software. Multi-location hotel chains require a central reservation system, which provides a central platform for handling reservations to each and every location world-wide.
A comprehensive Hotel management software also has front desk and back office management features. Front desk features include daily ledger, night audit, guest folios/guest history, guest billing/accounting, housekeeping, and credit card billing. Back office features manage payroll, accounts payable, general inventory, general ledger and personnel/human resources.
Hotel accounting software features will have general ledger, accounts payable, accounts receivable, personnel, and payroll. Purchasing/receiving, inventory recording and reporting functions.
There are software applications available in the market to support, manage and operate every aspect of the hotel and hospitality industry. Examples of hotel software that are widely in use are hotel reservation and hotel booking software, hotel management software, hotel accounting software, hotel PMS software, hotel marketing software, hospitality software, hotel front desk software, and POS software. Online/Internet reservation software is used to enable guests to book online through a GDS or directly through the hotel’s website. Small hotel software for hotel property management is designed for a single property reservation system, while a multi-module system is a more comprehensive hotel management software application for large properties (more than 100 rooms).
Hotel property management software offers both front desk and back office modules. Front desk modules are designed for guest and room management and include reservation, rate and guest profile management, check-in/check-out, housekeeping management, customer communication, night audit, and city ledger. Back office modules are designed to manage hotel resources, assets and inventory and include payroll, accounts payable, human resources/personnel.
Hospitality management software has applications in the sales, marketing, event management, and catering operations of the hotel. Hospitality software has features designed to manage all aspects of the hotel’s sales and catering operations including special events, restaurant, bar and room service as well as account and inventory management. Other hospitality software features are available for spa, golf and club management, activity scheduling. POS (point of sale) software is designed to manage sales generated from restaurants, lounge/bar, room service, and retail operations in a hotel property.
Hotel software can also be used to generate reports in all areas of hotel management for front and back office reporting, sales and catering, POS, business and accounting reporting.
Local Area Network Design
As FAHRENHEIT has a high reliance on applications like electronic mail and database management for core business operations, computer networking becomes increasingly more important. A network is any collection of independent computers that communicate with one another over a shared network medium. LANs are networks which are usually confined to a geographic area, such as a single building or a college campus. LANs can be small, linking as few as three computers, but often link hundreds of computers used by thousands of people. The development of standard networking protocols and media has resulted in worldwide proliferation of LANs throughout business and educational organizations.
Switches occupy the same place in the network as hubs. But, unlike hubs, switches examine each packet and process it accordingly rather than simply repeating the signal to all ports. Switches map the Ethernet addresses of the nodes residing on each network segment and then allow only the necessary traffic to pass through it. When a packet is received by the switch, the switch examines the destination and source hardware addresses and compares them to a table of network segments and addresses.
Networking RequirementsEach and every room in the hotel must have computers installed.
The computers installed in each room must have internet connection.
The area by the swimming pool and the lobby where guests are expected to wait must have wireless internet access.
The guests staying in the rooms must have access to free internet.
All the computers must have appropriate security software installed in them.
There must be different networks for the hotel management staff and the guests.
There are 15 users in the hotel management staff who require computers.
A hotel management server needs to be setup for the hotel management staff, and it must be made sure that it is not accessible by the guests.
The wireless access in the lobby and swimming pool area should be secure.
Requirement AnalysisThe hotel has 10 floors with 20 rooms in each floor, therefore, a total of 10*20 = 200 computers need to be installed for the guests.
Category 6 cable, also commonly referred to as Cat 6, is a standardized cable for Gigabit ethernet and other network physical layer and is also backward compatible with the Category 5/5e and Category 3 cable standards.
There are 15 users in the hotel management staff that also need personal computers, hence, total number of computers that need to installed is 215.
For managing the hotel management application software, a server machine needs to be setup.
The computers in every floor need to be installed with network cards.
Every floor should contain a 24-port switch, which will be used for connecting the computers on each floor.
The switches in each floor should be connected to each other.
The lobby and the swimming pool should be installed with access points for wireless access.
An ADSL router is required for internet access.
For providing IP addresses to the guests and the Hotel Management staff, A DHCP Server is required
Anti-virus software is to be installed on all the computers.
Network Design StrategyThe guests and hotel management must be on two different IP networks. The proposed IP networks for both are:
For guests: 192.168.1.0/24
For hotel management staff: 192.168.2.0/24.
For segregating the guest and management staff networks, A VLAN based infrastructure is proposed.
In order to restrict the guest access to the Hotel management application server, an access control list needs to be configured.
We need to setup a single DHCP server with multiple scopes to provide IP addresses to the users and guests
The wireless communication that is being setup in the lobby and swimming pool area should be protected with encryption algorithms like WPA/ WPA2
Every floor has a 24-port switch to which the computers at each room connect.
The switches are connected to each other using cables.
The application server, DHCP server, the router and the respective AP’s connect to the ground floor switch.
The router is connected to the ADSL internet connection.
Products UsedProduct Model Quantity
Switch 24 ports Cisco WS-C2960-24TT-L 11
ADSL Router Cisco 1805 ISR router with ADSL interface 1
DHCP Server Windows Server 2016 1
Desktops HP All-in-One 24-f0045z 215
Servers HPE ProLiant DL360 Gen10 rack server 1
Antivirus Norton 216 licenseAccess point Cisco 1200 2
Backbone Network Design
The backbone network is arguably the most important architectural element when anyone plans on building a network. The backbone provides a route for exchange of data and packets between different LAN’s or subnets. The backbone has the capability to tie together different networks in same building, buildings present in different campuses, or over wide areas. The capacity of a backbone network is usually much greater than the networks that are connected to it.
A backbone network can be of two types. Distributed backbones are networks that snake throughout a building or campus to provide a connection point for LANs, whereas, a collapsed backbone exists as wiring hubs and switches.
There is also an option of creating a hybrid backbone network. A hybrid configuration ties together several collapsed backbone hubs or switches with a distributed backbone and each network is connected via a router to the backbone network. FDDI is used to add fault tolerance due to its ring topology. The backbone is reduced to a hub or switch and the network is configured with a star- wired topology. A variety of architectural designs, such as bus, shared memory, or matrix are used by the hub or switch. In a switched network design, a backbone is not as clearly defined. It is usually just the high-speed switches that aggregates traffic from attached networks.
For FAHRENHEIT we use Distributed Backbone network. A distributed backbone network is one where the backbone transmission media is shared among all of the devices accessing this backbone. Which basically means that all transmissions placed onto the backbone network by a device are sent to every other device connected to this network. An example of such an environment is an FDDI backbone. This type of architecture requires creating a backbone network that has sufficient bandwidth to meet the needs of all potential users. It must be able to simultaneously serve all attached LANs.
The traffic circulating on an individual LAN needs to be kept separate from the backbone traffic by using the backbone access devices like bridges and routers. This will result in minimizing the traffic burden that the backbone will need to carry. Bandwidth of the backbone network is usually reserved for communications between bridges and routers.
Network Security and Management
There is an increasing trend of deploying switched networks in organizations and also in use of switches in almost all areas of network infrastructure, like Service Providers. It is essential that proper security arrangements are in place for the protection of these switches. Even a small breach in security on a core switch in a network can bring the whole network to a complete standstill irrespective of the size of the affected network. It is of paramount importance that the switches are configured in a way that they are safe from attacks specially when the network equipment is being installed into an environment where there is a high possibility of unauthorized access attempts and malicious attacks.
There are multiple critical assets that come together to form a large network, but among all these assets the most important are the database server and the core switch. All the highly sensitive information such as credit card details of the guests, their personal information comprising of addresses, phone numbers, etc. are housed in the database servers and hence, if there is any breech in the security of the database server all this confidential information can go into the wrong hands which will not only cause huge personal loss to the guests but also prove to be a huge blemish on the hotel’s reputation. Privilege escalation attack is a kind of network intrusion where the hacker takes advantage of programming errors or design flaws to gain elevated access into the data and applications of a network, proper security measures are necessary to stop such attacks.
The network is also at risk of being subjected to denial of service attack, in which the client is restricted or is unable to access the website and make any online transactions.
MAC-flood attack is the most common attack on any Ethernet network, a malicious host sends packets from hundreds or in some cases thousands of different source MAC addresses which results in overloading of the forwarding database. Once the forwarding database is overloaded it does not enough capacity available to check whether a MAC address is legitimate or not and also the legitimate traffic gets flooded because it results in destination look-up failure.
The best way to guard against such attacks is by using host authentication. The authenticating ports accept only that traffic which is coming from the MAC addresses of a authenticated host.
There is another way to defend against MAC-flood attack which is much more simpler and less expensive as compared to host authentication. We can limit the number of MAC addresses that can be accessed per port. This technique is also known as “port security”.
Protecting the network against unauthorized access
Requiring all the connected devices to be authenticated is the most efficient and effective technique to protect a network against unauthorized access. AlliedWare Plus is a multitasking operating system for ethernet networks and it provides three effective authentication methods. We can combine these methods to create a safer network in which every device that is connected to or has established a connection with the network can be authenticated. The three methods are:
802.1x port authentication – This authentication can be used for workstations whose users are registered in the organization’s database. It can also be used to authenticate 802.1x- capable VoIP devices.
MAC-based authentication – Peripheral devices such as printers and scanners which are not as sophisticated can be authenticated using MAC-based authentication. It is feasible and generally a one-time activity to register the MAC addresses of such devices on the authentication server as these devices are not replaced on a day-to-day basis. If and when these devices are replaced we can easily update the registrations on the server.
Web-based authentication – The devices of guest users who are just visiting to meet someone or are visiting for meetings and are not actually residing in the hotel can be authenticated by Web-based authentication.
Ways to improve wired network securityPerform regular audits and mapping
It is very important to have a clear understanding of the entire network and its underlying infrastructure that includes the configuration of firewalls, switches, cables and ports, wireless access points, routers, location, vendor, model, etc. Additionally, it is also important to know exactly where servers, printers, computers or any other devices are connected, along with their connectivity path through the network. For larger networks such as the one used by FAHRENHEIT the auditing and mapping programs might come useful in producing a network map or diagram.
Keeping the network up-to-date
Once we have the network audit and map available to us it is important to dive a bit deeper. We must constantly check for firmware or software updates on all the components of the network. It is important to ensure that no devices are still protected by their default passwords and that the default passwords have been changed. We must make sure that the OS is up-to-date, personal firewalls are up and running and the antivirus is updated and running.
Consider MAC address filtering
Although MAC address filtering can be bypassed by a determined hacker, it is still a pretty effective first layer of security. As discussed it won’t be able to stop a hacker completely, but it can help prevent an employee, for example, from causing a security threat. Also, a major security issue of the wired network is the lack of a quick and easy authentication or encryption method; people can just plug in and use the network. On the wireless side we at least have a WPA2-Personal (PSK) which is easy to deploy.
Implementing VLANs to segregate traffic
VLANs are used to group, ethernet ports, WAPs and multiple users, among multiple virtual networks. VLANs also gives us the option to separate the network by user type (guests, employees) for security reasons or by traffic type (DMZ, VoIP, general access, etc.) for performance or design reasons. We can also configure VLANs for dynamic assignment.
Using VPNs to encrypt select PCs or servers
Even with VLANs and 802.1X authentication in place, there is still possibility that someone might be able to eavesdrop on the network and access the unencrypted data which may include the confidential data as well. In order to overcome this, we use VPNs to encrypt the servers.
Use 802.1X for authentication
There is a possibility that a hacker can plug into the network especially when there is nothing to stop them from sending or receiving data. Although the deployment of 802.1x authentication doesn’t encrypt the ethernet traffic, it would still stop them from accessing any resources on the network unless they provide the credentials. We also utilize the authentication on the wireless networks by implementing enterprise-level WPA2 security with AES encryption, which has many benefits over using the personal-level (PSK) of WPA2.
Physically securing the network
The physical security of the network is very often overlooked and not given as much attention as it should be. Just as protection against hackers and viruses are important it is also important to protect the network against local threats. Lack of strong physical security of the network can make it really easy for a hacker or even an employee to take undue advantage. For example, they can easily plug wireless router into an open ethernet port thereby gaining access to the network and all the data, but if proper physical security measures were in place then this scenario could have been easily avoided. Hence, it is very crucial to ensure that a good building security plan is in place. Few basic measures to achieve this includes ensuring that the ethernet cables run out of sight and are not easily accessible, disconnecting unused ethernet ports physically or through switch configuration.