Collaboration Exercise 5 – Managing and Securing the SSU Computing Sciences Building’s New Network
Overview: Scenario: Southeastern State University (SSU) has received funding from the state Legislature to add a wing to Computing Sciences Building (which includes classrooms, labs, and faculty offices for the departments of Computer Science, Computer Engineering, and Business Information Systems. The floor plan for the first floor of the new wing is illustrated in Exhibit 1.
Exhibit 1 Layout of First Floor of Building
The SSU campus has a fiber optic backbone network interconnecting its buildings. The Computing Sciences Building will connect to the campus backbone via the router in the server room (illustrated in Exhibit 1).
In Collaboration Exercise 5, your group will:
1. Create a diagram for the network management system that will be used to monitor and manage the building backbone network that will be deployed in the new wing.
2. Identify a location in the new wing for a network operation center (NOC) that will include a network management console and management information base (MIB)
3. Identify the types of applications and network traffic that will be monitored by the network management system.
4. Explain/describe how network statistics will be used to ensure that network performance is satisfactory.
5. Identify several alarms/alerts that will be used to notify network managers of problems or issues.
6. Perform an abbreviated risk assessment of the network that will be installed in the new wing of the SSU Computer Sciences building.
7. Provide specific recommendations for securing the new network at SSU
DIAGRAM OF NETWORK MANAGEMENT SYSTEM
Task 1: Your first task requires the creation of a network a diagram of a SNMP network management system for the building backbone distribution network for the new wing of the Computer Sciences building at SSU.
Note 1: It is recommended that rather than starting from scratch that you modify the diagram of the building backbone network created for Task 1 of Collaboration Exercise 4.
This diagram should include:
• Nine labelled access switches,
o Three that serve the Labs (one each for Lab A, Lab B, and Lab C)
o Three that serve the Classrooms (one for each classroom)
o One that serves the Office Area
o One that serves the Server Room
o The PoE switch to which the WiFi access points connect
• The building distribution switch to which the access switches connect
• Circuits that connect the access switches and the building distribution switch
• A circuit that connects the router (to the campus backbone) to the building distribution switch
• The router that provides the gateway from the building to the campus backbone network
Each switch and the router should be identified as a Managed Device with a SNMP agent (see Figure 12.2 on page 358 of the textbook for guidance).
Your diagram should also include:
• A network management console that connects to the server room access switch
• A MIB server that connects to the server room access switch
NETWORK OPERATIONS CONTROL CENTER LOCATION
The Dean of the College of Computing Sciences at SSU would like to locate a NOC for the new wing in an area that is conducive to student access. She thinks that locating it somewhere close to, but not in, the server room would enable students to witness firsthand what a NOC looks like when it is operating. She is okay with installing transparent glass/plastic walls in one of the offices on the entrance halls. She is convinced that this would impress prospective students on campus tours and encourage them to attend the university and major in one of the computing majors in the college.
Task 2: Given this information, identify a suitable location for the NOC in the new wing and provide an overview of the equipment that it is likely to include. Figure 12-8 in the textbook may provide some guidance on NOC equipment.
APPLICATION AND NETWORK TRAFFIC STATISTICS ON KEY MANAGED DEVICES
Task 3: Task three requires you to identify examples of application and network traffic data that will be collected on key managed devices in the network in the new wing of the Computer Sciences building.
Note: Pages 356 and 357 in the textbook provide insights into the types of network traffic statistics typically captured by network management systems.
The following table is provided to facilitate the completion of this task.
Managed Device Examples of Network Traffic Statistics to be Collected Reasons for Collecting this Data
WiFi Access Switch
Server Room Access Switch
Office Area Access Switch
Building Backbone Switch
Router to Campus Backbone
Task 4: Your fourth task is to identify several alarms/alerts that should be included in the network management system for the new building wing.
Note: Alarms are briefly mentioned on page 357 in the textbook.
The following table is provided to facilitate the identification and description of three alarms/alerts that you recommend for inclusion in the network management system.
Alarm/Alert Description Triggering Condition or Event
RISK ASSESSMENT OF PROPOSED NETWORK
SSU’s IT Services requires a pre-installation risk assessment for all new networks to consider the potential consequences of potential security breaches and device failures. There are four steps in its pre-installation risk assessment.
1) Identification of Potential Impact Areas.
a. SSU is most concerned with the following types of impacts from security breaches and network component failures: financial losses, productivity losses (faculty, staff, and student), safety (especially student safety), reputation/image, and legal (from potential)
2) Identification of IT assets that could be affected by security breaches and device failure.
3) Identification of Potential Threats that could comprise IT assets
a. This includes equipment theft, hackers and other unauthorized intruders, viruses/worms, etc.
4) Identification of preventive and detective security controls that should be in place when the network goes live.
Task 5: Your fifth and final task is to perform the four-step pre-installation risk assessment required by SSU’s IT Services for new networks.
Note: Pages 301-308 may provide guidance in completing Task 5.