Embedded Files
Welcome! this is an introductory to outline the Jerusalem branch of the network setup, which was a part of the project that i've finished a while ago. we will focus on the network design, security measures, and protocols implemented to ensure a robust and secure network infrastructure. By leveraging technologies such as DHCP, DNS, FTP, TFTP, AAA, OSPF, EIGRP, EMAIL, and SSH, the Jerusalem branch demonstrates optimized network performance and secure server operations.
Table of contents:
Table of contents:
Network Design and Architecture
Network Design and Architecture
The Jerusalem branch network is designed to be highly secure and efficient, accommodating the specific requirements of Xiaomi. The network consists of three branches, each housing six departments represented by VLANs. The use of VLANs enables logical segmentation, enhancing network performance and facilitating easy management. The architecture incorporates a wide network that interconnects the branches, allowing seamless communication and data exchange.
Topology Map
Address distribution
Security Measures Implemented
Security Measures Implemented
The Jerusalem branch network places a strong emphasis on security, implementing various protocols and measures to protect against potential threats.
The following security measures are employed:
DHCP Snooping: A department within the Jerusalem branch utilizes DHCP snooping, a security feature that validates DHCP messages and prevents unauthorized DHCP servers from assigning IP addresses. By monitoring DHCP traffic and filtering out rogue DHCP servers, the network ensures the integrity of IP address assignments.
2. Port-Security: Every department in the Jerusalem branch employs port-security, which offers protection against MAC address spoofing and unauthorized access. Port-security can be configured with different modes, including protect, restrict, and shutdown, providing flexibility in handling security violations.
3. Firewall and ACL: To secure a specific department, an ASA firewall is deployed, accompanied by Access Control Lists (ACLs). This combination ensures traffic filtering based on defined rules, granting or denying access based on the specified criteria. The implementation of security level 0 and 100 restricts inbound and outbound traffic, bolstering network security.
4. VLAN Configuration: The default VLAN for the Jerusalem branch is set as VLAN 900 to counter double tagging and VLAN hopping attacks. This configuration prevents unauthorized access by blocking malicious attempts to manipulate VLAN tags and ensures the integrity of network communications.
as we can see in the photo, all the interfaces after the interface 7 start to use default VLAN of 900
5. AAA TACACS+ and SSH Protocol: The Jerusalem branch employs AAA TACACS+ (Terminal Access Controller Access-Control System Plus) for protecting the router with an additional layer of authentication. By utilizing TACACS+ in conjunction with the router's local password, the network ensures secure access to critical infrastructure. Furthermore, the implementation of SSH (Secure Shell) protocol enables secure remote administration and data transfer.
SSH Configurations and Connection
AAA Configurations
Routing and Redundancy
Routing and Redundancy
The Jerusalem branch utilizes OSPF (Open Shortest Path First) for achieving "routing on a stick" with the main router. OSPF dynamically calculates the most efficient path for data transmission, optimizing network performance. Additionally, the implementation of STP (Spanning Tree Protocol) and VTP (VLAN Trunking Protocol) ensures redundancy removal and loop prevention, guaranteeing high availability and stability within the network.
Summary
Summary
The Jerusalem branch of the Xiaomi project exemplifies a robust and secure network infrastructure, leveraging advanced technologies and security protocols. By carefully planning and implementing measures such as DHCP snooping, port-security, firewall with ACLs, VLAN configuration, AAA TACACS+, SSH protocol, OSPF, STP, and VTP, the project showcases expertise in network design and knowledge of the computer networking and IT industry. The secure network architecture and adherence to project requirements highlight the commitment to providing optimal network performance and safeguarding sensitive operations.
Page updated
Google Sites
Report abuse