Study On Pro Connect It Services Computer Science Essay

Published:

This Final Report illustrated how the project was completed. Pro-Connect LLC specializes in low-cost scalable network solutions for small to large enterprise network. The Fire and Rescue Contract was completed on time and met all of the contract requirements. The contract focused on closing the information gap between its Fire and Rescue Stations throughout the County. Now, that the project has been completed, all County employees have access to the Internet and to the County Intranet.

Pro-Connect connected five Fire and Rescue Stations and the Headquarters Element to the Country WAN with ten workstations and one printer per site. Each workstation gives the employee the ability to access the Internet, Employee Intranet, E-mail and HR resources. The Fire and Rescue Headquarters Element was moved from existing County Domain to the Fire-Rescue Domain at the County Headquarters Building utilizing their existing workstations. Each of the five Fire and Rescue Stations integrated into the County's existing infrastructure using a Verizon Static T-1 line which was completed on time and met the contract budget requirements. Pro-Connect "IT" Services looks forward to helping meet government IT solutions in the future.

Business Summary

Lady using a tablet
Lady using a tablet

Professional

Essay Writers

Lady Using Tablet

Get your grade
or your money back

using our Essay Writing Service!

Essay Writing Service

Spotsylvania County Virginia has announced a request for proposal related to their Fire & Rescue Department. Currently, the County has five Fire and Rescue Stations and a small Headquarters Element that serve 120,000 people. The Spotsylvania County Fire Chief has requested to the County Board of Supervisors that each Fire Station be upgraded with Internet access and access to the County WAN. The five stations currently have out-dated standalone workstations not capable of LAN services. The County Board of Supervisor's have approved funds for the upgrade so that Fire & Rescue Employees can have access to the Internet, Employee Intranet, E-mail and HR resources. Each station will receive ten workstations, and one printer in which they will connect to the county WAN.

Business Objectives

The primary business objective is to connect the Fire & Rescue Department with Internet and Intranet access. To provide a low cost scalable network to close the information gap within the various County Departments.

Project Benefits

Access to Employee Intranet

Employees will have e-mail and file sharing capability

Access to web-based EMS training

Enhances first responders by giving them additional learning tools via web-based training.

Design Documentation

Active Directory Architecture for the F&R project

Active Directory is the information hub for a Windows Server 2003/2008 Operating System Environment. Active Directory in a Windows Server 2003 Network is used to manage identities and broker relationships between distributed resources so they can work together. Pro-Connect installed an additional Domain under the County's existing Forest. The IT department assisted us in the integration of the new domain controller. The new Domain Controllers will be located at the County Headquarters Building within the existing County Datacenter.

The IT department previously had an established FQDC (Fully Qualified Domain Controller) co.spotsylvania.va.us. After reviewing the existing architecture we identified three existing domain controllers present. The existing domains are the following: Primary Domain/Forest: spotslyvania.va.us; Sheriff's Office: sheriff.spotylvania.va.us; Judicial System: courts.spotsylvania.va.us. The Fire & Rescue Domain was established utilizing two Domain Controllers (FRDC1 and FRDC2). The FQDN of fire-rescue.spotsylvania.va.us was assigned. Below is a graphical representation of the Forest.

Figure 1: County Forest

Domain Controllers

Two Domain Controllers were established to support the network's requirements. Both Domain Controllers were configured similar in every aspect to provide redundancy. Each DC was configured with Active Directory Services required to host the Fire and Rescue Domain. Other services installed include the following: DNS, DHCP, IIS7, and Windows File Sharing. The figure below shows a snapshot of the Server Manager on FRDC1 (Primary Domain Controller):

Figure 2: FRDC1 Server Manager

DNS (Domain Name Server)

DNS was installed on the both FRDC1 and the FRDC2 to provide redundancy. DNS is the name service that provides a standardized system for providing names to identify TCP/IP hosts and provides a way to look up the IP address of a host, given the host's DNS name. DNS allows you to access a website such as Google by using the DNS name www.google.com instead of the site's IP address.

Lady using a tablet
Lady using a tablet

Comprehensive

Writing Services

Lady Using Tablet

Plagiarism-free
Always on Time

Marked to Standard

Order Now

DNS was installed on the both FRDC1 and the FRDC2 in to provide redundancy. DNS is the name service that provides a standardized system for providing names to identify TCP/IP hosts and provides a way to look up the IP address of a host, given the host's DNS name. DNS allows you to access a website such as Google by using the DNS name www.google.com instead of the site's IP address.

Figure 3: DNS Configuration

DHCP (Dynamic Host Control Protocol)

DHCP was configured on FRDC1 and FRDC2 to provide IP address to each client as the clients connects to the fire-rescue domain. DHCP allows a server to dynamically distribute IP addressing and configuration information to clients. The DHCP server provides the client with at least this basic information: IP Address, Subnet Mask and Default Gateway.

Due to multiple sites we created a DHCP scope to define IP ranges for each site. Thus, allowing DHCP service to specify configuration information for clients that have IP addresses which are within the particular scope. Scope information for each DHCP server is specific to that particular DHCP server only, and is not shared between DHCP servers. The assigned Scope name was FRScope with a lease time for DHCP clients of 8 days. DHCP reservation was configured to assigned static IP address for each printer at each station.

Figure 4: DHCP Address Pool

Figure 5: DHCP Printer Reservation

Managing network services: SNMP

Pro-Connect Network administrator configured SNMP to assist in the following duties:

• Viewing and changing parameters in the LAN Manager and MIB-II MIBs.

• Monitoring DHCP servers.

• Using System Monitor to monitor TCP/IP- related performance counters (Internet Control Message Protocol (ICMP), IP, Network Interface, TCP, UDP, DHCP, FTP, WINS, and IIS performance counters) (Managing DHCP, WINS, and Internet Authentication Service, 2007)

Active Directory Users, Groups, and Security

Every fire and rescue employee must have a user account. A user account enables employees to access the network and network resources. Without user accounts, all resources would be open to anyone who casually dropped by your network. When creating the account profiles, fifty new user accounts with basic account options were established. The County Network Administrator will be in charge of adding additional rights to users as needed.

Employees were created a domain account which gave them access to any computer at his/her stations. Also, the employees can access the domain from any other the five fire stations throughout the county. First time users would need to access the domain by entering in their first name, middle initial and last name. The password used to log on to the network for the first time will be (P@ssword). Once the user logs on for the first time they will be prompted to change their default password with a new one.

Due to the nature of the Fire and rescue mission the IT department has decided to give unrestricted login access to all FR employees. Because employees work on a rotating shifts there will not be a need to restrict logons to user accounts during certain times or days

Active Directory Schema

Each Fire and Rescue Site including the Headquarters Element have been assigned to a separate Organizational Unit (OU) for purposes of Management. Figure 6 below illustrated the Active Directory Structure on the left-hand side of the graphic.

Figure 6: Account Creation and Directory Structure

Group Policy and Security

Group Policy Objects were created to maintain User Account Rights and establish Workstation Security. The "All Users" GPO is the Default Domain Policy. This policy establishes Password and Security Requirements, Windows Update Settings, and Internet Explorer Settings that apply to all users. There is also a GPO created for Trainers, Privileged Users, and General Users. These GPOs correspond with similarly named Global Security Groups in which User Accounts are placed as required.

Figure 7: Group Policy Configuration

Disk Management and Fault tolerance

Below are the options implemented

Minimizing single points of failure

We have provided basic fault tolerance for the F&R project and Security deployment by deploying additional hardware configurations that duplicate the existing hardware configuration. In this way, if one path of data input/output (I/O) or the physical hardware components of a server (such as computer, network, and storage area network components) fail, the existing system Security deployment can continue to operate using the duplicate hardware. Redundant hardware options we consider included:

Lady using a tablet
Lady using a tablet

This Essay is

a Student's Work

Lady Using Tablet

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Examples of our work

Dual power supplies

Dual network adapters

RAID 5 disk arrays

(Establishing a Backup Plan, 2007)

Using RAID configurations

By using RAID, you can increase the fault tolerance of your Security deployment. RAID stores identical data on multiple disks for redundancy, improved performance, and increased mean time between failures (MTBF). In a RAID configuration, part of the physical storage capacity contains redundant information about data stored on the hard disks. The redundant information is either parity information (in the case of a RAID-5 volume), or a complete, separate copy of the data (in the case of a RAID-1 volume). The redundant information enables data regeneration if one of the disks or the access path fails, or if a sector on the disk cannot be read.

To ensure that computers running Client Security continue to function properly in the event of a single-disk failure, we used RAID disk mirroring or disk striping with parity on the hard disks within the Security deployment. Disk mirroring and disk striping with parity creates redundant data for the data on the hard disks.

Using RAID configurations does not prevent damaged files or other file errors. For this reason, Pro-Connect did not use RAID configurations as a substitute for keeping current backups of important data on your servers.

You can also use RAID disk mirroring or disk striping with parity to prevent the loss of a single physical hard disk from causing a failure in your Client Security database. (Establishing a Backup Plan, 2007)

Figure 8: RAID 5 Concept

Using power backup

For servers that contain critical data, especially in large server deployments, it was necessary to use an uninterruptible power supply (UPS) and battery backup to increase fault tolerance in your Security deployment. UPS and battery backup provide protection against power surges and short power losses that can cause damage to your servers and the data they contain. For large data centers or critical applications, consider a large-scale UPS system and a backup generator to maintain power to UPS, air conditioning, and other critical systems during long outages. (Establishing a Backup Plan, 2007)

Remote Users

For security reasons the Fire and Rescue employees do not have remote access capability at this time. The County Network Administrator has decided to block any VPN connections into the County Intranet due to increased security risks. This option may be able in the near future.

Anti-Virus Service/ Network Security

The County already has a subscription contact with McAfee Security and Virus scan. For the new computers connected to the County WAN we had enough licenses to extend this software out to the 25 clients on the network. The need for virus protection is essential to securing client computers and in keeping the County network secure.

IIS Server

IIS 7.0 server was installed to establish a Fire and Rescue Intranet Site for all Fire and Rescue Users. Intranet access will include important links and web applications required for daily duties.

Figure 9: IIS 7 Configuration

DESIGN SCHEMATICS:

Figure 10: Fire & Rescue Network (with future Server additions)

Figure 11: Fire & Rescue Station Sample Design

(Below is the basic security design for the County)

Component

Characteristic

Router

 

Patches and Updates

Router operating system is patched with up-to-date software.

Protocols

Unused protocols and ports are blocked.

Ingress and egress filtering is implemented.

ICMP traffic is screened from the internal network.

TTL expired messages with values of 1 or 0 are blocked (route tracing is disabled).

Directed broadcast traffic is not forwarded.

Large ping packets are screened.

Routing Information Protocol (RIP) packets, if used, are blocked at the outermost router.

Administrative access

Unused management interfaces on the router are disabled.

A strong administration password policy is enforced.

Static routing is used.

Web-facing administration is disabled.

Services

Unused services are disabled (for example bootps and Finger).

Auditing and logging

Logging is enabled for all denied traffic.

Logs are centrally stored and secured.

Auditing against the logs for unusual patterns is in place.

Intrusion detection

IDS is in place to identify and notify of an active attack.

Firewall

 

Patches and updates

Firewall software and OS are patched with latest security updates.

Filters

Packet filtering policy blocks all but required traffic in both directions.

Application-specific filters are in place to restrict unnecessary traffic.

Logging and auditing

All permitted traffic is logged.

Denied traffic is logged.

Logs are cycled with a frequency that allows quick data analysis.

All devices on the network are synchronized to a common time source.

Perimeter networks

Perimeter network is in place if multiple networks require access to servers.

Firewall is placed between untrusted networks.

Switch

 

Patches and updates

Latest security patches are tested and installed or the threat from known vulnerabilities is mitigated.

VLANs

Make sure VLANs are not overused or overly trusted.

Insecure defaults

All factory passwords are changed.

Minimal administrative interfaces are available.

Access controls are configured to secure SNMP community strings.

Services

Unused services are disabled.

Encryption

Switched traffic is encrypted.

Other

 

Log synchronization

All clocks on devices with logging capabilities are synchronized.

Administrative access to the network

TACACS or RADIUS is used to authenticate administrative users.

Network ACLs

The network is structured so ACLs can be placed on hosts and networks.

Cost Analysis

Below is a summary for the total costs of the networking system.

Total Costs for Hardware/Software/Installation/Miscellaneous Expenses

Computer:

Hardware/Software

Installation

Total Computer Costs

Networking Equipment

Hardware

Software

Installation

Total Computers/Printers/Networking

Internet Service

Consulting

Anti-Virus Software

TOTAL PRICE

Cost Analysis Complete Breakdown

The cost analysis includes all needed hardware, software, networking and miscellaneous expenses. The products were compared against other products to meet the needs of the County existing infrastructure. The pricing is a compilation of matching the best overall value from multiple distributors to finalize each itemized cost. The total amount needed to fulfill the needs of this project came to $97,430.25. There are other expenditures such as internet access, virus software, and intermittent consulting. Below is our final offer, we are very firm in our belief that that the final product will fulfill the needs of the business and that the pricing is below the $100,000 contract bid. Below is a complete itemized listing of network, hardware, and software expenditures.

Network Resources

Justification

Wired Network

An all wired network from a PC to switch/router would be wired using UTP cat 5e cabling, because it supports 10/100/1000 Base-T Ethernet. Allowing up to 100 Mbps data transfer rate between network PCs and also have much faster Ethernet gigabit uplinks from Cisco 1800 router series to county servers and to Cisco Catalyst 2960 series switch. Based on number of users, applications used, network protocols Cisco recommended at least T1 (1.5Mbps) connection to the Internet.

All five Fire and Rescue Stations were connected using T1 links through Verizon (ISP). All five sites have Cisco 1800 series router installed on each site and connected via T1 links. All routers at each of the Sites have 8 port 10/100 Base-T Ethernet module installed.

The Cisco 1800 Series Routers

Benefits and advantages- The Cisco 1800 Series fixed-configuration routers help enable a

network infrastructure for SMBs and enterprise small branch offices, providing access to the

Internet, corporate headquarters, or other remote offices, while securing and protecting critical

data with integrated Cisco IOS Software security features and capabilities. They also help

businesses reduce costs by enabling deployment of a single device to provide multiple services

(integrated router with redundant link, LAN switch, firewall, VPN, IPS, wireless technology, and

quality of service [QoS]) typically performed by separate devices. Cisco IOS Software allows

this flexibility, providing the industry's most robust, scalable, and feature-rich internetworking

support, using the accepted standard networking.

Security Features of the 1800 Series-

Cisco IOS Firewall

• State-full firewall with URL filtering

• Per-user authentication and authorization

• Real-time alerts

• Transparent firewall

• IPv6 firewall

VPN

• Advanced Encryption Standard (AES) 128, 192, and 256

• Triple Data Encryption Standard (3DES), and DES encryption

• Embedded hardware-based VPN acceleration on the motherboard

• Cisco Easy VPN remote and server support

• Dynamic Multipoint VPN (DMVPN)

• Group Encrypted Transport VPN (GET VPN)

Onboard USB Port

• USB 2.0 ports (2) (Cisco 1811 and 1812 models only)

IPS

• More than 700 IPS signatures supported in Cisco IOS Software, with the ability to load and enable

Selected IPS signatures

URL Filtering

• Local URL filtering in Cisco IOS Software based on external server (Websense and N2H2)

• Stateful firewall contains URL filtering

Cisco SDM

• Cisco Router and Security Device Manager (SDM)

IOS Web VPN (SSL VPN)

• Secure remote access for mobile users without installing PC client software

• Integrated into the router-no separate appliance required

• Cisco 1801 and 1812 supports up to 10 users

• Requires IOS WebVPN feature license FL-WEBVPN-10

• Requires an IOS security feature set (IOS security feature set is included in all secure router bundles

Cisco 24 port Gigabit Ethernet Switch 2960

Fixed-configuration switches offering Fast Ethernet and Gigabit Ethernet connectivity with enhanced LAN services for mid-market and branch office networks. The Catalyst 2960 Series compact silent models are ideal for deployments in office workspaces, classrooms, and other space-constrained environments and enable intelligent services using enterprise-class features outside of the wiring closet.

Gigabit Ethernet

At speeds of 1000 Mbps, Gigabit Ethernet provides the bandwidth to meet new and evolving network demands, alleviate bottlenecks, and boost performance while increasing the return on existing infrastructure investments. Today's workers are placing higher demands on networks by running multiple, concurrent applications. The Catalyst 2960Series provides a means to intelligently scale the network beyond 100 Mbps over existing Category 5 copper cabling.

Enhanced Security

Security is delivered through a wide range of authentication methods, data encryption

technologies, and Network Admission Control(NAC) based on users, ports, and MAC addresses.

Through these features, the Catalyst 2960 Series offers security to protect users and devices from

attack.

Ease of Management and Configuration

Cisco Network Assistant simplifies configuration, Cisco IOS Software updates, and

Troubleshooting. Smart ports enable fast and easy configuration of Cisco Catalyst intelligent

capabilities; Express setup is quick and easy using the Webpage interface. Enhanced

troubleshooting for link connectivity issues and cable diagnostics.

ISP Provider

When choosing an ISP, the decision was not only based on price, but quality, reputation and history. We choose Verizon Business Internet Service for a variety of reasons. Verizon is a leader in the Telecommunications industry, offers an excellent product that correctly fit the needs of the County system. The Five Fire and Rescue Stations needed Internet access of 1.5 Mbps per station.

Verizon Internet Service, the need for a static T1 line, which is 1.5 Mbps was needed. Since, the county already has an existing Contract with Verizon it made since adding five new connections to the existing contract.

Other Hardware and Software

Computers

Windows 7 OS

OS for the additional desktop computers

Anti-Virus software

Memory

Enhancement to the new servers

Storage

Enhancement to the servers

Tapes

For Backups

Protection

(Snapshot of a Secure Network, 2007)

Staffing

Pro-Connect "IT" services attract's superior professionals from a wide variety of sectors. Within the Washington, D.C., Metro area, there are nearly 100 Pro-Connect IA professionals engaged with various clients including DOD and civilian government agencies, state governments, and commercial enterprises. Globally, Pro-Connect employ's 1,000 IA team members. Pro-Connect capabilities include a comprehensive portfolio of IA services, project management, network program development, system security engineering, and security services.

Pro-Connect staffed this project from existing full-time employees. The following table lists the key employees and the position that each person is to be assigned.

Name

Role

Position

Brian Byers

Project Manager

Program Manager

Katherine Billing

Technical Director

Government Advisory Spec Mgr.

Brian Green

Technical Architect

Government Advisory Spec Mgr.

Michael Black

Access Manager Engineer

Business Consultant

Peter Doe

Firewall Engineer

Government Advisory Spec Mgr.