Network architecture is the plan of a connections network. It is a structure for the design of a networks physical mechanism and their functional association and design, its operational values and events, as well as data formats use in its function. In telecommunication, the plan of network architecture may also consist of a detailed report of products and services deliver via a communications network, as well as detail rate and billing structure under which services are compensated.
Network architecture diagram
Full explanation of network diagram
We designed in this company basic network architecture and we followed millstone for network architecture and all necessary information include now I describe in this architecture such as-
Workstation is a design for professionally work in office. The company is an energy company this company’s customer uploads reading their payment in this company website but before times their payment report and upload file attack. But in the new network architecture security is very strong so workstation all work confidently is possible and it is saved from attack.
Routers allow connectivity to one or more computers help generate a network. For home user, these are mostly useful for captivating a single broadband internet account and distribution it to at least two or more computers. Standard routers necessitate the internet connection from a standalone modem, but modem-routers are ever-increasing in popularity, which can be plugged into any broadband-enabled phone line, reducing cable clutter, and only taking up one power socket.
The rules for handle traffic are an essential component of internet security. A home/office router may have rules preventive how computers outside the network can connect to computers inside the network, as well as prevent private network traffic from spill into the outside world. Many home routers include additional security features – they scan and filter all traffic that passes through them, frequently through an integrated firewall in the hardware. Some may carry out other useful roles such as acting as a print server.
A switch is sometimes call an ‘intelligent hub’, A switch does the similar as a hub, in that it connect devices to allocate them to take action as a single segment. However, it does not automatically send traffic to each other port. Every time a frame of data comes into the switch, it saves the physical address (MAC address) and the port it came from in its MAC address table. It then checks the purpose MAC address in the table, and if it recognizes it sends the frame to the suitable port. If it is not in the table, or the address is a broadcast address then it does the similar as a hub and sends the frame through every port except the originate port.
A hub is a device for connector multiple Ethernet devices typically PCs to form a single segment – a portion of a network that is divided from other parts of the network. It has multiple ports throughout which devices are linked, and when it receive data it sends it out again through every port except for the one it came in through.
A hub replace the cable, make sure that traffic is seen by each computer on the network, and enables the network to be connect in the form of a star before a bus using the familiar twisted pair Ethernet cable.
A firewall is an element of a computer system or network that is designed to block unauthorized access even as permit authorizes communications. It is a device or set of devices that is configured to permit or deny network transmissions based upon a set of rules and other criterion.
Firewalls can be implementing in any hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, in particular intranets. All messages entering or leaving the intranet pass through the firewall, which inspects each message and blocks those that do not meet the specific security criterion
http //www. Wikipedia.com//firewall
Demilitarized zone (DMZ)
In computer security, a DMZ, or else demilitarized zone are a physical or logical subnet work that contain and expose an organization external service to a larger untreated network, typically the Internet. The term is usually referred to as a DMZ by information technology professional. It is now and then referred to as a perimeter network. The function of a DMZ is to add an further layer of security to an organization local area network (LAN); an external foe only has access to equipment in the DMZ, before any other part of the network.
Diagram of a typical network employing
DMZ using a three-legged firewall
http //www. Wikipedia.com//DMZ
In computer terminology, a honey pot is a lock in set to detect, redirect, or in some manner counter attempt at unauthorized use of information systems. Usually it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, (UN) protected, and monitored, and which seem to contain information or a resource of value to attacker.
http //www. Wikipedia.com//honey pot
Virtual private network (VPN)
A virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their organization network. It aims to avoid a luxurious system of own or lease lines that can be used by only one organization.
It encapsulate data transfer between two or more networked devices which are not on the same private network so as to be the transferred data private from other devices on one or more dominant local or wide area networks. There are many diverse classifications, implementations, and uses for VPNs.
http //www. Wikipedia.com/VPN
HIDS agent installed
Server agent use middle organization and multiple agents which are provide safety public and private among network hosts. It is advantage local installation on every host. HIDS agent server performs all log analysis then the agent connected to it. Active response are initiate from the server, but can be executed on an agent or all agents simultaneously
Internal NIDS sensor
Internal NIDS sensor is inserting into a network section so that the traffic that it is monitor must pass through the sensor. One way to achieve an Internal NIDS sensor is to combine NIDS sensor logic with another network device, such as a firewall or a LAN switch. This approach has the advantage that no additional separate hardware devices are needed; all that is required is NIDS sensor software. An alternative is a stand-alone internal NIDS sensor. The primary motivation for the use of inline sensors is to enable them to block an attack when one is detect. In this case the device is performing both intrusion detection and intrusion prevention functions.
External NIDS sensor
External NIDS sensor monitors a copy of network traffic; the real traffic does not pass through the device. From the point of view of traffic flow. The sensors connect to the network transmission medium, such as a fiber optic cable, by a direct physical tap. The taps provide the sensor with a copy of all network traffic being carried by the medium. The network interface card (NIC) for this tap usually does not have an IP address configured for it. All traffic into this NIC is just collected with no protocol interface with the network.
Server and database server
The network architecture main important part is server in this server use for this company. Company internal or external all important information will save in server and the server client all request respond and work station all employee in this company all details handle in this network architecture by server.
Database server is very important for this company because the company provides their customer upload and reading and makes payment. customer details save database server for future.
Integrated delivery systems (IDS) very need for this company manages process text arrangement Manager writes to handle IDS sensors in a distributed situation.
This is done by having the capability to receive the text arrangement files and allow you to change them with an easy to use Graphical interface. With the additional capacity to merge new rule sets, manage preprocessors, arrange output module and steadily copy system to sensors, IDS Manager Makes managing Snort easy for most security professionals.
Cite This Work
To export a reference to this article please select a referencing style below: