Documente Academic
Documente Profesional
Documente Cultură
Done By
Methodology:
2
We are using waterfall model (development model) for our project. With
waterfall the development moves from concept through different process
(Analyze Requirements, design ,implementation ,Verification and
Maintenance). Each processed starts when the pervious processed is
completed without any overlapping steps .
3
Abstract:
This project is about al saf arabi ask us to improve their network and develop it in
such way to be fast and secure network and able to be growth.
In our survey we found that there were many missing in the network configuration
and network security in company. In additional we found some hardware need to be
upgrade and some need to be replaced.
Moreover the network did not exist in some places in the building because al saf arabi
Company consists of three floors and the network services unfortunately not available
in some locations.
After we analyzed we design a network solution for Al saf arabi Company through
install new servers with high level of security. For network availability we added
some access points in order to cover all floors.
Finally, we implemented software and hardware and configured network features like:
Acknowledgment
We would like to take this chance to thank all the faculty members of Middle Eastern
College of Information Technology for all the help given that we needed desperately.
I would like starting thanking Mr.Taufeeq our project teacher in Middle East College
of Information Technology, for all his guidance throughout these gainful years that
passed.
I would like also to thank Mr.Salim Al Fahdi G.M of Al saf Alarabi Company and all
staff and members for coordinate us to finish this project.
We would like also to thank our friends for their ideas that helped us put our project
together.
5
Hardware:
1- 2 New Servers.
2- 9 Wireless Access Point
3- 11 Wireless Networks Card.
4- 2 Cisco Switch with 24 ports each supporting for Ethernet Power.
5- 30 cable cat 6 size of “1 m “to use between switch and patch panel (Ready
Made).
6- 30 cables cat 6 sizes of 5 meters (Ready Made) to use it between points and
clients.
7- 2 cross cable (Ready Made) to use it between switch.
8- One Cabinet with size of 3 meters.
9- One UPS with Two KV.
10- One ADSL modem with wireless
11-
Software:
Introduction:
The networks play an important role in every organization either its public sectors or
private sectors. All processes are done by using computation through the networking
technology. By using the network you can perform many tasks in and jobs in easy and
fast way. In addition, multi tasks can be done at a same time which helps
organizations to save the time and have a good work performance.
The network provides many features and facilities such as: sharing files and
recourses, printing sharing, saving files….etc
In fact, all technologies growth up during the time .As the network is one of the most
important technologies which growth very fast and daily develop, so we have to
follow and keep track with this capering in the network. The capering in this case is
an upgrade in network components which consists of hardware devices (like switches
and routers)and software application(like operating system and security applications).
For that reason we determined to design network for Alsaf Alarabi Company which
had already an existing network. The title of our project "Analyze an existing network
and design new network infrastructure with implementation".
Each of those steps has sub steps and process in analyze steps we studied the existing
network components (hardware and software) in order to determine which
components are useful and which are useless.
in design step according to our analyzed we prepared our design for the new network
for AL Saf AL Arabi Company.
Our team of the project consists of four members and we distribute the tasks and jobs
between us. We cooperate each other till we finished the project. We are working as
succeed cooperation team and w are using
Many methods of commotions between us like (meeting, e_mails, SMS and
telephones) the purpose is to exchange the ideals and to discuss about our project.
We generate a weekly meeting to study the task that be done by each member of the
team. The uniquely features in our project is that each member has to teach other
about his work and task.
In fact, from this features we gain my advantages like improve our skill and
knowledge in network world technology. For example, in wireless configuration and
in group policy.
8
Analyze
9
Analyze Stages:
We met Mr. Salim Al-Fahdi who is the general manager of the Al-Saf Al-arabi
Company to discuss all details about network. Our discussion is including many
points about the exiting network and what are the requirements of the company. Then
we discuss how we will upgrade the exiting network.
Through this meeting we collected the details about Hardware, Software used in the
company and how many number of users who used the network. Then we toke about
the level of security the need it.
In addition, we met with some managers and head of offices to get some more details
that we have to consider it in our project.
From that meeting we collected many details. And according to that we determine and
classification our requirements into:
1. Hardware (HW):
Servers:
So, we can’t use it or even upgrade it because it’s very old. For that we have to
replace it by new one with very high specifications.
Clients:
The table below is show the clients used in the company with specifications:
Network:
Switches:
The exiting switches used in the company is (3Com with 12 ports, and some
hubs)
Cables:
Network Cabinet:
They company didn’t have a cabinet for the network (for the servers).
UPS
The Company network did not have any disaster recovery for the electrical power.
Internet:
2. Software:
The company used Windows NT server operating system on the server and windows
2000 in its clients PCs
Security management
The company did not have any mean of security management such as
firewall.
Application
The company used office 2000
11
Design
12
Design Stages:
In design stages we started from results of analyzed points to fix the missing
weakness of the existing network in Al Saf Al Arabi Company.
Project Requirements
Servers:
According to our requirement, we need for three servers. Those servers are use to
implement Win 2003 Server in order to use in:
HP Proliant ML 350 G5 Tower Sever (1) Quad-Core Intel Xeon E5405 Processor 2.0
GHz, 80 Watt, 1333 FSB
4GB PC2-5300 Fully Buffered DIMMs (DDR2-667)
3 × HP 146 GB SAS 10K HDD
Smart Array E200, 128 Controller (RAID 0/1/1+0/5)
Internal DVD Writer DL
Embedded NC373i Multifunction Gigabit Sever Adapters
Additional HP NC 373i PCIe Gigabit Network Card Six expansion slots: one 64-
bit/133-MHz PCI-X, two 64-bit/100 MHz PCI-X, and x4 PCI Express (with x8
connectors)
Redundant Hot Plug Power Supply & Redundant FAN
HP Ultrium LTO: 448 Internal SCSI Tape Drive
Hp single Channel U320 SCSI Host Bus Adapter
400 GB Compressed Data cartridge 4 Qty & 1 Cleaning Cartridge
HP19" TFT LCD WIDE SCREEN Monitor
Clients:
The table below is show the clients used in the company with specifications:
13
From the table we see that some client needs to upgrade. All clients should be at least
with the following specification:
Operating System: Win XP with at least SP2
RAM: 512 MB
Hard Disk: 40 GB
All this specifications provide more efficient performance for the client PCs.
Network:
Wireless Network:
We will use wireless network in the location to cover the area which is not
reachable by wiring cable. From the company chart we need at least two
Access Points in each floor.
Switches:
We will replace the old one by new switches (Cisco with 24 ports)
We need three Switches for our upgrading of the network.
Cables:
Type: Cat6
Size: 1 Meter
Cross cable
Using to connect between switches.
Type: Cat6
Size: 1 Meter
Network Cabinet:
They company didn’t have a cabinet for the network (for the servers).
We will going to use one network cabinet size of 3 Meters for server.
UPS:
We must have one UPS to avoid any bad case that may happen for clients or servers
that will be effect in it. Like electricity break.
Internet:
For internet using we are looking to replace the current exiting service which is dialup
connection.
Because it’s very slow so we are looking to use ADSL service and for that case we
require one ADSL modem with wireless feature.
3. Software:
Ms Office 2003
Operating System:
In ground floor we used 8 NW points 2 for access points, 5 for clients PCs and one for
a printer. We had 4 wireless computers and one wireless printer
In first floor we allocate one room to be as a server room (includes servers, switches
and patch panel). We used 8 NW points, 6 for clients PCs and 2 for access points.
There are 5 wireless computers and 2 wireless printers.
17
In second floor there are 12 NW points used, 9 for client PCs and 3 for access point
also there are 2 wireless PCs and 3 wireless printers.
Backup Server
Backup server acts as additional domain and used for perform backup for the Active
Directory database, users resources and profiles. In addition we used it for sharing
folders.
ISA is used for internet browsing and security to improve the performance of the
internet security and speed.
19
Implementation
20
Implementation:
Step1
Boot the server with the HP Smart CD in the CD Rom
F1 to continue
(HP Smart Start will load all drivers required for the particular Server
Step2
Select the Language to use during the smart start process
ENGLISH
Continue
Step3
Accept the end user license.(Agree)
Step4
In Smart Start Home
Click Deploy Server
21
Step 5
In Configuration View
Click Smart Array 200i Embedded Slot
Step 6
In Command Tasks
Click Create Array
In Select the Physical Drives and on the New Array
Select All
Ok
Step 7
In configuration View
Unused Space 209925 M
Step 8
In Common Task
Click Create Logical Drive
Fault Tolerance: RAID 5
Stript Size: 64 KB
Size: 139947 MB
139947 MB Max
Max Boot
Disable
Array Accelerator
Enable
Ok
Step 9
In Controller State
Click Save
Ok
Exit from ACU
Continue
Step 10
Select Specific O/S version
Step 11
Specify Operation System Media Source
Specify Operation System Source Type
22
CD Rom
Continue
Step 12
Disk Partitioning option
Select File System
File System: NTF
Select Boot Partition Size
Custom
10240 MB
Step 13
Select the Operation System Configuration Information
User Name: (ALSAF) “company name”
Organization Name: ALSAF
Continue
Step14
SNMP Configuration “Simple Network Management Protocol”
Install SNMP
Yes
Step15
Start the Preparation of hard Drive
(Wait till computer operate the following process)
Erasing
Creating Partition
Copying Drivers & utilities
Step 16
Remove Smart Start CD and insert the Operating System CD (Windows 2003
Server Standard Edition) when prompted
Copying the Data files to HDD
Continue
23
Windows Setup:
Next
- Advanced
Select a language to match the language version of the non-Unicode..
Arabic (Oman)
Apply
Ok.
Next
Next
Time Zone
Next
Networking Settings
o Typical settings
Next
WORKGROUP
Next
25
“Wait till the installation complete, computer will restart several times automatically”
9. After formatting the hard disk partition Windows Setup will start
copying files to the hard disk for continuing the GUI setup
program.
27
10. A restart your computer screen will show up and the computer will
restart within 10 seconds.
11. Through the Graphical Users Interface (GUI) of windows setup, it
will install drivers for your computers hardware components.
12. A “Personalize your software” window will show up where you
have to enter your name and your organizations name.
13. Enter the product key in the upcoming product key window.
28
15. In the “date and time setting” window, choose the international
“Time Zone”, “Time” and “Date”.
29
30
16. Now a “Network Setting” window will show. Choose the “Typical
Setting”.
31
After the restart there will be a welcoming screen. That means the installation is
.completed successfully
33
Assign IP Address
Right Click My Network Places , select properties, right click “Local Area
Connection”, select properties select TCP/IP, click properties button and assign the IP
address as required.
34
Select Install and configure DNS server on this computer, and set this computer to use
the DNS server as preferred DNS Server.
Permission compatibility
Select, “Permission compatible only with windows 2000 or windows server 2003
operating systems” and click next to continue the wizard.
40
Enter the restore mode password as “Alsaf12345” and click next to continue
Alsaf12345
Installation progress
In the New Scope Wizard screen type the Scope Name as Alsaf Scop.Then Click Next
45
In Router (Default Gateway) enter 192.18.1.254 and click Add Then Click Next
In the Domain Name and DNS Server enter parent domain as alsaf.om
In server name enter alsaf-dc1 and click Resolve The click add and Click Next
48
In Activate Scope Choose Yess I want to activate this scope now and Click Next
49
Assign IP Address
Right click my network places, select properties, right click "local area
connection", select properties, select TCP/IP, click properties button and
.assign the IP address as required
50
Network Credentials
Type the user name “Administrator” and the password. Enter the Domain you want to
"join “e.g. Alsaf.om
Installation progress
Please wait while the system is getting configured
Right “click my computer” select remote tab select “Allow users to connect
remotely to your computer” and press OK.
Assign IP Address
Right click my network places, select properties, right click "local area
connection", select properties, select TCP/IP, click properties button and
assign the IP address as required.
Create Users
1. go to Start then Program and choose Active Directory Users and
Computers.
59
2. Expand ALSAF.OM and right click to Users Folder, choose New User.
60
3. Fill the First Name , Last Name and the username then click Next
7. You can change or insert information about the user, choose Account
tab.
8. choose End of and choose end date of the password ,so the user must
change the password in that day.
Creating Groups
1- Co to Start – Programs – Administrator Tools – Active Directory Users and
Computers.
2- From the screen Appears Expand the Alsaf.om Domain – Right Click Users – New
– Then Choose Group
7. Write the name of the user or username of the user that you want to ad
66
8. Add the remaining users to the group using the same steps above and click Apply
then OK.
68
8. A format the hard disk screen will show up where you can format
the hard disk by using FAT or NTFS file system.
70
9. After formatting the hard disk partition Windows Setup will start
copying files to the hard disk for continuing the GUI setup
program.
10. A restart your computer screen will show up and the computer will
restart within 10 seconds.
11. Through the Graphical Users Interface (GUI) of windows setup, it
will install drivers for your computers hardware components.
12. A “Personalize your software” window will show up where you
have to enter your name and your organizations name.
13. Enter the product key in the upcoming product key window.
71
15. In the “date and time setting” window, choose the international
“Time Zone”, “Time” and “Date”.
73
16. Now a “Network Setting” window will show. Choose the “Typical
Setting”.
74
Join PC to domain
3) Choose Domain and write the domain name that you want the client to be joined
then click ok
4) write the user name and the password of an account with permission to join to the
domain
77
5) after few seconds you will see "Welcome to alsaf domain" message, press ok and then click ok
6) You must restart the computer before the new setting will take affect. Click ok
78
The following Picutre display that the client PC is joining to the alsaf.om domain
79
4. Transfer users and groups that you want to apply the group policy to them by
selecting them and put them in the Department Staff OU
82
2. go to Group Policy Tab and click New then write the name of the new Group
Policy Object (GPO) then click edit
84
4.Go to User configuration ,then Start Menu and Toolbar from administrative
Templates. You will see list of option right click to Remove Run menu from Start
Menu and choose Properties.
5.Choose Enabled to enable the option and click Ok
6.Go to Desktop from administrative Templates and with right click choose Remove
Properties form the My Computer context menu and choose Properties
86
8.Go Control Panel From administrative Templates and right click to Prohibit access
to the control Panel then choose Properties.
87
10.To apply the GPO to the users select the Department Staff GPO and click
Properties.
Choose Security tab and from list of group and users select Authenticated Users and
make sure that the Apply Group Policy allow box is checked . Then click ok.
89
To test the Group Policy effect log on to client PC as user from the list of Department
Staff and the pictures below show the effects
1. Run menu is removed
The picture below shows that the properties of the My Computer is removed.
90
When the user click right click to the desktop and choose properties the following
massege will be shown.
91
After that the installation gives you the summery of your selection, if you accept click
next to start install.
Write the user name and the organization name. Then click next.
Click on the check box for accepting the agreement. Then click next.
Than click on the custom check box to select it. Because the custom allows you to
select which application you want to install. Then click next.
93
From this screen you choose what application you want, just by click on it. Then click
next.
Then right click and select “Run All from computer” to install all application features.
Then click next to move the next step.
94
- FIREWALL
An Internet firewall is a security mechanism that allows limited access to your site
from the Internet, allowing approved traffic in and out according to a thought-out
plan. This lets you select the services appropriate to your business needs, while
barring others which may have significant security holes.
Hardware:
95
Software:
Hardware firewalls are important because they provide a strong degree of protection
from most forms of attack coming from the outside world. Additionally, in most cases,
they can be effective with little or no configuration, and they can protect every
machine on a local network.
from the local network) and whether incoming traffic is a response to existing
outgoing connections, like a request for a Web page.
But most hardware residential firewalls have an Achilles' heel in that they typically
treat any kind of traffic traveling from the local network out to the Internet as safe,
which can sometimes be a problem.
Consider this scenario: What would happen if you received an e-mail message or
visited a website that contained a concealed program? Let's say this program was
designed to install itself on your machine and then surreptitiously communicate with
someone via the Internet — a distributed denial of service (DDoS) attack zombie or a
keystroke logger, for example? And trust me, this is by no means an unlikely scenario.
To most broadband hardware firewalls, the traffic generated by such programs would
appear legitimate since it originated inside your network and would most likely be let
through. This malevolent traffic might be blocked if the hardware firewall was
configured to block outgoing traffic on the specific Transmission Control
Protocol/Internet Protocol (TCP/IP) port(s) the program was using, but given that
there are over 65,000 possible ports and there's no way to know which ports a
program of this nature might use, the odds of the right ones being blocked are slim.
Moreover, blocking too many ports would almost certainly adversely affect your
ability to use some programs (many games, for instance). Also, some broadband
router firewalls don't even provide the ability to restrict outgoing traffic, only
incoming traffic.
Another potential scenario where a software firewall would be useful is in the case of
an e-mail worm with its own e-mail sever, like the recent "So Big" worm. Its built-in
mail server could attempt to send mail on the valid Simple Mail Transfer Protocol
(SMTP) port (25), which would probably pass through the router because of its
trusted origin.
On the other hand, a software firewall could be configured to only allow Microsoft
Outlook to use port 25 (assuming Outlook is your e-mail client). Any attempt by
another application to use the port would be dropped, or blocked pending user
confirmation. For that matter, the application's attempt to use any port would be
blocked if the firewall was configured that way.
97
By comparison, a hardware firewall that had the ability to filter outgoing traffic might
allow you to block most kinds of traffic from a particular PC, but it wouldn't be able
to flag you and alert you to repeated attempts to infiltrate your computer.
One obvious downside to software firewalls is that they can only protect the machine
they're installed on, so if you have multiple computers (which many small offices do),
you need to buy, install, and configure a software firewall separately on each machine.
This can get expensive and can be difficult to manage if you have a lot of computers.
But the fact of the matter is that software firewalls generally offer the best measure of
protection against certain types of situations like Trojan programs or e-mail worms.
Speaking of which, a firewall isn't the only protection method available to you.
Whether you end up using a software firewall or a hardware firewall, you should
always supplement it with anti-virus software.
The bottom line is that with any home-office broadband connection, a hardware
firewall should be considered a bare minimum and supplementing it with software
firewall on one or more computers (and don't forget anti-virus software) is almost
always a good idea.
2- ISA Server
Microsoft Internet Security and Acceleration (ISA) Server 2004 is the advanced
tasteful packet and application-layer inspection firewall, virtual private network
(VPN), and Web cache solution that enables enterprise customers to easily maximize
existing information technology (IT) investments by improving network security and
performance. ISA Server 2004 is available in two versions: standard edition and
enterprise edition. Information included in this product overview includes features
and capabilities in both versions, unless otherwise specified.
ISA Server 2004 provides advanced protection, ease of use, and fast, secure access for
all types of networks. ISA Server is particularly well suited for protecting large
enterprise network configurations requiring multiple firewall arrays in disparate
locations that are running Microsoft client and server applications, such as Microsoft
Office, Office Outlook Web Access 2003, Office Share Point Portal Server 2003,
98
Internet Information Services (IIS), Routing and Remote Access, Active Directory
directory service, and many other Microsoft applications, servers, and services.
ISA Server contains a full featured, application-layer aware firewall that helps protect
organizations of all sizes from attack by both external and internal threats. ISA Server
performs deep inspection of Internet protocols such as Hypertext Transfer Protocol
(HTTP), which enables it to detect many threats that traditional firewalls cannot
detect. The integrated firewall and VPN architecture of ISA Server support stateful
filtering and inspection of all VPN traffic. The firewall also provides VPN client
inspection for Microsoft Windows Server 2003-based quarantine solutions, helping to
protect networks from attacks that enter through a VPN connection. In addition, a
completely new user interface, wizards, templates, and a host of management tools
help administrators avoid common security configuration errors.
2.2 Comparison of Standard and Enterprise Editions for ISA Server 2004
Internet Acceleration and Security (ISA) Server 2004 builds on the previous version of ISA
Server as well as Microsoft Windows Server 2003 technology to provide a robust, effective, and
easy-to-use firewall. Two versions of ISA Server 2004 are available: Standard Edition and
Enterprise Edition. The following table compares and contrasts the features of the two editions.
Switch A B
VPN client
C D
B
Firewall
Internet
Administration HR department
department
101
Server room:
Administration Department:
Staff Department:
HR Department:
Student Department:
The following steps are used for installing ISA server 2004.
Step: 1 -> Click Install ISA Server 2004 to start the ISA server 2004
102
Step: 3 -> Select first option to accept the terms and conditions and click next.
103
Step: 5 -> Select custom to choose the services you want install and click next.
104
Step: 7-> Click Add to specify the local network address range.
105
Step: 8 -> Specify the address arrange that is provided for the internal network and
click add
Step: 9 -> The below screen appears after specifying the internal network address
range. Click next
106
Step: 10 -> Select the below option to allow earlier versions of windows to connect to
ISA server.
Step: 13 -> You have to restart the system to ISA server take effect
Step: 1 -> In the Microsoft Internet Security and Acceleration Server 2004
management console, click new user set to create users
Step: 2 -> On the Welcome to the New user sets Wizard page, enter user set name
in the text box. Click OK.
6- Schedule
Step: 1 -> In the Microsoft Internet Security and Acceleration Server 2004
management console, click new schedule to create time table to restrictions the users
112
Step: 1 -> In the Microsoft Internet Security and Acceleration Server 2004
management console, click the Show/Hide Console Tree button to expose the scope
pane. Right click the Firewall Policy node, point to New and click Access Rule.
113
Step: 2 -> On the Welcome to the New Access Rule Wizard page, enter All Open
Outbound in the Access policy rule name text box. Click OK.
Step: 3 -> On the Rule Action page, select the Allow option, then click Next
114
Step: 4 -> On the Protocols page, select the All outbound protocols option and
click Next.
Step: 5 -> On the Access Rule Sources page, click the Add button. In the Add
Network Entities dialog box, click on the Networks folder. Double click on the
Internal network, then click the Close button in the Add Network Entities dialog
box. You may want to click on each of the folders so that you can see the Network
Entities that come predefined with the ISA Server 2004 firewall. These Network
Entities give you very fined tuned control over inbound and outbound access control.
Click Next in the Access Rule Sources dialog box.
115
Step: 6 -> Click the Add button on the Access Rule Destinations page. In the Add
Network Entities dialog box, click the Networks folder. Double click the External
entry and click Close in the Add Network Entities dialog box. Click Next on the
Access Rule Destinations page.
Step: 7-> On the User Sets page, accept the default setting of All Users. ISA Server
2004 enables you to create custom user sets based on Active Directory or local SAM
groups. This enables the firewall administrator to create custom firewall user groups
without requiring access to the Active Directory and creating groups there. Click
Next.
116
ISA Server uses server publishing to process incoming requests to internal servers,
such as File Transfer Protocol (FTP) servers, Structured Query Language (SQL)
servers, and others. Requests are forwarded downstream to an internal server, located
behind the ISA Server computer.
117
Server publishing allows virtually any computer on your internal network to publish
to the Internet. Security is not compromised because all incoming requests and
outgoing responses pass through ISA Server. When a server is published by an ISA
Server computer, the IP addresses that are published are actually the IP addresses of
the ISA Server computer. Users who request objects assume that they are
communicating with the ISA Server computer” whose name or IP address they
specify when requesting the object” while they are actually requesting the information
from the publishing server. This is true when the network on which the published
server is located has a network address translation (NAT) relationship from the
network on which the clients accessing the published server are located. When you
configure a routed network relationship, the clients use the actual IP address of the
published server to access it.
HTTP
Step: 1 ->in the task pane, on the Tasks tab, selects Create web Server Publishing
Rule to start the New Server Publishing Rule Wizard.
Step: 2 ->On the Welcome page, type a name for the new web server publishing rule.
Use a descriptive name, such as Publish http then click Next.
118
Step: 3 -> On the Rule Action page, select the Allow option, then click Next
Step: 4 -> Type the IP address of the Web Server in Internal Network.
119
Step: 5 -> Select [This domain name] and type the domain name in Public name
option.
Step: 8 -> Select the appropriate option that specifies the ip addresses of ISA Server,
which receives the incoming web requests.
121
Step: 9-> This window help us to specify the HTTP port number and also enables
Secure Web Site (SSL).
Note: You can see the Web listener name that has been configured. And click
Next to continue.
Step 11: -> Click Add to add users to accessing the Web Site.
123
Step: 12 -> Click Finish to complete the Web Server Publishing Wizard.
Note: After completion of the above steps. It is necessary to save the changes
made in ISA server.
124
FTP
Step: 1 ->in the task pane, on the Tasks tab, selects Create New Server Publishing
Rule to start the New Server Publishing Rule Wizard.
Step: 2 ->On the Welcome page, type a name for the new server publishing rule. Use
a descriptive name, such as Publish FTP server in Internal network. And then click
Next.
125
Step: 3 ->On the Select Server page, provide the IP address of the server that you are
publishing, and then click Next.
Step: 4 ->On the Selected Protocol page, select FTP Server, and then click Next
126
Step: 5 ->Select the network IP addresses that will listen for requests intended for the
published server. Because you are publishing the server to the Internet, select All
Network (and local Host). Click Next.
Step: 6 ->Review the information on the wizard summary page, and then click
Finish.
127
A Virtual Private Network (VPN) is simply a secure connection between remote users
or offices over the Internet. Depending on the make and model, a firewall may include
the ability to run a VPN.
VPNs run across the Internet and the speed of the data transferred depends on the type
of connection used. A secure VPN "tunnel" is created between the client and the
firewall, where all data passing over the tunnel is encrypted before sending it. Again,
depending on the type of firewall, a number of concurrent tunnels can be created so
that multiple remote users can connect over secure private links to the office for
example. A VPN can be created directly between firewalls, or between firewalls and
remote users running the VPN client software on their remote machines.
When running a VPN, the link is secure and so no one can have access to the data that
passes over it. It essentially allows users to connect to remote machine from wherever
they have an Internet connection, which could be anywhere in the world. Using a
VPN for remote access is far better than setting up dedicated remote access phone
lines for remote users to dial in to because:
1. A VPN tunnel can be set up from anywhere in the world
2. Multiple users can connect over multiple VPN tunnels
3. A VPN can be set up over an existing Internet connection, negating the need to
install dedicated remote access phone lines
One important consideration when setting up the remote users over a VPN however is
the all remote users need to be secure. This is easily achieved by installing a software
firewall onto the remote machines.
128
Benefits of VPN
1-Lower cost than private networks-Total cost of ownership is reduced through lower-
cost transport bandwidth, backbone equipment, and operations.
Step: 1 ->in the task pane, on the Tasks tab, selects Virtual Private Networks
129
Step: 3 ->From Address Assignment select static address to set ip address ranges.
130
Step: 4 ->Click on the Authentication tab. Note that the default setting is to enable
only Microsoft encrypted authentication version 2 (MS-CHAPv2).
10- Monitoring
Sessions
You can view all active connections. From a Session view, you can sort or disconnect
individual or groups of sessions. In addition, you can filter the entries in the session's
interface to focus on the sessions of interest using the built-in sessions filtering
facility.
131
Services
You can use the Services view in monitoring to check the status of ISA Server
services, and to stop and start the Microsoft Firewall service, Microsoft ISA Server
Job Scheduler service, and the Microsoft Data Engine service.
Reports
You can use the reporting features to summarize and analyze usage patterns, and to
monitor the security of your network.
Add new Report
Step: 1 ->select Reports from Monitoring and click Generate New Report
132
Step: 5 -> Enable the below option and type the directory path for storing the Report
files
134
Alerts
ISA Server alerts notify you when specified events occur. You can configure alert
definitions to trigger a series of actions when an event occurs. The ISA Server alert
service acts as a dispatcher and as an event filter. It is responsible for catching events,
checking whether certain conditions are met, and taking corresponding actions.
135
Dashboard
The ISA Server Dashboard summarizes monitoring information about sessions, alerts,
services, reports, connectivity, and general system health. The Dashboard provides
you with a quick view on how your network is functioning.
136
Connectivity
You can use connectivity verifiers to check connections to a specific computer name,
IP address, or Uniform Resource Locator (URL). Use the following methods to
determine connectivity: Ping, Transmission Control Protocol (TCP) connects to a
port, or Hypertext Transfer Protocol (HTTP) GET.
Logging
You can view firewall and Web Proxy logs in real time. You can query the log files
using the built-in log query facility. Microsoft Data Engine (MSDE) logs can be
queried for information contained in any field recorded in the logs.
137
Step: 5 ->If you want to connect statically to ISA server select connect to this ISA
server first option and type ISA server IP address
Installing Antivirus:
Insert the anti-virus CD (KasperSky). And follow the steps. Click next.
141
Then the installation completed successfully. Then click next to start the initial setup
wizard.
143
In update mode select automatically to automate update the antivirus from the
internet. Then press setting command to select the source of the internet.
In password screen
click next.
In anti-Hacker screen
press next.
145
Last step click finish to restart the computer. Which means the installation complete.
146
After doing research on how to make the network safer and last longer, we reached an
agreement of putting more than one antivirus to help protect the computer. Each
antivirus will have its own speciality. We choose to put three antiviruses which are:
1. Norton Antivirus:
Prevents Spy ware.
2. McAfee Antivirus:
Maintenance of a clean and virus free computer
3. ESET NOD 32 antivirus:
Hacker and patch proof. Does not mean that a hacker can
hack this computer or patch it, but will have a very hard time doing so.
147
Wireless
Implementation
Wireless:
148
Standard:
The standard passed through many stages till its coming like this. A group was
developing in the early 1990’s by the Institute of Electrical and Electronics
Engineering (IEEE) to create and develop a standard for wireless equipments. After
researching and developments a standard was finally developed in the year of 1997.
This standard was called 802.11. It specified that there can be no modification to the
upper layer of the OSI model and Wireless Local Area Networks must be
implemented on the physical and data link layers. This helped the connection between
a Local Area Network and Wireless LAN, where it provides ability to run any
operating system on either type of network without any modifications.
802.11:
This frame contains a duration field in which the sending station explicitly indicates
the length of time that its frame will be transmitting on the channel. This value
enables other stations to determine the minimum amount of time (network allocation
vector NAV) for which they defer their access.
802.11 A
802.11 G
Each of them has its features as shown the details below:
802.11 B:
This standard was developed in the end of the year 1999 and it enables the
transmission of 11 Mbps on the wireless LAN or 5.5 Mbps, which in comparison to
the 802.11 standard which only offered 2 Mbps speed. The 802.11 standard was not
efficient enough for most of the network needs which is why 802.11 B was developed.
802.11 A:
When the 802.11B was developed, the 802.11A was also made. This was an upgrade
to the 802.11B, where it has a maximum speed of 54 Mbps and supported speeds from
48 Mbps to the 6 Mbps at a frequency of 5 GHz. The MAC layer functions are the
same but differ in the way they operate in the physical layer. 802.11A is faster because
of an efficient error checking mechanism and sophisticated modulation. Although they
were brought out at the same time in 1999, the 802.11A was not released until late
2001. This was because it was costlier and it caused a backward compatibility with
the 802.11B network.
802.11 G:
Since the 802.11B was cost sufficient but slower than the 802.11A, the IEEE
members decided to combine the best of both types. They finalized there work with
the development of the 802.11G. This new standard was developed to keep the stable
and accepted features of the 802.11B but increase the data speed standards so that it is
comparable to the 802.11A. 802.11G runs on the same RF band as 802.11B which is
2.4 GHz but uses the transmission techniques of 802.11A. The 802.11G permits
vendors to incorporate proprietary techniques that can potentially move the speed of
802.11G to 108 Mbps.
Wireless Configurations:
There are many types of Access Points and wireless network cards Such as (Linksys,
3Com and Cisco. Any one of has its specifications and features.
150
In our project we used 3Com Access points. Because it has many advantages over
others wireless access points especially in the security functions. 3Com access points
not easy to attack or hack because of the type of security and authentication options.
We use in our case 802.11g standard because this type provide many facilities and
advantages then other standards. This kind or this standard is more common than
802.11a and the cost or the prices are coming down. The communications on 2.4 GHz
Frequency. Is backward compatible with 802.11b and Maximum data transmission
rate of 54Mbps. This standard is good indoor range of about 150 feet. Its supporting
and improved security.
We use 3Com wireless access points which has little different configure than other
access points.
First you have to give you computer static IP address for example: 192.168.1.2.
Insert the CD to auto search for access points.
151
Click finish to complete discovery application. From this step access got an IP address
Select 802.11 b/g and change ESSID to Saf 1-1 (1 mean first floor- 1 first access
point)
From this screen we change the IP address and disable DHCP by select Fixed IP
address mode.
156
In security option we have to select WPA which provide more security and
authentication.
In this screen we have to set a password for accessing the access point for secure
purpose. So body can connect to the access point unless has the password.
157
To secure more the LAN from access we used MAC Filtering as shown figure below.
158
To get MAC address use DOS prompt screen and type IPconfig /all
159
The last step show full details about access point configuration
ADSL CONFIGURATION
First select PPPoE internet connection type
162
Select Wireless option from menu bar the change the Wireless Network Name (SIDD)
If you want to block games site or any site that threat of virus.