Network Switching and Routing Course Project

Guidelines

Dr. Mohammed Abdulatef Al-Shargabi

21 – 11 - 2023
 Network Switching and Routing Course Project Guidelines

1- Course Project:
• Assess the security of any LAN network (LAN

security risk assessment )

• Design a secure network for a large company located in

several countries, your network design diagram requires

careful consideration of various factors, including

switching, routing, and security requirements.

• Both Assignments should be uploaded to the following link

not later than 13th week (.doc or .pdf using the following file

name format (Your_name_A1, Your_name_A2)

1
 Network Switching and Routing Course Project Guidelines

2- Network Project Plan:

Here are some steps you should consider during designing such a network:

1. Identify Requirements: Determine the specific requirements of the

network, such as the number of users, types of applications, expected
traffic volume, and security needs. Consider factors like data
confidentiality, integrity, availability, and authentication.

2. Choose Network Equipment: Select appropriate network devices,

including switches, routers, firewalls, and other security appliances.
Consider factors such as performance, scalability, security features
(e.g., encryption, intrusion detection), and compatibility with
existing infrastructure.

3. Address IP Addressing: Determine the IP addressing scheme to be

used across the network. Choose between private or public IP
addresses based on your requirements. Ensure that there is no IP
address overlap between the two cities and plan for future growth.

4. Network Topology: Choose an appropriate network topology based

on the requirements. Common options include a hub-and-spoke
topology, mesh topology, or a hybrid approach. Consider factors like
scalability, redundancy, and ease of management.

2
 Network Switching and Routing Course Project Guidelines

5. Network Segmentation: Divide the network into logical segments or

subnets to improve security and manageability. Use Virtual LANs
(VLANs) to isolate traffic and control access between different
departments, users, or applications.

6. Switching Infrastructure: Select network switches that meet the

bandwidth, performance, and security requirements of the network.
Consider features like VLAN support, Quality of Service (QoS)
capabilities, and traffic monitoring. Implement appropriate security
measures like port security, MAC address filtering, and access
control lists (ACLs).

7. Routing Infrastructure: Choose routing devices (routers or layer 3

switches) to handle intercity traffic and connect the network
segments. Implement dynamic routing protocols like OSPF (Open
Shortest Path First) or EIGRP (Enhanced Interior Gateway Routing
Protocol) to optimize routing and provide redundancy.

8. Encryption: To ensure secure communication between the two

cities, implement encryption mechanisms like Virtual Private
Networks (VPNs). VPNs create an encrypted tunnel over public
networks, allowing data to be securely transmitted between
locations. Consider using protocols like IPsec (Internet Protocol
Security) or SSL/TLS (Secure Sockets Layer/Transport Layer
Security) to establish secure connections.

3
 Network Switching and Routing Course Project Guidelines

9. Firewall and Intrusion Detection/Prevention Systems: Deploy

firewalls to control and monitor incoming and outgoing network
traffic. Use Intrusion Detection Systems (IDS) or Intrusion
Prevention Systems (IPS) to detect and prevent unauthorized access
attempts or malicious activities.

10.Access Control and Authentication: Implement strong access control

mechanisms to restrict network access based on user roles and
privileges. Use technologies like RADIUS (Remote Authentication
Dial-In User Service) or TACACS+ (Terminal Access Controller
Access-Control System Plus) for centralized authentication and
authorization.

11.Redundancy and High Availability: Consider implementing

redundant network components, such as multiple links between
cities and redundant power supplies. Employ techniques like link
aggregation (e.g., LACP - Link Aggregation Control Protocol) for
load balancing and failover mechanisms to ensure high availability.

12.Monitoring and Management: Implement network monitoring tools

to track network performance, detect anomalies, and respond to
security incidents. Use centralized management systems to
configure and manage network devices, enforce security policies,
and apply firmware updates.

4
 Network Switching and Routing Course Project Guidelines

13.Regular Auditing and Updates: Perform periodic security audits to

identify vulnerabilities and address any potential security risks.
Keep network devices up to date with the latest firmware versions
and security patches.

14.Bandwidth Requirements: Assess the bandwidth requirements of the

network based on the anticipated traffic volume and application
usage. Choose network infrastructure that can handle the expected
data transfer rates.

15.Performance Optimization: Optimize network performance by

tuning protocols, managing traffic flow, and minimizing congestion.
This ensures efficient data transmission and responsive user
experience.

16.Physical Security: Ensure the physical security of network

components by placing them in secure locations, such as locked
server rooms or data centers. Implement access controls,
surveillance systems, and environmental monitoring to protect
against physical threats like theft, vandalism, or environmental
hazards.

17.Quality of Service (QoS): Implement QoS mechanisms to prioritize

and manage network traffic based on the application requirements.
For example, voice or video traffic might require higher priority and
lower latency compared to file transfers or email traffic. QoS helps

5
 Network Switching and Routing Course Project Guidelines

ensure that critical applications receive the necessary bandwidth and

performance.

18.Secure Remote Access: If remote access is required, ensure that

remote users can connect to the network securely. Use technologies
like Secure Shell (SSH) or VPNs to establish encrypted connections.
Implement strong authentication mechanisms, such as two-factor
authentication (2FA) or multi-factor authentication (MFA), to verify
the identity of remote users.

19.Security Policies and User Awareness: Develop and enforce security

policies that define acceptable use of the network, password
requirements, data handling procedures, and incident response
protocols. Educate network users about security best practices, such
as avoiding suspicious email attachments, using strong passwords,
and reporting security incidents promptly.

20.Disaster Recovery and Business Continuity: Implement backup and

disaster recovery mechanisms to ensure data resilience and business
continuity. Regularly back up critical data and test the restoration
process. Consider redundant network links, power sources, and
geographically dispersed data centers to minimize the impact of
disruptions.

21.Data Loss Prevention: Implement Data Loss Prevention (DLP)

measures to prevent the unauthorized disclosure or leakage of

6
 Network Switching and Routing Course Project Guidelines

sensitive information. DLP solutions can monitor and control data

transfers, identify sensitive data patterns, and apply policies to
prevent data exfiltration via various channels such as email, web
uploads, or removable media.
22.Endpoint Security: Protect endpoints (such as workstations, laptops,
and mobile devices) by deploying robust endpoint security solutions.
These solutions typically include antivirus/anti-malware software,
host-based firewalls, and device encryption. Regularly update
endpoint software and enforce security policies to mitigate risks
associated with compromised endpoints.

23.Secure Wireless Networking: If wireless connectivity is required,

implement secure wireless networking practices. Use Wi-Fi
Protected Access (WPA2 or WPA3) encryption, strong pre-shared
keys (PSKs) or enterprise-grade authentication (such as 802.1X),
and segment wireless traffic using VLANs to enhance security and
prevent unauthorized access.

24.Regular Security Updates: Keep network devices, operating

systems, and applications up to date with the latest security patches
and firmware updates. Establish a process for monitoring vendor
security advisories and promptly applying patches to address known
vulnerabilities.

25.Security Zones and Demilitarized Zones (DMZs): Implement DMZs

to provide a buffer zone between the internal network and external
entities, such as the internet or partner networks. Place publicly

7
 Network Switching and Routing Course Project Guidelines

accessible servers, such as web servers or email servers, within the

DMZ. Apply strict access controls and use technologies like reverse
proxies or application-level gateways to protect internal resources.

26.Security Auditing and Penetration Testing: Conduct regular security

audits and penetration tests to identify vulnerabilities and assess the
effectiveness of security controls. Engage independent security
professionals or firms to perform comprehensive assessments and
provide recommendations for improving network security.