PACE-IT: Implementing a Basic Network - N10 006

Implementing a basic network.

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certification

PC Hardware

Network Administration

IT Project Management

Network Design

User Training

IT Troubleshooting

Qualifications Summary

Education

M.B.A., IT Management, Western Governor’s University

B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions.

Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.


– Plan the network.

– Configure the network.

PACE-IT.

Plan the network.Implementing a basic network.

Plan the network.

Need a simple SOHO? Great, just plug two PCs into a single hub and you have a basic network. But does it achieve what you want?

How do you know without a plan? A network plan is vital when implementing any network more complicated than the most basic. The plan should cover what you are hoping to achieve and how you are going to get there. In addition to your expertise, you are also going to need input from your end users. Nothing is quite so frustrating as delivering the network and having customers tell you it is not what they wanted.


Plan the network.

– List of requirements.» Define why the network is needed.» Define what network features are required.» Define the scope of the network.» Establish a budget to implement the network.

– Network design.» What equipment is needed to implement the network?» How will the network be organized?» How will shared resources be placed on the network?

– Compatibility issues.» What standards are in play now and what standards

will there be in the future?» Does any current equipment require specific cabling or

connection types?


Plan the network.

– Internal connections.» How many node connections will be required?» How will future expansion be planned?

– External connections.» How will the network connect to the outside?

– Network equipment placement.» Is there a wiring/equipment closet?» What environmental considerations are there for the

placement of equipment?

– How will network security be implemented?

» Are there firewall type and placement considerations?» Will VLANs be required and, if so, how many?» How will port security be implemented?


Configure the network.Implementing a basic network.

Configure the network.

– Network configuration considerations.

» How clients will receive their IP addresses:• Using static IP address configuration creates more

security, but is harder to manage.• Using Dynamic Host Configuration Protocol (DHCP) to

automatically assign IP addresses from a pre-configured pool.

» MAC filtering will only allow specified MAC addresses onto the network. It is an effective security measure, but it can be difficult to control.

» A demilitarized zone (DMZ) will be required if a server will be hosted on the network that needs to be accessed from outside the network (e.g., a Web server).

• The DMZ is an area of the network in which outside connections are allowed, while the internal network remains protected.

• A DMZ will require a custom configuration of the firewall; in most implementations, two firewalls are used.



– Network configuration considerations continued.

» Firewall placement and configuration considerations:• Most SOHO WAN connection devices include firewall

services that are sufficient in most cases.• If a DMZ needs to be deployed, the best method is to

introduce an additional router and firewall into the network, with the DMZ residing between the WAN equipment and the new router/firewall combination.

• If a DMZ is deployed, port forwarding should also be used at the router/firewall level.

» Router/firewall configuration considerations:• In the situation of a DMZ or hosted service, port

forwarding needs to be configured.• Port forwarding is used to direct requests for

specific resources (like a request for a Web page) to the computer that has the resource.



– Wireless network configuration considerations.

» The name of the wireless network will need to be determined; this is called the service set identifier (SSID).

• The SSID can be set to broadcast in the clear. • The SSID can alternatively be set for the broadcast to

be hidden.» Encryption needs to be turned on (by default wireless

routers and WAPs do not have encryption enabled) and, at the minimum, WPA2-Personal should be enabled.

» Some wireless networking equipment comes with Wi-Fi Protected Setup (WPS) enabled by default. This should be turned off and not used, as it creates a weakness in the wireless network.

• WPS can be easily exploited by an attacker.



The network that you implement may not be exactly what you planned, so document any changes to the plan.

Undoubtedly, during the process of implementing the plan, some changes will be introduced—either by you or at the request of the end users. Always document the changes to the plan and the reasons for them. Then, be sure to incorporate those changes into the final network documentation.


What was covered.Implementing a basic network.

A network plan is vital when implementing any network more complicated than the most basic one. At the minimum the plan should include a list of requirements, a network design, compatibility considerations, a list of internal and external connections, a list of where equipment will be placed, and a means of implementing security.

Topic

Plan the network.

Summary

Configuration considerations include IP address assignment, MAC filtering, DMZ configuration (when required), firewall placement and configuration, and router configuration. For wireless networks, additional configuration considerations include: SSID (network’s name), SSID broadcast type, and encryption method.


THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.

PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.

PACE-IT: Implementing a Basic Network - N10 006

Documents

Transcript of PACE-IT: Implementing a Basic Network - N10 006