4 Assessment Details and Submission Guidelines Unit Code BN305 Unit Title Virtual Private Network Assessment Type Assessment Title Assignment 2 – VPN Network Design for Small and Medium Enterprise...

Title of the assignment: VPN for SME
Student’s name:
Professor’s name:
Course title: BN305 (Assignment – 2)
Date: 3/20/2019
Table of Contents
1.    Introduction    3
2.    Scope of VPN and its limitations    3
3.    Requirements for VPN to SME    5
4.    Developed solution of VPN for SME    6
5.    Security policies and their features    10
6.    VPN deployment for client and server    11
7.    References:    12
1. Introduction
The information technology is the most important and essential requirements of modern SME (small and medium enterprises) for effectively executing their business processes. The dataflow for the organizational operations can be easily understood by the employees because of IT involvement. The reliable and most importantly secured networks are most essential for modern SME’s. Thus, the requirements of reliable and secured networks to any SME can easily be fulfilled by the VPN (virtual private network) easily. The secured connective with different branches through internet makes VPN as the most effective connectivity solution. For the presented assignment, I will try to develop the logical as well as physical design of VPN to connect two branches located in two cities for a SME.
2. Scope of VPN and its limitations
The VPN implementation requires division in two important phases in which the initial phase is related to design of cables used in VPN, design of wireless LAN, implementation of required network configuration, intranet configuration and capability enhancement with improvements in services of 2 & 3 layers of implemented model. In trailing phases, the identification of VPN redundancies is mainly done. The core switches with required redundancies are selected in this phase. The implementation of remote access, firewall, future extension of servers and IPsec are carried out in this phase. The assumptions required for implementation of VPN are listed below:
1. The implementation of VPN requires proper analysis of financial condition of SME as some new equipments will also requires to be purchased.
2. The documentation related to configuration of hardware in existing network are required.
3. The physical and logical designs of existing network in both cities of SME are also required.
The implementation of VPN for any SME requires an effective design strategy so that required VPN results can be obtained. Thus, key points of this design strategy for VPN implementation in SME to connect two cities are listed below:
1. Encrypt the important and sensitive data.
2. Implement strong authentication for all employees and other users.
3. The presented network must be simple but robust in nature.
4. The firewall must be used before implementation of any server.
5. Make installation of a detection system to detect all possible intrusions.
6. The users using BYOD concept must provide required authentication and its policy must be effective.
7. Regular monitoring of network data is essential.
8. The limited and secured downloads are allowed to all employees.
9. Effective monitoring of data packet source address is essential.
10. All unnecessary deployments of certain services must be prohibited.
The implementation of VPN for any SME also brings certain risks, so, risk identification with proper mitigation strategy requires identification. So, the VPN implementation risks with mitigation strategies are listed below:
1. It is possible that shortage of finance may occur in VPN implementation for SME, so, some backup in finance is required.
2. While migrating to VPN, the crash of server may occur, so, all data must be backup before starting the migration process.
The VPN brings different possible advantages to SME’s but certain limitations are also their which are listed below:
1. The intranet development on bases of internet is carried out in VPN, thus, organization have limited controls on it.
2. The internet speed defines the performance of VPN.
3. Internet is based on public network so security issues are also there.
4. The used hardware in VPN implementation may also cause issues.
3. Requirements for VPN to SME
The requirement analysis for implementing VPN in any SME is carried out in three parts which are explained below:
1. Wireless access: The certificated of authentication must be used to authorize users to use VPN services. All connected devices must be in protection of firewall and anti-virus programs. The VPN must allow only secured devices to make connection. The policy for internet access for employees must be strong. Adoption of effective encryption must be carried out. Both the branches of SME must have high rate of signal coverage.
2. VPN security requirements: The firewall must be used before all server implementations. Proper authentication for all users to maintain security of VPN is essential. Make installation of a detection system to detect all possible intrusions. The users using BYOD concept must provide required authentication and its policy must be effective. Regular monitoring of network data is essential. The limited and secured downloads are allowed to all employees. Effective monitoring of data packet source address is essential.
3. VPN network requirements: More than one GBPS data rate is required in VPN. IPsec must implement to maintain security in VPN. The switches with 32 or 64 ports can be considered. Different network zones must be used in both branches of SME. DHCP can assign required IP addresses. The IPv4 network addresses will be preferred.
4. Developed solution of VPN for SME
The implementation of VPN for any SME requires different networking components and these required networking components for VPN implementation in any SME are listed and explained below:
1. Firewall: This is the core element which acts as the primary defense line to VPN of SME. It blocks all unwanted packets of passing data through the VPN. The required authentication in VPN implementation can easily be implemented with help of firewall.
2. Routers: The delivery of data packets from one branch to other requires connection of internet and branch VPN is connected to internet through the routers.
3. Modem: for providing internet services required to maintain the connection of one branch with other, modem are the most import VPN component.
4. Core switches: The network gateway for VPN is developed by the help of core switches. The final VPN implementation with high capacity is assured by these core switches.
5. Distributed switches: For controlling the Ethernet in VPN implementation, distributed switches are being used. For maintaining the network access through Ethernet, these switches are connected to core switches of VPN.
6. WAP: For providing wireless connectivity in both branches, the WAP devices are connected to routers used in that physical network.
7. Servers: All SME’s will generate and collect data and this data is required for so many different operations. This data is stored on the deployed servers. The migration to VPN also requires a backup server to hold the database of SME.
Based on the above mentioned networking components, the required logical design for VPN implementation in SME connecting two branches is developed. Both the branches located in different cities can easily be connected through VPN from below presented logical design:
Figure 1: Logical design
For developing the physical design, I have assumed that both branches located in different cities are identical and having same implementations, so, both the branches located in different cities can easily be connected through VPN from below presented physical design:
Figure 2: physical design
Here, M is used for modem, A is used for WAP, C is used for core switches, D is used for distributed switches, F is used for firewall, R is used for router, and S is used for servers.
The implementation of VPN for any SME connecting two branches requires selection of topology required to connect end users and other devices. As implemented branch shown in physical design are having star topology, so, star topology is recommended to connect all branches and related end user devices. By using the star topology in the physical implementation the addition or deletion of any node or device becomes very easy for the network administrator. The diagram to show the implementation of star topology for connecting two branches is shown in below diagram:
Figure 3: star topology
The implementation of VPN in any SME requires allocation of IP addresses so that required communication for identified nodes can be developed. The table to show the IPv4 addressing for both branches located in different cities is shown below:
    Domain
    Mask
    Network
    Host range
    Total IP
    First branch
    
    Cluster 1
    /28
    172.15.0.0
    172. 15.0.1
    172. 15.0.14
    14
    Cluster 2
    /28
    172. 15.0.16
    172. 15.0.17
    172. 15.0.30
    14
    Cluster 3
    /28
    172. 15.0.32
    172. 15.0.33
    172. 15.0.46
    14
    Cluster 4
    /28
    172. 15.0.48
    172. 15.0.49
    172. 15.0.62
    14
    Cluster 5
    /28
    172. 15.0.64
    172. 15.0.65
    172. 15.0.78
    14
    Cluster 6
    /28
    172. 15.0.80
    172. 15.0.81
    172. 15.0.94
    14
    Cluster 7
    /28
    172. 15.0.96
    172. 15.0.97
    172.15.0.110
    14
    Cluster 8
    /28
    172. 15.0.112
    172.15.0.113
    172.15.0.126
    14
    Cluster 9
    /28
    172. 15.0.128
    172.15.0.129
    172.15.0.142
    14
    Cluster 10
    /28
    172. 15.0.144
    172.15.0.145
    172.15.0.158
    14
    Second branch
    
    Cluster 11
    /28
    172. 15.0.176
    172.15.0.177
    172.15.0.190
    14
    Cluster 12
    /28
    172. 15.0.192
    172.15.0.193
    172.15.0.206
    14
    Cluster 13
    /28
    172. 15.0.208
    172.15.0.209
    172.15.0.222
    14
    Cluster 14
    /28
    172. 15.0.224
    172.15.0.225
    172.15.0.238
    14
    Cluster 15
    /28
    172. 15.0.240
    172.15.0.241
    172.15.0.254
    14
    Cluster 16
    /27
    192.168.0.0
    192.168.1.1
    192.168.1.30
    30
5. Security policies and their features
The implementation of VPN for any SME requires development of security policies with certain defined features. Data protection is the primary and main concern in development of VPN. As VPN is totally based on internet services, thus, security policies require deep implications for SME’s. The key points of security policy developed to implement VPN for connecting two branches are listed below:
1. Plans for failure condition: The VPN must have a plan for failure condition. The failure of any node, switch or router must not affect the working conditions of complete VPN. Thus, this must be developed.
2. Education of end user: The security of data must be aware to all the working employees in both branches. The safety and importance of sensitive data must be known to employees working in both branches. Regular workshops for exercising the required security precautions will help to maintain security of data on VPN.
3. Cache clearing: The web cookies and other cookies store the sensitive information like passwords and user names. Thus, each user must delete all cookies and clear the cache of system when the developed session of working is completed. The data stealing can also be prevented by cache clearing.
4. Keystroke detection of spam emails: The keystroke detection of spam emails is must be included in the security policy to ensure the security of VPN. The authentication on bases of biometric devices is also a key stone of security policy.
6. VPN deployment for client and server
The implementation of VPN for any SME requires certain commands and procedures for VPN deployment to its servers and clients. The procedure to set server VPN to connect two branches are listed below:
1. Download and run the openVPN.
2. Provide your IP address and 1194 port no. during installation.
3. Select DNS server of Google and provide client name.
4. It will automatically add firewall and your VPN server is ready to use.
5. Certain commands to start stop and restart VPN servers can be used.
The procedure to set client VPN to connect two branches are listed below:
1. Download and run the openVPN.
2. Copy the provided client file for configuration.
3. Use command to check connectivity and restart to system to make connection to VPN.
7. References:
Barr, A. J., Deakin, O. M., Nicholson, R. B., & Thorne, C. J. (2016). U.S. Patent No. 9,288,234. Washington, DC: U.S. Patent and Trademark Office.
Bhardwaj, A., Subrahmanyam, G. V. B., Avasthi, V., & Sastry, H. (2016). Design a Resilient Network Infrastructure Security Policy Framework. Indian Journal of Science and Technology, 9, 19.
Bibraj, R., Chug, S., Nath, S. A. N. K. A. R., & Singh, S. L. (2018). Technical study of remote access VPN and its advantages over site to site VPN to analyze the possibility of hybrid setups at radar stations with evolving mobile communication technology. MAUSAM, 69(1), 97-102.
Polezhaev, P., Shukhman, A., & Ushakov, Y. (2015, October). Implementation of dynamically autoconfigured multiservice multipoint VPN. In 2015 9th International Conference on Application of Information and Communication Technologies (AICT) (pp. 211-215). IEEE.
Vidal, S., Amaro, J. R., Viotti, E., Giachino, M., & Grampin, E. (2016, August). Rauflow: Building virtual private networks with mpls and openflow. In Proceedings of the 2016 workshop on Fostering Latin-American Research in Data Communication Networks (pp. 25-27). ACM.
        2