Islamic Republic Of Afghanistan Islamic Republic Of Afghanistan Kabul UniversityKabul University

Computer science Faculty Computer science Faculty ProposalProposal

IImplementing LAN Kabul University mplementing LAN Kabul University Kabul Afghanistan.Kabul Afghanistan.

Design and Documentation By:Design and Documentation By:Computer Science Student Computer Science Student

Third Class Third Class    

CONTENTSCONTENTS

PROPOSED SystemsPROPOSED Systems MapMap ServersServers DesignDesign

PROPOSED SYSTEMPROPOSED SYSTEM

The proposed system is capable of meeting all The proposed system is capable of meeting all requirements of Kabul University and eliminates requirements of Kabul University and eliminates the drawbacks, which makes LAN efficient and the drawbacks, which makes LAN efficient and highly secure and demanding.highly secure and demanding.

It will also result in reduced operating cost and It will also result in reduced operating cost and significant improvement in the ability of significant improvement in the ability of organization to provide more improved and organization to provide more improved and quick services to users and consequently, to quick services to users and consequently, to general public. general public.

ADVANTAGES OF PROPOSED ADVANTAGES OF PROPOSED SYSTEMSYSTEM

Security:Security: Now days in world of I.T the main concern of Now days in world of I.T the main concern of

organizations from all over the word is security. There organizations from all over the word is security. There are two different aspect of security. One focuses mainly are two different aspect of security. One focuses mainly on external threats and other on internal threats with in on external threats and other on internal threats with in the organization. The internal network must be protected the organization. The internal network must be protected from both these threats. The LAN must be kept highly from both these threats. The LAN must be kept highly secure and in order to ensure that all the important data secure and in order to ensure that all the important data and valuable asset of organization are hidden from the and valuable asset of organization are hidden from the snooping eye.snooping eye.

The proposed system is highly secure and it will impose The proposed system is highly secure and it will impose all security measures for external and internal threats. It all security measures for external and internal threats. It will consist of strong firewall protection on the gateway to will consist of strong firewall protection on the gateway to internet and external access. Network will be controlled internet and external access. Network will be controlled from centralized location using active directory domain.from centralized location using active directory domain.

Centralized controlCentralized control

Proposed system is constructed on the Proposed system is constructed on the principle of centralized controlled i.e. the principle of centralized controlled i.e. the whole network operation is controlled from whole network operation is controlled from a central location. This will give granolas a central location. This will give granolas control to the system administrator over all control to the system administrator over all the network resources and no one will be the network resources and no one will be able to miss use any important assets of able to miss use any important assets of the organization without proper permission the organization without proper permission over it.over it.

GREATER PROCESSING SPEEDGREATER PROCESSING SPEED

The proposed system will be constructed The proposed system will be constructed using the latest and fasted technology using the latest and fasted technology available in the market due to which end available in the market due to which end users will experience greater processing users will experience greater processing speed both in the LAN as well as WAN speed both in the LAN as well as WAN side access. Response time will increase side access. Response time will increase where as decreasing the delay time.where as decreasing the delay time.

FASTER INFORMATION FASTER INFORMATION RETRIEVELRETRIEVEL

Important information will always available Important information will always available to users in no time. A separate servers is to users in no time. A separate servers is responsible of hosting different information responsible of hosting different information and will be capable of handling all users and will be capable of handling all users request smoothly thus minimizing request smoothly thus minimizing response time.response time.

99.99% data availability & uptime99.99% data availability & uptime

The proposed system will be constructed The proposed system will be constructed in such a manner that ensures 99.99%in such a manner that ensures 99.99% data availability &data availability & uptime. Latest uptime. Latest equipments and technology will be used in equipments and technology will be used in order to achieve this goal.order to achieve this goal.

FLEXIBILITYFLEXIBILITY

The proposed system is very flexible The proposed system is very flexible system and is capable of accommodating system and is capable of accommodating any change that occurs in future both in any change that occurs in future both in the physical and logical layout of the the physical and logical layout of the Building Building

BETTER ACCURACY AND BETTER ACCURACY AND IMPROVED CONSISTENCYIMPROVED CONSISTENCY

Some times information system projects Some times information system projects are initiated to improve the accuracy of the are initiated to improve the accuracy of the processing data or ensure that a processing data or ensure that a procedure prescribing how to do a specific procedure prescribing how to do a specific task is always followed. I f properly task is always followed. I f properly designed and implemented, there is no designed and implemented, there is no change of error on part of computer, A change of error on part of computer, A computer can maintain accurate and computer can maintain accurate and consistent database, hence resulting in an consistent database, hence resulting in an improved performance.improved performance.

RELIABILITYRELIABILITY

A high degree of reliability is designed in A high degree of reliability is designed in the system by incorporating good internal the system by incorporating good internal controls.controls.

MapMap

MapMap

Faculty MapFaculty Map

Server FarmServer Farm

DMZDMZ

Domain controllerDomain controller A collection of computers & servers that are part of the A collection of computers & servers that are part of the

same centralized database . same centralized database . Centralized User/Group Authentication -the ability to Centralized User/Group Authentication -the ability to

log on one .log on one . time and access resources throughout the domain. time and access resources throughout the domain. Centralized Security -the ability to control the Centralized Security -the ability to control the

user/computer environment, from one computer, across user/computer environment, from one computer, across the whole network . the whole network .

Searchable Database of resources including users , Searchable Database of resources including users , computers ,shared folders printers and more. computers ,shared folders printers and more.

Very Scaleable - small companies and large companies Very Scaleable - small companies and large companies

Backup domain controller and Backup domain controller and secondary DNSsecondary DNS

IF a problem occur with server that has IF a problem occur with server that has install domain controller and primary DNS install domain controller and primary DNS administrator also capable to manage and administrator also capable to manage and control network without a problem.control network without a problem.

DNS serverDNS server

In using of domain it is necessary to use In using of domain it is necessary to use DNS-server.DNS-server.

This server change ip to name and name This server change ip to name and name to ip.to ip.

For flexibility user used from name instead For flexibility user used from name instead of IP.of IP.

Log serverLog server

It use for monitoring of network.It use for monitoring of network.This server store all information thatThis server store all information that

occur in the entire network.occur in the entire network.

For example: if someone want hack For example: if someone want hack

our network it will be store in log serverour network it will be store in log server

so we can find hacker. so we can find hacker.

FTP serverFTP server It is use for uploading and downloadingIt is use for uploading and downloading files in network.files in network. In this server, permission create that whoIn this server, permission create that who can upload and download data in specific can upload and download data in specific size of information. size of information.

File serverFile server

It use for storing data.It use for storing data.This server contain all information and This server contain all information and

books for every faculty.books for every faculty. It contain folders for every subject.It contain folders for every subject.Administrator determine who (students Administrator determine who (students

and teachers) should use which folder.and teachers) should use which folder.

WSUS serverWSUS server

If use license OS .If use license OS . It is necessary for get updating It is necessary for get updating You will read how to update and configure You will read how to update and configure

Automatic Updates on client workstations Automatic Updates on client workstations and and servers that will be updated by WSUS servers that will be updated by WSUS

SQL serverSQL server

It provides an environment used to It provides an environment used to generate databases that can be accessed generate databases that can be accessed from workstations, the web, or other media from workstations, the web, or other media such as a personal digital assistant (PDA). such as a personal digital assistant (PDA).

It is used for Kabul-University database It is used for Kabul-University database that contain all information about students that contain all information about students and teachers.and teachers.

Exchange serverExchange server

Also called mail server.Also called mail server. It make local mail if source and destination It make local mail if source and destination

are in same domain.are in same domain. It make mail secure and fast forward.It make mail secure and fast forward.Administrator can reset password if user Administrator can reset password if user

forgot password.forgot password.

SMTP serverSMTP server A SMTP relay is a machine that will accept incoming and A SMTP relay is a machine that will accept incoming and

outgoing emails and that will then forward them on to their outgoing emails and that will then forward them on to their configured destinations. configured destinations.

Increases security by preventing Internet SMTP servers from Increases security by preventing Internet SMTP servers from directly contacting the Exchange Server. directly contacting the Exchange Server.

Can filter inbound email for viruses or SPAM BEFORE they Can filter inbound email for viruses or SPAM BEFORE they reach the Exchange Server. reach the Exchange Server.

Can filter outbound email for viruses before they are sent over Can filter outbound email for viruses before they are sent over the Internet. the Internet.

Decreases the workload on the Exchange Server by taking care Decreases the workload on the Exchange Server by taking care of CPU-intensive tasks before forwarding the email on to the of CPU-intensive tasks before forwarding the email on to the Exchange Server. Exchange Server.

Can be configured to provide a secure, SMTP server so that your Can be configured to provide a secure, SMTP server so that your remote users can send email over the Internet when they are out remote users can send email over the Internet when they are out of the office. of the office.

Proxy serverProxy server For security, legal compliance and also monitoring For security, legal compliance and also monitoring

reasons, in a business environment, some enterprises reasons, in a business environment, some enterprises install a proxy server within the DMZ. install a proxy server within the DMZ.

Obliges the internal users (usually employees) to Obliges the internal users (usually employees) to use the proxy to get Internet access. use the proxy to get Internet access.

·· Allows the company to reduce Internet access Allows the company to reduce Internet access bandwidth requirements because some of the web bandwidth requirements because some of the web content may be cached by the proxy server. content may be cached by the proxy server.

·· Simplifies the recording and monitoring of user Simplifies the recording and monitoring of user activities and block content violating acceptable use activities and block content violating acceptable use policies. policies.

Reverse proxy serversReverse proxy servers

A reverse proxy server provides the same service as a A reverse proxy server provides the same service as a proxy server, but the other way around. Instead of providing proxy server, but the other way around. Instead of providing a service to internal users, it provides indirect access to a service to internal users, it provides indirect access to internal resources from an external network (usually the internal resources from an external network (usually the Internet). A back office application access, such as an email Internet). A back office application access, such as an email system, can be provided to external users (to read emails system, can be provided to external users (to read emails while outside the company) but the remote user does not while outside the company) but the remote user does not have direct access to his email server. Only the reverse have direct access to his email server. Only the reverse proxy server can physically access the internal email server. proxy server can physically access the internal email server. This is an extra layer of security, which is particularly This is an extra layer of security, which is particularly recommended when internal resources need to be recommended when internal resources need to be accessed from the outside. Usually such a reverse proxy accessed from the outside. Usually such a reverse proxy mechanism is provided by using an application layer firewall mechanism is provided by using an application layer firewall as they focus on the specific shape of the traffic rather than as they focus on the specific shape of the traffic rather than controlling access to specific TCP and UDP ports as a controlling access to specific TCP and UDP ports as a packet filter firewall does.packet filter firewall does.

Vioce serverVioce server

Because using of Ip-telephony it is need Because using of Ip-telephony it is need for control of calls and signalings.for control of calls and signalings.

Web serverWeb server

Web server may need to communicate Web server may need to communicate with an internal database to provide some with an internal database to provide some specialized services. specialized services.

It has information and news about Kabul-It has information and news about Kabul-University that other people can aware.University that other people can aware.

VPN serverVPN server

It is used for client that from outside of It is used for client that from outside of network want access.network want access.

The access is secure and fast.The access is secure and fast.There is software base vpn but it make There is software base vpn but it make

load to network.load to network.Also can configure this server in firewall if Also can configure this server in firewall if

it support this.it support this.

Anti Virus serverAnti Virus server

It runs anti virus software in all computer It runs anti virus software in all computer that are under control of domain.that are under control of domain.

It also send update anti virus software to It also send update anti virus software to all computers in specific time.all computers in specific time.

It use less bandwidth during update time It use less bandwidth during update time for all clients.for all clients.

OSPF protocolOSPF protocol The biggest advantage of OSPF is that it is efficient; OSPF requires very The biggest advantage of OSPF is that it is efficient; OSPF requires very

little network overhead even in very large networks. The biggest little network overhead even in very large networks. The biggest disadvantage of OSPF is its complexity; OSPF requires proper planning disadvantage of OSPF is its complexity; OSPF requires proper planning and is more difficult to configure and administer.and is more difficult to configure and administer.

OSPF uses a Shortest Path First (SPF) algorithm to compute routes in OSPF uses a Shortest Path First (SPF) algorithm to compute routes in the routing table. The SPF algorithm computes the shortest (least cost) the routing table. The SPF algorithm computes the shortest (least cost) path between the router and all the subnets of the network. SPF-path between the router and all the subnets of the network. SPF-calculated routes are always loop-free.calculated routes are always loop-free.

Changes to network topology are efficiently flooded across the entire Changes to network topology are efficiently flooded across the entire network to ensure that the link state database on each router is network to ensure that the link state database on each router is synchronized and accurate at all times. Upon receiving changes to the synchronized and accurate at all times. Upon receiving changes to the link state database, the routing table is recalculated.link state database, the routing table is recalculated.

As the size of the link state database increases, memory requirements As the size of the link state database increases, memory requirements and route computation times increase. To address this scaling problem, and route computation times increase. To address this scaling problem, OSPF divides the network into areas (collections of contiguous OSPF divides the network into areas (collections of contiguous networks) that are connected to each other through a backbone area. networks) that are connected to each other through a backbone area. Each router only keeps a link state database for those areas that are Each router only keeps a link state database for those areas that are connected to the router. Area border routers (ABRs) connect the connected to the router. Area border routers (ABRs) connect the backbone area to other areas.backbone area to other areas.

Juniper FirewallJuniper Firewall

For security of network and prevent of For security of network and prevent of hacking we install hardware firewall.hacking we install hardware firewall.

Juniper model 5600 is very public today.Juniper model 5600 is very public today. It can support proxy server and reverse It can support proxy server and reverse

proxy server.proxy server.

DesignDesign

Servers:Servers: LAN will include Domain controller, Backup LAN will include Domain controller, Backup

domain controller, DNS, Log server, FTP Server, domain controller, DNS, Log server, FTP Server, File Server, WSUS server, SQL server, File Server, WSUS server, SQL server, Exchange server, SMTP server, Anti virus Exchange server, SMTP server, Anti virus server, Web servers, VPN server and Anti virus server, Web servers, VPN server and Anti virus server.server.

All servers have install Unix Os.All servers have install Unix Os.

DesignDesign

Add redundant router in NOC.Add redundant router in NOC.Add redundant swiths in NOC.Add redundant swiths in NOC.Use redundant UPS in server form.Use redundant UPS in server form.Add muliplixer, camera and other devices Add muliplixer, camera and other devices

for video conferancig in server farm of for video conferancig in server farm of every faculty and connect to swith.every faculty and connect to swith.

Add voip device in every faculty.Add voip device in every faculty. Use OSPF protocol.Use OSPF protocol.

DesignDesign Add patch panel in every faculty and connect two core of Add patch panel in every faculty and connect two core of

fiber optic cable for power redundancy and load fiber optic cable for power redundancy and load balancing.balancing.

Map one public in NOC router ip address for every video Map one public in NOC router ip address for every video conferancig device in each faculty that can use video conferancig device in each faculty that can use video services.services.

In NOC router configure bandwidth that every faculty In NOC router configure bandwidth that every faculty use specific bandwidth during using of internet.use specific bandwidth during using of internet.

Configure DHCP in every switch faculty.Configure DHCP in every switch faculty. Configure NAT mechanism in NOC router.Configure NAT mechanism in NOC router.

DesignDesign

Remove previous firewall , because Remove previous firewall , because network is secure and they make load.network is secure and they make load.

It is use duel firewall so need two same It is use duel firewall so need two same juniper firewall.juniper firewall.

Configure QOS and periority in swiths and Configure QOS and periority in swiths and routers.routers.

If do not use this kind of firewall may need If do not use this kind of firewall may need proxy server and reverse proxy server.proxy server and reverse proxy server.

Prepared by:Prepared by:

Fatima ‘Afzali’ Fatima ‘Afzali’ Farangis ‘Jamalzada’Farangis ‘Jamalzada’ Diana ‘Farahmand’Diana ‘Farahmand’ Zahra ‘Shefa’Zahra ‘Shefa’ Zarmina ‘Addel’Zarmina ‘Addel’ Jamila ‘Jalalzai’Jamila ‘Jalalzai’ Arezo ‘Muahmadi’Arezo ‘Muahmadi’ Sediqa ‘Ahmady’Sediqa ‘Ahmady’ Mushtary ‘Khawjazada’Mushtary ‘Khawjazada’ Aria ‘Kazim’Aria ‘Kazim’