This project provides an opportunity for students to apply their understanding of practical security concepts, network design and security implementation skills gained from lectures, studying the online curriculum, discussion as well as self-study and online research.
You are required to design, setup and implement a secure network infrastructure for a TAFE NSW. You need to do your research in order to provide a through and workable design. You should also show your research results in your written report.
To complete this Project properly with all required documentations is not a trivial task. It is important that you read and understand each requirement and complete all tasks as study progress.
Due date for the project is 12:00pm, Friday, 24th May 2019 (week 12). You need to submit a written report (Microsoft word .docx format) and a working Packet Tracer file (.pkt format). Use the link in Moodle for submission.
General Requirements and suggestions
1. This Report is to be completed as group work. Form a group of 2-3 members. Submit group members’ details to the instructor on or before week 8. If you don't have a group, you can still do it by your own. Be aware that it may involve more work by working alone.
2. You should plan and complete the Report on a weekly basis so that all tasks can be completed properly. Leaving the Report to the very last day(s) will result in an unprofessional research report.
3. The configuration must be working and is based on your Topology design.
4. Use Packet Tracer version 7.1 for your configuration.
5. Some part of your design may not work in Packet Tracer. You can include a Limitation section in your report to show that you plan to and can do the parts that are not supported in Packet Tracer.
6. All information sources must be appropriately acknowledged and a full bibliography is required. Failure to do so could result in severe penalties.
7. Research using internet would be helpful. Make sure you state the source of the materials. Refer to the referencing format in Moodle.
8. Plagiarism: It is expected that this will be completely your own work. Therefore using the “cut and paste” approach will not be accepted. TurnItIn would be helpful in checking the percentage of your own work. Check Moodle for how to submit using TurnItIn.
TAFE NSW is an Australian vocational education and training provider. Annually, the network trains over 500,000 students in campus, workplace, online, or distance education methods of education.
The current NSW State Government has a plan to restructure TAFE NSW. Meadowbank TAFE has been chosen and will be transformed into the State’s first technology focused TAFE campus, the so-called ‘IT-Hub’.
In the proposed plan, building P of Meadowbank TAFE will be renovated/rebuilt into a Data Center. The Data Center is going to store data generated by TAFE campuses all over the State. These stored data can be retrieved from any campus through a secure channel. Staff who works at home can also retrieve data through SSL VPN using their home internet connection.
TAFE NSW has hired your company, a leading IT consultation company, to put together an implementation need analysis and a small scale pilot test of the future configurations.
The need analysis should focus on the physical security of the transformed building P and the pilot test should include a small scale topology as well as a fully functioning configuration.
Your task is 2-folds:
1. put together an need analysis and physical security implementation plan for the ‘new’ building P
2. set up and test configuration on a small scale of the proposed network topology.
Need analysis and implementation plan of Building P:
Building P will become the Data Center of TAFE NSW. The plan is to build a tier 2 or tier 3 data center at this early stage. You need to choose one of it as part of your recommendation. You are required to focus on the needs of physical security and how to fulfill the needs in your implementation plan. You may/should include, but not limited to the followings:
- Surrounding environment,
- Physical access and monitor,
- HVAC, etc.
Pilot test of Network configuration:
Use Cisco Packet Tracer version 7.1 for the configuration. Your small scale network should include a site for the Data Center, a site for the campus LAN network of your choice. Communication between the data center and the campus should be secured. ASA firewalls are installed on both sites. You should also include some remote users’ connections. Industrial best practice and recommendations should be adopted. For the campus of your choice, you should also consider, but not limited to:
- DHCP service,
- Server-based AAA service, with TACACS+ and/or RADIUS servers,
- NTP, Web Server, FTP Server, TFTP server, etc.
- LAN security,
- Syslog Server,
- ASA firewalls,
- Authenticate devices connected to the network through switch ports.
To ensure that you can apply most of the knowledge, make sure you are using the latest IOS you can get for all the devices. You should also make sure that your ASA Firewall is running the latest IOS, and upgrade from base licence to Security Plus licence. To use Security Plus licence on ASA Firewall, configure the activation-key using the follow command:
ASA# activation-key 0x1321CF73 0xFCB68F7E 0x801111DC 0xB554E4A4 0x0F3E008D
The version of Packet Tracer (v7.1) can only support most of the configuration you may need in this project. However, there may still be some commands/configurations, according to your design, that may not be supported. If this is the case, you can include these design and configurations in your recommendation. Marks will be deducted if you put configuration/commands that are supported by Packet Tracer in the recommendation.
You are required to deliver a professional piece of work and a working Packet Tracer file. The report is expected to be concise, systematic and well-organised in a logical manner. A descriptive report is not recommended. The length of the body of the report should be between 2000 - 3000 words (excluding IP address scheme, page title, abstract, references and appendix, etc.). The report must have a cover page. Supporting materials and references should be part of the Appendix.
Your report should include, but not limited to, the following sections:
- An abstract summarizing your report
- A table of contents
- The objectives of the report
- Network Topology
- Research and discussion about your choice of design
- Conclusions and/or Recommendations
Your Packet Tracer file should have:
- the test network topology you designed
- fully working configurations which match the contents of your report.
* You must use Packet Tracer v7.1
If you use a different way to configure your design other than Packet Tracer, you have to convert your final configurations into Packet Tracer:
- commands that do not supported by Packet Tracer should be included in the written report
Your report will be assessed based on:
- Neatness and professional presentation
- Show your understanding of IT security requirement, in the context of modern corporate environment
- Scope and areas covered.
- Rationales for your design, suggestions and recommendations
- How practical are your recommendations
- A general, basic or even shallow discussion will ended up with bad result
- Extensive and in-depth discussion will get you good mark.
Report submission (Turnitin)
You need to submit your work using the link in Moodle. If you are not familiar with Turnitin, refer to the Turnitin Guide for Students in Useful Resources in Moodle. Make sure only ONE member of your group submits the report and the working Packet Tracer file. Name you report and Packet Tracer file as follow:
Incorrect filename and format will not be marked.
Late submission: for every day delay, 5 marks will be deduced from your final score.
Plagiarism is considered academic dishonesty. To avoid a charge of plagiarism, all idea/work which is not your own original idea/work must be cited appropriately. Consequences of plagiarism will result in zero mark. To the extreme, you may end up being suspended or expelled.
You can use Turnitin to check for originality of your report.