Solved

College project - Presentation on a WAN owned by a company

Posted on 2004-04-14
17
953 Views
Last Modified: 2013-12-06
Lo everyone,

A bit weird asking here however I have received a project from college and I need to interview someone (ie a network administrator) about his / her network (has to be a WAN). I will be asking questions like:

•      Brief background of the company
•      Size of network – (different locations?)
•      Computer specifications
•      Operating systems
•      Network media
•      Network equipment – Switch / hub / router / patch panel etc.
•      Server(s) information
•      Firewall(s)
•      Prevention against hackers and viruses
•      E-mail checking facilities
•      Backup / disaster recovery facilities
•      Bandwidth usage
•      Protection on individual computers (ie fortress)
•      Subnetting
•      Legal considerations in the use of wide are networks

With the information that I will be gathering, I will create a PowerPoint slideshow presentation on your company in the respect of its use its WAN and associated technology. Because this is quite a large assignment I will require someone to talk to me via something like MSN, IRC etc as I may have to ask more questions or adapt some. A UK company would be preferable however not required. If you want you may view the presentation before i present it. 500 points available.

Thanks to anyone willing to help

Helix.
0
Comment
Question by:Helix
  • 8
  • 7
17 Comments
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
Im not sure if this is allowed? under the member agreement, post in community support and get a yes/no from an administrator/moderator, If you get a thumbs up I'll help you out

Pete
0
 

Author Comment

by:Helix
Comment Utility
i'll inform ad admin / mod. Thanks
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
:)
0
 

Author Comment

by:Helix
Comment Utility
Posted and awaiting reply
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
Helix - its 2230 in the UK and I'm going offline, if you get the go ahead repost (with a link to the Mods/admins post) - so Ill get an EMail notif :)

Also let me know how quick you need the info - if your working to a tight deadline then I'll pull my finger out.
0
 

Author Comment

by:Helix
Comment Utility
I will need to present it on friday (not this friday, the one after)

I'll keep you informed, thanks for replying.
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
Thanks NM - Ill report back with some info later today :)
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:Helix
Comment Utility
Excellent, Thank you.

PeteLong, if you still decide to help can you please contact me via *** email address removed by Netminder, Site Admin *** or on irc #ath3na on quakenet.

Thanks

David
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
OK David, but EVERYTHING needs posting here, resolution of problems via EMail is stricly forbidden, so any correspondance offsite has to be posted here.
0
 

Author Comment

by:Helix
Comment Utility
Hehe ok thats understandable.
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
Comment Utility
Right then - sorry for not posting earlier but as you are about to find out My Day Job keeps me busy :)

•     Brief background of the company

I work for a local NHS Trust, this trust provides help and counciling to patients with Mental health problems, either at our locations or in the patients home. This Trust covers a large geographic area (well large in the UK :) And runs as for noth as Peterlee/Easington and as far south as Malton in North Yorkshire. Trust (Tees and NOrth East Yorkshire NHS Trust) was formed from the amalgamation of several other Trusts but was originally Called South Tess Community Mental Health Trust. We Provide secure units for patients that are considered to be a danger to the community, and provide help to individuals with Learning Difficulties.

•     Size of network – (different locations?)

The network covers 75 networked sites, these sites vary in size from a single office with one employee up to Major hospitals with many hundreds of employees, as its a network that has develped it has a large diversity of networking standards and differing ages of networking componants

•     Computer specifications

We have a massive variety of client PC systems, ranging from the odd 486DX Pc's which are still required for some apps, Others Dinosaurs out there are P75, P133MMX, PPro200, an occational P2-266, the remainder of the network clients are Pentium 3/Pentuim 4 systems and all new machines bought are either Compaq Evo D500's or Dell Optiplex GX270's

•     Operating systems

Some clients (for specific applications) are still using MSDOS 6.22 for uploading information to legacy HPUX Unix systems, all remnants of windows 3.11 have been removed from the network, the large majority of clients remain on windows 95/98 but they are actively being replaced by Windows 2000, there are very few Windows XP CLients on the network and NO NT4 clients at all. Server side We are running Windows 2000 Adv server, Novell Netware 5.1, HP-UX, Solaris and have just ditched SCO-UNIX

•     Network media

We have five main sites that link back to our server room over 2Mbps Leased lines, we aslso maintain a 2Mbps link to NHSNet this in a private internetwork connected to (but firewalled and protected from the Internet), Next down on the speed list are medium sized locations that have a 512kbps link back to us, We also have a lot of leased 128kbps leased lines that are slowly replacing our legacy 128 and 64kbps ISDN2 data systems. As well as the normal bound media we also have deployed Wireless both externally to link small sites to larger ones and internally using wireless (b band 11mbps) we cannot deploy G band yet as its not ratified for use in the NHS, these systems are encrypted and there are a number of security "nips and tucks" we need to apply to wireless systems to make them more secure.

•     Network equipment – Switch / hub / router / patch panel etc.

Switches
Primarily we have 3Com Superstack switches deployed at our primary site and all our remote sites, there a a few 3Com hubs hanging around but they are being replaced as funds allow, Our primary site has five communications cabinets and the switching system is all handled at the core by a Cisco Catylist 3550 Fibre swich, this provides Layer 3 switching between out two subnets and trunks to five Cisco Catylist 2900 series switches (one in each cab), then these cascade to 3Com Superstacks which are essentially "dumb" switches and handle all the layer 2 switching.

hubs
Mentioned above

Routers
At The core of the routing system there are two Cisco 7200 Modular routers, thes handle all our incoming data circuits, and if one fails the other takes over, these guys cost us 48k each (configured) and our network support comany keeps a third ready for us if one fails. We also have a CIsco 3600 Modular router which holds a bank of 25 high speed ISDN modems that handles our secure dial in system. Circuits out of the Main Location are handled by a Cisco 1700 and a Cisco 1600 series router, All the remote sites have a varient on a Cisco 1600 depending on their connection to us

Patch Panels
Hundreds of them, some Sheilded ones out there (dont know why)

•     Server(s) information

Our 2K servers are all Compaq Proliant ML series servers (With one DL class) they are all located on our main site, Our Novell system runs on 7 Compaq Proliant ML1600 server one of which is at the main location and the remainig six are on our larger sites. We also run a HP DCLass server running HPUX and Oracle, Sun server runnning Solaris and a redundant Dell Power Edge that used to run Sco Unix

•     Firewall(s)

Cisco PIX 525 Firewall Protects the entire network and is managed by myself and one other. Though it has the capacity to deploy a DMZ we do not use this and its the only route in and out of the network.

•     Prevention against hackers and viruses

As well as the usuall securty policies and auditing of network events on the servers, the Trust has an automated Anti Virus System that is built on Sophos, every three minutes one of our servers connects to Sophos and downloads the latest antivirus definitions/updates and moves them to a central directory, every client on the network then checks the definitions periodically and downloads the updates (We have not had a virus problem on a networked machine in two years) this ayatem also scans all incoming and outgoing messages as it is bolted into.........

•     E-mail checking facilities

..........Baltimore MIMEsweeper (Now Clearswift but we are using Exchange 2K so we have not upgraded) Lives on a dedicated server (The DL series mentioned earlier) and monitors all EMail traffic for....

Spam
Profanity
Scripts
Executable Files
Encrypted Files
Infected files
Unknown Files

If can search within files up to a certain level i.e. If you try and hide an executable file in another file and put that in a zip file it will be picked up. Stopped messages are "Parked" and are either released or moved by an administrator (We cannot delete someones EMail no-matter what it is). We also block known "annoying" Domains at the exchange level.
Clients on out network CANNOT connect to any Web based EMail systems (They are blocked by Websense) So thay cannot "back door" the security system.

•     Backup / disaster recovery facilities

Every server performs a FULL backup each evening (We DO NOT use incremental/differential backups) The 2K servers use a mixture of Backup Exec 8.6 and 9.0 to do this, the Novell servers use ARCServe fot Netware 7, each server has a 22 tape rotation cycle mon-fri1   mon-fri2 and 12 monthly tapes changed each day by either a support tech or a mamber of staff at the remote locations (This has a yearly cost of 22k in tapes) And will shorly be replaced (Thankfully) with a central backup solution. Backup Media includes DDS2, DDS3, DDS4, DLT80 and Ultrium systems.
We also completely rebuild a server, either onsite or offsite from backup media, both for training and to make sure the systems are working. All Storage media is kept offsite in a 5 hour firesafe.

•     Bandwidth usage

Since we removed the IPX/SPX protocols (when we ditched Novell 4.11) and removed all SAP traffic from the network our network traffic has decreased dramatically, throughput on the core swich peaks at 0.6% and no router on the network runs at over 20% capacity, or network is constantly benchmarked and monitored using Cisco Work 2000 and Solarwinds Engineers Toolkit

•     Protection on individual computers (ie fortress)

fortress?

•     Subnetting

We have four registered Class C Networks 194.189.x.x in the past that was fine and one was subnetted to 255.255.255.192 (Split over two sites) and another was split to 255.255.255.240 to cover all our small sites. As we have grown we need a LOT more IP addresses so we now also use 172.16.x.x addresses at most of our sites, and these are NAT'd to a public address on our firewall.

•     Legal considerations in the use of wide are networks

Big consideration for an NHS Trust we are responsible for holding both Medical information and personal information in our systems (we call it patient demographics) we are legally responsible for the protection of that data. And are bound by BS7799 on its use and storage. We are also legally bound to produce all information on an individual if they request it.
We are also responsible for the actions of our staff while connected to our network, who must undertake training both in security matters (and technical training) before thay are allowed access, as we monitor both EMail and Internet usage these issues need to be put into the relavant network usage/HR policies so that "acceptable use" and more importantly "unacceptable use" can be proven.



Hope that fills some blanks for you, feel free to repost if you need any clarification, and appologies for my bad typing :)

Pete
0
 

Author Comment

by:Helix
Comment Utility
Thanks a lot for the information that you have provided me this far. Ive noticed this:

•     Protection on individual computers (ie fortress)

fortress?

Forterss is something we have  at college, its a porgram which limits us to what we can do on the computers. IE we cant right click / access control panel / access running services / open the command prompt etc. Do you have similar precautions on other machines or do the users have full access?

Other than that im trying to create an annotated diagram in Visio although its proving quite difficult considering the size of the network. Could it be possible for you to provide such a diagram i could use to look at to aid me in creating my own?

Other than that i cant see anything else, thanks a lot, you've been  a right star.

Dave
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
Ive sent you the info you asked for :) As I cant post the diagrams here, Ive sent you

A copy of our network diagram
A copy of our AV system diagram
Acopy of our websense polcy blocked catagories
A guide on monitoring and legality.

With regards to your last question, we have the power to enforce policies on our users desktop machines should we wish to, and as we run Novell we can also lock down our 95/98 clients a LOT easier than most people, using Novell Zenworks for Desktops, we can pretty much lock down remove or disable anything we want to on our client machines. I am not a fan of doing this, users sholdnt be able to

install software
change system settings

but if you lock users out of machines too much they begin to stop calling them "my computer" and it becomes "the computer" giving users the leeway to change desktop settings and themes etc encourages equipment husbandry (I like that erm)

We can apply policies to either a user, or a worksstation, or a group of users or a group of workstations 9Novell have been doing this a lot longet and a lot better tham Microsoft for a long time)
0
 

Author Comment

by:Helix
Comment Utility
Thanks a lot for the material provided. I am beginning to construct the presentation with the information you have generously provided. I will close this question as the bulk of it has been delt with. I will contact pete if i encounter any small problems.
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
:) Glad to help - let me know how the presentation goes :)

Pete
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
RIP Routing 5 45
Eigrp versus OSPF in a ring topology 3 40
HP Laser Jet Errors 10 48
Security Alert 2 36
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now