Kiddie Kampus

Kiddie Kampus Network Design

CLAW Network Solutions

Jordan Crouse, Patricia Langston, Titus Alcock, Jamie Watson

Kiddie Kampus

IntroductionCLAW Networking Solutions has provided this detailed design proposal to your company which, if

implemented, will enhance the network that is currently in use. The old network would be replaced

with the most current and up-to-date Ethernet technologies including cabling, switches, and a star

topology. Our company knows the significance of having a reliable network infrastructure in place and

the need for a small business to continue thriving. Therefore, CLAW Networking Solutions has listed our

recommendations that we believe will provide you with the best possible solution for yourself and your

business needs.

Kiddie Kampus

BackgroundKiddie Kampus is a popular family owned and operated childcare facility located in Wilson, North

Carolina. As the center is gaining more and more popularity, the owners are looking to expand their

network and to make sure it is as secure as possible. The current network design is simply three

computers and two printers all connected to a wireless router. The wireless router connects to a cable

modem for internet access through the local cable company. Also, there is a fax machine and three

telephones that are currently being operated on plain old standard telephone lines that will be

converted to a VOIP system. They have one camera set up in one of the classrooms with a monitor

located in the office for observation.

Our consultants are trained to know the advantages as well as the disadvantages of each recommended

piece of equipment while comparing each option based on the cost, speed, and efficiency. Based on our

research, we decided on two possible solutions that we know will improve your business. The first

option is a more cost effective proposed plan and the other is the performance based option, which we

highly recommend. Inside this proposal you will find both the cost effective approach in addition to the

performance based approach. We have also provided an implementation timeline for completion,

detailed budget estimations, a Logical LAN diagram, and a Physical LAN diagram. All childcare facilities

are required to comply with local, state, and federal regulations regarding student safety and data

security. Our team will do our best to provide the most cost efficient and secure network design for

your facility.

Kiddie Kampus

Detailed SolutionsCLAW Solutions highly recommends that the center is getting their DSL service through their local

telephone company instead of using the cable provider. This is because even though cable service

providers advertises faster speeds, they typically share bandwidth with neighboring users. This would

cause a security issue because neighboring businesses would potentially have access to the Kiddie

Kampus network and will be able to observe all the packets travelling back and forth by using packet

sniffer software.

Physical Layer

Next, we will focus on the physical layer of the network. We would like to run UTP Ethernet plenum

cable throughout the building for linking each device to the company LAN network. We are

recommending using plenum because we have to run the cable through the drop in ceiling and this

would be required to be in compliant with the building code. Plenum cable is fire resistant and used to

prevent fires from spreading using the cables as wicks in the plenum environment. We are

recommending using an Ethernet cable for connections within the LAN instead of using wireless for

several reasons. Cable can provide faster speeds and can handle simultaneous communication through

the switch whereas wireless networks can only handle one communication at a time. Using cable is a lot

more secure than sending all data communication wirelessly and it is best for optimal performance.

Cable is, also, more reliable and consistent than wireless media. Wired Ethernet workstations should

still receive the same speeds as long as they are placed as well as located within 100 yards of the switch.

Wireless users would notice substandard performance the further they travel away from the access

points.

Kiddie Kampus

CLAW Solutions recommends using a Cat 6 cable because it offers faster speed than Cat 5 or 5e for an

additional cost. A Cat 6 cable can also handle all the data and video needs for Kiddie Kampus plus much

more. We did consider using a fiber optic for even greater performance but, we think its cost would

outweigh the benefit. The newly improved Kiddie Kampus network will be designed using a star

topology which will allow for better performance and reliability. For instance, if one user goes down,

the network will still operate.

Network and Transport Layer

The needs for the Kiddie Kampus network layer of the LAN would be best met with a layer two switch.

We are recommending a switch over a hub for better performance. The switch will create separate

collision domains and would allow for duplex communication between devices. Using a switch to route

all internal traffic will reduce latency as opposed to using a router for routing traffic within the LAN. The

switch will need to be connected to a router for routing all packets leaving and entering the LAN. The

network needs to implement a firewall to filter traffic coming into the network from the internet. The

Firewall can filter ports and IP address and add security needed to protect the LAN from the internet.

Also, the network will use NAT (Network Address Translation) to hide the internal IP address of the

computers within the LAN. The NAT would provide a separate IP address for the public side of the

network to see and then translate the address to the local IP address for routing within the LAN. The

router will be configured to assign IP address for all devices accessing the network using DHCP. The

router will be configured as the default gateway and will also have the DNS (Domain Name Server)

address for resolving the IP address for the websites being requested for access. All users requesting

access to the network would need to be authenticated before being granted access. We will implement

an AAA (Authentication, Authorization, and Accounting) type protocol such as RADIUS (Remote,

Authentication, Dial in User Service) for all users requesting access to the LAN. Also, we will implement

Kiddie Kampus

Qos (Quality of Service) to give priority of packets for the VOIP phones and video data for the cameras.

The switch needed would need to be able to handle three computers, three phones, one camera and

one fax for a minimum of 8 ports. It is recommend that you go ahead and purchase a switch with extra

ports for future expansion. Other considerations for future needs that may go ahead and be

implemented into the network are any additional computers possibly needed for the children to use or

for administration, additional cameras for the other classrooms and maybe adding an access point for

wireless capability. Upon further consultations with Kiddie Kampus, it may be decided to go ahead and

install capacity for additional capabilities like these while installing the upgrade. CLAW recommends

planning for future expansion and all forecasted needs while making these network upgrades.

We did not believe that wireless access capability is a necessity at this time but if it is desired for the

LAN, there are several considerations we will need to make. We will first determine the required

coverage area required for wireless access. Next we will look at the layout of the building and the

construction for placement of the wireless access points. Ideally coverage can be provided by placing

access points every fifty feet. Sometimes they can be spaced a little further apart in wide open spaces

and sometimes they would need to be closer if there are walls in-between to obstruct the signals. We

will design for some overlap so that continuous coverage can be provided. Also, we will configure the

channels on the wireless access points to minimize interference. We will set the SSID (Service Set

Identifier) and make it hidden to minimize attempts of unauthorized access. We will also enable WPA

(Wi-Fi Protected Access) for encryption and secure access.

Kiddie Kampus

Network Design Approaches

Cost Effective Proposal

Material CostsNeed Item Quantity $/Item TotalDSLUTP Ethernet Plenum

Cat5e StarTech WIR5ECMPGRY 1000 ft. Cat 5E Gray Roll of Gray Plenum CMP Cat5e Solid UTP Bulk Cable

3 (1000 Ft) $295.55 $887.97

Ethernet Cable (Wall to Device)RJ-45 Connectors pre-installed

Cat5e Coboc CY-CAT5E-25-BK 25ft.24AWG Snagless Cat 5e Black Color 350MHz UTP Ethernet Stranded Copper Patch cord /Molded Network lan Cable

4(25 Ft) $3.49 $13.96

RJ-45 Keystone Jacks Cat5E

BELKIN R6D024-AB5E-WHT Cat.5e Keystone Jack

5 $5.99 $29.95

RJ-11 Keystone Jacks (Phones)

RJ-11 Toolless Keystone Jack - White (7288)

3 $2.66 $7.98

Wall Plate Multi-Media Keystone Wall Plate 1 Port Almond Monster Cable 140172-00

8 $1.57 $12.56

Layer 2 Switch NETGEAR ProSAFE 24-Port Gigabit POE+ Managed Switch Layer 2+ With Static L3 Routing (GSM7224P)

1 $655.03 $655.03

Patch Cables C2G 22679 5 ft. Cat 5E Blue Cat5E 350 MHz Assembled M-M Patch Cable - Blue

8 $2.00 $16.00

Patch Panel BELKIN C-PP5-24-F- 1 $113.80 $113.80

Kiddie Kampus

BK 24 Port Cat5e Network Patch PanelCompareBELKIN C-PP5-24-F-BK 24 Port Cat5e Network Patch Panel

Switch Rack Tripp Lite SRWO8U22 8U Wall Mount Open Frame Cabinet

1 $116.99 $116.99

Router LINKSYS LRT214 Business Gigabit VPN Router

1 $209.99 $209.99

Firewall Norton Small Business, 5 Devices

1 $99.99 $99.99

Sub-Total $2164.22Sales Tax 7% $151.50Labor Telecommunications

Technician40 Hours $104.00 $4160.00

Total $6475.72

Best Performance Proposal

Material CostsNeed Item Quantity $/Item TotalDSLUTP Ethernet Plenum

StarTech WIRC6CMPGRY 1000 ft. Cat 6 Gray Roll of Gray Plenum CMP Cat 6 Solid UTP Bulk Cable

3(1000 Ft) $446.99 $1340.97

Ethernet Cable (Wall to Device)RJ-45 Connectors pre-installed

Cat6A Coboc CY-CAT6A-STP-25-BL 25ft.26AWG Snagless Cat 6A Blue Color 550MHz SSTP(PIMF) Shielded Ethernet Stranded Copper Patch cord /Molded Network lan Cable

4(25 ft) $9.26 $37.04

Kiddie Kampus

RJ-45 RJ-45 Keystone Jacks Cat6

Belkin Cat.6 Keystone Jack

5 $5.99 $29.95

RJ-11 Keystone Jacks (Phones)

RJ-11 Toolless Keystone Jack - White (7288)

3 $2.66 $7.98

Wall Plate Multi-Media Keystone Wall Plate 1 Port Almond Monster Cable 140172-00

8 $1.57 $12.56

Layer 2 Switch NETGEAR ProSAFE 24-Port Gigabit POE+ Managed Switch Layer 2+ With Static L3 Routing (GSM7228PS)

1 $1508.99 $1508.99

Patch Cables Tripp Lite 5-ft. Cat6 Gigabit Snagless Molded Patch Cable

8 $3.99 $31.92

Patch Panel BELKIN F4P638-24-AB5 24 Port Cat6 Patch Panel

1 $60.90 $60.90

Switch Rack Tripp Lite SRWO8U22 8U Wall Mount Open Frame Cabinet

1 $116.99 $116.99

Router LINKSYS LRT224 Business Dual WAN Gigabit VPN Router

1 $239.99 $239.99

Firewall Norton Small Business, 5 devices

1 $99.99 $99.99

Sub-Total $3487.28Sales Tax 7% $244.11Labor Telecommunications

Technician40 Hours $104.00 $4160.00

Total $7891.39

Kiddie Kampus

Cost Effective Proposal

The first of the two systems that we have created a complete full budgeted proposal for is the cost

effective proposal. While this system doesn’t offer quite the same speed and performance of our

performance based system, we feel as though it will adequately meet the needs of your company. This

systems starts off with Cat5E UTP Plenum cabling wired using two twisted pairs. This results in a network

that is in accordance with IEEE 802.3 standards, classified as a 100BaseTX network. This network will

allow up to 100 meters of cable length to be run from the patch panel to the wall plate and will allow

speeds up to 100Mbps.

In accordance to the star topology, we have decided to install the switch rack in a central location. The

network will run off of a NetGear Prosafe 24 Port Layer 2 switch. It will then connect to a Belkin 24 port

Cat5E patch panel, which connects to the switch using patch cables. The Cat5E UTP cabling is connected

to the back of the patch panel, which is run directly from each wall jack to the patch panel. The switch

will be connected to a LINKSYS LRT214 Business Gigabit VPN Router which is connected to the DSL

provided by the phone company.

Although the system only requires 8 ports, we have decided to recommend a 24 port switch and patch

panel for future additions to the system. The switch rack that we have selected will allow the addition of

up to 8 more switches of 24 ports to be added into the network. Each of the devices in the network will

be connected at a wall jack, with the computers and printers using RJ-45 connections and the provided

25 Ft premade RJ-45 cables to connect to the devices. The phones will be connected at a wall jack using

RJ-11 jacks and the supplied standard phone cables. This system is a definite upgrade from the current

system used by Kiddie Kampus, and it will provide upgradeability for future additions.

Kiddie Kampus

Best Performance Proposal

For this proposal we stepped this up a notch. We decided to stay with the same companies for each of

the hardware pieces, but we are proposing higher end options that will increase overall performance

and system capabilities. This system will be founded on a Cat6 network of cabling. The network will use

Cat6 UTP Plenum cabling employing a four pair twisted pairing which will allow the system to operate at

a max speed of 1000Mbps. In accordance with IEEE 802.3 standards the network will be classified as a

1000BaseT.

The switch for this system will be a NetGear Prosafe 24 port layer 2 switch with layer 3 capabilities. That

will then be connected to a Belkin 24 port Cat6 patch panel, which will be mounted on a Tripp Lite

switch rack that allows for eight 24 port switches to be installed. The switch will be connected to an

upgraded LINKSYS router with VPN and WAN capabilities which also allows gigabit transfer speeds. All of

the devices will be connected in the same manner as the cost effective system, but will all upgraded

technology. The upgraded capabilities of the system will allow Kiddie Kampus to add devices to their

system and maintain fast speeds for years to come. The cost effective system uses Cat5E which is slowly

becoming outdated because it doesn’t allow for transfer rates as fast as Cat6. With the upgraded switch,

we also feel confident that this system will not be outdated for many years.

As mentioned above, our company is fully capable of installing a fiber optic backbone network that will

provide even faster speeds of up to 10Gbps. It will cost considerably more money as well as labor to

install, but it will be state of the art once we are through. We can also provide you with servers,

centralized databases, and wireless internet, which can all be easily connected into the network that we

are proposing. Finally, we are proposing that regardless of which network you choose, that you use a

strong internet security antivirus and firewall software package. We are recommending that you use

Kiddie Kampus

Norton Small Business, which provides protection for up to five devices, but can easily be upgraded to

10 or 20.

Kiddie Kampus

CLAW Recommendation

CLAW Solutions is always looking for a way to help local families and businesses. By putting together

two different proposals, we are really hoping to allow you to recreate your network in an affordable,

efficient way. Both options are fully working and will allow your network to run smoothly. However, the

“Best Performance” proposal will allow your business to run faster and more efficiently. It will allow

more room for future growth and will provide optimal safety measures for the students and their

families.

Kiddie Kampus

Risk Assessment

We conducted a high-level risk assessment to analyze and prioritize the possible security risks to Kiddie

Kampus’ information systems and network. We have identified four business areas that could be

impacted in the event Kiddie Kampus were to be exposed to security threats. The areas impacted are

Operational/Productivity, Financial, Reputational and Legal. We have outlined below a prioritized list of

risks identified for each area of impact.

1) The risk of operational failure/downtime and financial loss, due to improper physical access

controls to key systems/hardware.

a) External customers and employees have access to the office, administrative area, and

restroom/closet (where the current telephone system components reside), which all contain

network components and system hardware.

(1) Possible scenario - A disgruntled parent or employee could go into the restroom and cut

the lines to the phone system. The daycare could operate with cell phones, but the

teachers aren’t allow to have them. So they would have to walk to each room to

communicate with the teachers, and external customer communication would be down

b) In the event that the Procare Touch fingerprint scanner is down, it requires resources to

manually allow customers in consistently throughout the day.

c) Routers/systems hardware in administrative area and office could be easily accessed and

damaged, since the door is normally left open to the office. There is nothing preventing a

parent from walking behind the desk up front.

Kiddie Kampus

2) The risk of exposure to client confidential data and potential fraud due to data protection risk

awareness, and vendor management. This could have a reputational, financial and legal

impact.

a) Confidential internal/child health data is displayed on system screens and in plain view,

available for public viewing. Normally someone is sitting at the computers, but there are

times when they are not.

b) Confidential information is sent electronically to external vendors however there has been

no risk assessment done to determine what happens to that data when the vendor receives

it.

c) Employees/management dealing with confidential data need more training on information

security and protection

3) The risk of data loss/compromise due to lack of knowledge associated with patching

requirements for systems residing on the network.

a) Vulnerability scans are not conducted on consistent basis to check for available patches

b) Security updates are not applied as needed

While the volume of data maintained by Kiddie Kampus is low and their networks and systems are fairly

simple, the likelihood that the above security threats could occur is moderate to high. The impact would

be high in terms of the potential risk to the company’s reputation. If their systems or network were to

go down, they would call their provider or vendor to diagnose and resolve the issue. Financial loss could

be possible if they were required to purchase new hardware. We recommend that Kiddie Kampus

implement clean desk policies to limit the possibility of confidential data loss. This includes training

employees on the policies, purchasing shredders and establishing proper controls for monitoring. In

Kiddie Kampus

addition to these new policies and training, we feel that our recommended solution will greatly reduce

the risks outlined above.

Kiddie Kampus

Works Cited

All pricing for hardware was obtained from http://www.newegg.com/

Pricing for Norton Small Business was obtained from http://us.norton.com/small-business