ku project

8/6/2019 Ku Project

http://slidepdf.com/reader/full/ku-project 1/39

Islamic Republic Of AfghanistanIslamic Republic Of Afghanistan

Kabul UniversityKabul UniversityComputer science FacultyComputer science Faculty

ProposalProposal

IImplementing LAN Kabul Universitymplementing LAN Kabul UniversityKabul Afghanistan.Kabul Afghanistan.

Design and Documentation By:Design and Documentation By:

Computer Science StudentComputer Science StudentThird ClassThird Class

8/6/2019 Ku Project


CONTENTSCONTENTS

PROPOSED SystemsPROPOSED Systems

MapMap

ServersServers DesignDesign

8/6/2019 Ku Project


PROPOSED SYSTEMPROPOSED SYSTEM

The proposed system is capable of meeting allThe proposed system is capable of meeting all

requirements of Kabul University and eliminatesrequirements of Kabul University and eliminates

the drawbacks, which makes LAN efficient andthe drawbacks, which makes LAN efficient and

highly secure and demanding.highly secure and demanding.

It will also result in reduced operating cost andIt will also result in reduced operating cost and

significant improvement in the ability of significant improvement in the ability of

organization to provide more improved andorganization to provide more improved and

quick services to users and consequently, toquick services to users and consequently, to

general public.general public.

8/6/2019 Ku Project


ADVANTAGES OF PROPOSED ADVANTAGES OF PROPOSED

SYSTEMSYSTEM Security:Security:

Now days in world of I.T the main concern of Now days in world of I.T the main concern of organizations from all over the word is security. Thereorganizations from all over the word is security. Thereare two different aspect of security. One focuses mainlyare two different aspect of security. One focuses mainly

on external threats and other on internal threats with inon external threats and other on internal threats with inthe organization. The internal network must be protectedthe organization. The internal network must be protectedfrom both these threats. The LAN must be kept highlyfrom both these threats. The LAN must be kept highlysecure and in order to ensure that all the important datasecure and in order to ensure that all the important dataand valuable asset of organization are hidden from theand valuable asset of organization are hidden from thesnooping eye.snooping eye.

The proposed system is highly secure and it will imposeThe proposed system is highly secure and it will imposeall security measures for external and internal threats. Itall security measures for external and internal threats. Itwill consist of strong firewall protection on the gateway towill consist of strong firewall protection on the gateway tointernet and external access. Network will be controlledinternet and external access. Network will be controlledfrom centralized location using active directory domain.from centralized location using active directory domain.

8/6/2019 Ku Project


Centralized controlCentralized control

Proposed system is constructed on theProposed system is constructed on the

principle of centralized controlled i.e. theprinciple of centralized controlled i.e. the

whole network operation is controlled fromwhole network operation is controlled froma central location. This will give granolasa central location. This will give granolas

control to the system administrator over allcontrol to the system administrator over all

the network resources and no one will bethe network resources and no one will be

able to miss use any important assets of able to miss use any important assets of the organization without proper permissionthe organization without proper permission

over it.over it.

8/6/2019 Ku Project


GREATER PROCESSING SPEEDGREATER PROCESSING SPEED

The proposed system will be constructedThe proposed system will be constructed

using the latest and fasted technologyusing the latest and fasted technology

available in the market due to which endavailable in the market due to which endusers will experience greater processingusers will experience greater processing

speed both in the LAN as well as WANspeed both in the LAN as well as WAN

side access. Response time will increaseside access. Response time will increase

where as decreasing the delay time.where as decreasing the delay time.

8/6/2019 Ku Project


FASTER INFORMATIONFASTER INFORMATION

RETRIEVELRETRIEVEL Important information will always availableImportant information will always available

to users in no time. A separate servers isto users in no time. A separate servers is

responsible of hosting different informationresponsible of hosting different informationand will be capable of handling all usersand will be capable of handling all users

request smoothly thus minimizingrequest smoothly thus minimizing

response time.response time.

8/6/2019 Ku Project


99.99% data availability & uptime99.99% data availability & uptime

The proposed system will be constructedThe proposed system will be constructed

in such a manner that ensures 99.99%in such a manner that ensures 99.99%

data availability &data availability & uptime. Latestuptime. Latest

equipments and technology will be used inequipments and technology will be used in

order to achieve this goal.order to achieve this goal.

8/6/2019 Ku Project


FLEXIBILITYFLEXIBILITY

The proposed system is very flexibleThe proposed system is very flexible

system and is capable of accommodatingsystem and is capable of accommodating

any change that occurs in future both inany change that occurs in future both in

the physical and logical layout of thethe physical and logical layout of the

BuildingBuilding

8/6/2019 Ku Project


BETTER ACCURACY ANDBETTER ACCURACY AND

IMPROVED CONSISTENCYIMPROVED CONSISTENCY Some times information system projectsSome times information system projects

are initiated to improve the accuracy of theare initiated to improve the accuracy of theprocessing data or ensure that aprocessing data or ensure that a

procedure prescribing how to do a specificprocedure prescribing how to do a specifictask is always followed. I f properlytask is always followed. I f properlydesigned and implemented, there is nodesigned and implemented, there is nochange of error on part of computer, Achange of error on part of computer, Acomputer can maintain accurate andcomputer can maintain accurate andconsistent database, hence resulting in anconsistent database, hence resulting in animproved performance.improved performance.

8/6/2019 Ku Project


RELIABILITYRELIABILITY

A high degree of reliability is designed in A high degree of reliability is designed in

the system by incorporating good internalthe system by incorporating good internal

controls.controls.

8/6/2019 Ku Project


MapMap

8/6/2019 Ku Project


Faculty MapFaculty Map

8/6/2019 Ku Project


Server FarmServer Farm

8/6/2019 Ku Project


DMZDMZ

8/6/2019 Ku Project


Domain controller Domain controller

A collection of computers & servers that are part of the A collection of computers & servers that are part of thesame centralized database .same centralized database .

Centralized User/Group AuthenticationCentralized User/Group Authentication --the ability tothe ability tolog on one .log on one .

time and access resources throughout the domain.time and access resources throughout the domain. Centralized SecurityCentralized Security --the ability to control thethe ability to control the

user/computer environment, from one computer, acrossuser/computer environment, from one computer, acrossthe whole network .the whole network .

Searchable Database of resources including users ,Searchable Database of resources including users ,

computers ,shared folders printers and more.computers ,shared folders printers and more. Very ScaleableVery Scaleable -- small companies and large companiessmall companies and large companies

8/6/2019 Ku Project


Backup domain controller andBackup domain controller and

secondary DNSsecondary DNS IF a problem occur with server that hasIF a problem occur with server that has

install domain controller and primary DNSinstall domain controller and primary DNS

administrator also capable to manage andadministrator also capable to manage and

control network without a problem.control network without a problem.

8/6/2019 Ku Project


DNS server DNS server

In using of domain it is necessary to useIn using of domain it is necessary to use

DNSDNS--server.server.

This server change ip to name and nameThis server change ip to name and nameto ip.to ip.

For flexibility user used from name insteadFor flexibility user used from name instead

of IP.of IP.

8/6/2019 Ku Project


Log server Log server

It use for monitoring of network.It use for monitoring of network.

This server store all information thatThis server store all information that

occur in the entire network.occur in the entire network.For example: if someone want hackFor example: if someone want hack

our network it will be store in log server our network it will be store in log server

so we can find hacker.so we can find hacker.

8/6/2019 Ku Project


FTP server FTP server

It is use for uploading and downloadingIt is use for uploading and downloading

files in network.files in network.

In this server, permission create that whoIn this server, permission create that who

can upload and download data in specificcan upload and download data in specificsize of information.size of information.

8/6/2019 Ku Project


File server File server

It use for storing data.It use for storing data.

This server contain all information andThis server contain all information and

books for every faculty.books for every faculty. It contain folders for every subject.It contain folders for every subject.

Administrator determine who (students Administrator determine who (students

and teachers) should use which folder.and teachers) should use which folder.

8/6/2019 Ku Project


WSUS server WSUS server

If use license OS .If use license OS .

It is necessary for get updatingIt is necessary for get updating

You will read how to update and configureYou will read how to update and configure Automatic Updates on client workstations Automatic Updates on client workstations

andand

servers that will be updated by WSUSservers that will be updated by WSUS

8/6/2019 Ku Project


SQL server SQL server

It provides an environment used toIt provides an environment used to

generate databases that can be accessedgenerate databases that can be accessed

from workstations, the web, or other mediafrom workstations, the web, or other media

such as a personal digital assistant (PDA).such as a personal digital assistant (PDA).

It is used for KabulIt is used for Kabul--University databaseUniversity database

that contain all information about studentsthat contain all information about students

and teachers.and teachers.

8/6/2019 Ku Project


Exchange server Exchange server

Also called mail server. Also called mail server.

It make local mail if source and destinationIt make local mail if source and destination

are in same domain.are in same domain. It make mail secure and fast forward.It make mail secure and fast forward.

Administrator can reset password if user Administrator can reset password if user

forgot password.forgot password.

8/6/2019 Ku Project


SMTP server SMTP server

A SMTP relay is a machine that will accept incoming and A SMTP relay is a machine that will accept incoming andoutgoing emails and that will then forward them on to their outgoing emails and that will then forward them on to their configured destinations.configured destinations.

Increases security by preventing Internet SMTP servers fromIncreases security by preventing Internet SMTP servers fromdirectly contacting the Exchange Server.directly contacting the Exchange Server.

Can filter inbound email for viruses or SPAM BEFORE theyCan filter inbound email for viruses or SPAM BEFORE theyreach the Exchange Server.reach the Exchange Server.

Can filter outbound email for viruses before they are sent over Can filter outbound email for viruses before they are sent over the Internet.the Internet.

Decreases the workload on the Exchange Server by taking careDecreases the workload on the Exchange Server by taking careof CPUof CPU--intensive tasks before forwarding the email on to theintensive tasks before forwarding the email on to the

Exchange Server.Exchange Server. Can be configured to provide a secure, SMTP server so that your Can be configured to provide a secure, SMTP server so that your

remote users can send email over the Internet when they are outremote users can send email over the Internet when they are outof the office.of the office.

8/6/2019 Ku Project


Proxy server Proxy server

For security, legal compliance and also monitoringFor security, legal compliance and also monitoringreasons, in a business environment, some enterprisesreasons, in a business environment, some enterprisesinstall a proxy server within the DMZ.install a proxy server within the DMZ.

Obliges the internal users (usually employees) toObliges the internal users (usually employees) to

use the proxy to get Internet access.use the proxy to get Internet access. ·· Allows the company to reduce Internet access Allows the company to reduce Internet access

bandwidth requirements because some of the webbandwidth requirements because some of the webcontent may be cached by the proxy server.content may be cached by the proxy server.

·· Simplifies the recording and monitoring of user Simplifies the recording and monitoring of user activities and block content violating acceptable useactivities and block content violating acceptable usepolicies.policies.

8/6/2019 Ku Project


Reverse proxy serversReverse proxy servers

A reverse proxy server provides the same service as a A reverse proxy server provides the same service as aproxy server, but the other way around. Instead of proxy server, but the other way around. Instead of providing a service to internal users, it provides indirectproviding a service to internal users, it provides indirectaccess to internal resources from an external networkaccess to internal resources from an external network(usually the Internet). A back office application access,(usually the Internet). A back office application access,

such as an email system, can be provided to externalsuch as an email system, can be provided to externalusers (to read emails while outside the company) but theusers (to read emails while outside the company) but theremote user does not have direct access to his emailremote user does not have direct access to his emailserver. Only the reverse proxy server can physicallyserver. Only the reverse proxy server can physicallyaccess the internal email server. This is an extra layer of access the internal email server. This is an extra layer of security, which is particularly recommended whensecurity, which is particularly recommended when

internal resources need to be accessed from the outside.internal resources need to be accessed from the outside.Usually such a reverse proxy mechanism is provided byUsually such a reverse proxy mechanism is provided byusing an application layer firewall as they focus on theusing an application layer firewall as they focus on thespecific shape of the traffic rather than controlling accessspecific shape of the traffic rather than controlling accessto specific TCP and UDP ports as a packet filter firewallto specific TCP and UDP ports as a packet filter firewalldoes.does.

8/6/2019 Ku Project


Vioce server Vioce server

Because using of IpBecause using of Ip--telephony it is needtelephony it is need

for control of calls and signalings.for control of calls and signalings.

8/6/2019 Ku Project


Web server Web server

Web server may need to communicateWeb server may need to communicate

with an internal database to provide somewith an internal database to provide some

specialized services.specialized services.

It has information and news about KabulIt has information and news about Kabul--

University that other people can aware.University that other people can aware.

8/6/2019 Ku Project


VPN server VPN server

It is used for client that from outside of It is used for client that from outside of

network want access.network want access.

The access is secure and fast.The access is secure and fast. There is software base vpn but it makeThere is software base vpn but it make

load to network.load to network.

Also can configure this server in firewall if Also can configure this server in firewall if it support this.it support this.

8/6/2019 Ku Project


Anti Virus server Anti Virus server

It runs anti virus software in all computer It runs anti virus software in all computer

that are under control of domain.that are under control of domain.

It also send update anti virus software toIt also send update anti virus software toall computers in specific time.all computers in specific time.

It use less bandwidth during update timeIt use less bandwidth during update time

for all clients.for all clients.

8/6/2019 Ku Project


OSPF protocolOSPF protocol

The biggest advantage of OSPF is that it is efficient; OSPF requiresThe biggest advantage of OSPF is that it is efficient; OSPF requiresvery little network overhead even in very large networks. Thevery little network overhead even in very large networks. Thebiggest disadvantage of OSPF is its complexity; OSPF requiresbiggest disadvantage of OSPF is its complexity; OSPF requiresproper planning and is more difficult to configure and administer.proper planning and is more difficult to configure and administer.

OSPF uses a Shortest Path First (SPF) algorithm to compute routesOSPF uses a Shortest Path First (SPF) algorithm to compute routes

in the routing table. The SPF algorithm computes the shortest (leastin the routing table. The SPF algorithm computes the shortest (leastcost) path between the router and all the subnets of the network.cost) path between the router and all the subnets of the network.SPFSPF--calculated routes are always loopcalculated routes are always loop--free.free.

Changes to network topology are efficiently flooded across the entireChanges to network topology are efficiently flooded across the entirenetwork to ensure that the link state database on each router isnetwork to ensure that the link state database on each router issynchronized and accurate at all times. Upon receiving changes tosynchronized and accurate at all times. Upon receiving changes tothe link state database, the routing table is recalculated.the link state database, the routing table is recalculated.

As the size of the link state database increases, memory As the size of the link state database increases, memoryrequirements and route computation times increase. To address thisrequirements and route computation times increase. To address thisscaling problem, OSPF divides the network into areas (collections of scaling problem, OSPF divides the network into areas (collections of contiguous networks) that are connected to each other through acontiguous networks) that are connected to each other through abackbone area. Each router only keeps a link state database for backbone area. Each router only keeps a link state database for those areas that are connected to the router. Area border routersthose areas that are connected to the router. Area border routers(ABRs) connect the backbone area to other areas.(ABRs) connect the backbone area to other areas.

8/6/2019 Ku Project


Juniper FirewallJuniper Firewall

For security of network and prevent of For security of network and prevent of

hacking we install hardware firewall.hacking we install hardware firewall.

Juniper model 5600 is very public today.Juniper model 5600 is very public today.

It can support proxy server and reverseIt can support proxy server and reverse

proxy server.proxy server.

8/6/2019 Ku Project


DesignDesign

Servers:Servers:

LAN will include Domain controller, BackupLAN will include Domain controller, Backupdomain controller, DNS, Log server, FTP Server,domain controller, DNS, Log server, FTP Server,

File Server, WSUS server, SQL server,File Server, WSUS server, SQL server,Exchange server, SMTP server, Anti virusExchange server, SMTP server, Anti virusserver, Web servers, VPN server and Anti virusserver, Web servers, VPN server and Anti virusserver.server.

All servers have install Unix Os. All servers have install Unix Os.

8/6/2019 Ku Project


DesignDesign

Add redundant router in NOC. Add redundant router in NOC.

Add redundant swiths in NOC. Add redundant swiths in NOC.

Use redundant UPS in server form.Use redundant UPS in server form. Add muliplixer, camera and other devices Add muliplixer, camera and other devices

for video conferancig in server farm of for video conferancig in server farm of

every faculty and connect to swith.every faculty and connect to swith. Add voip device in every faculty. Add voip device in every faculty.

Use OSPF protocol.Use OSPF protocol.

8/6/2019 Ku Project


DesignDesign

Add patch panel in every faculty and connect two core of Add patch panel in every faculty and connect two core of fiber optic cable for power redundancy and loadfiber optic cable for power redundancy and loadbalancing.balancing.

Map one public in NOC router ip address for every videoMap one public in NOC router ip address for every video

conferancig device in each faculty that can use videoconferancig device in each faculty that can use videoservices.services.

In NOC router configure bandwidth that every facultyIn NOC router configure bandwidth that every facultyuse specific bandwidth during using of internet.use specific bandwidth during using of internet.

Configure DHCP in every switch faculty.Configure DHCP in every switch faculty.

Configure NAT mechanism in NOC router.Configure NAT mechanism in NOC router.

8/6/2019 Ku Project


DesignDesign

Remove previous firewall , becauseRemove previous firewall , because

network is secure and they make load.network is secure and they make load.

It is use duel firewall so need two sameIt is use duel firewall so need two same juniper firewall. juniper firewall.

Configure QOS and periority in swiths andConfigure QOS and periority in swiths and

routers.routers.

If do not use this kind of firewall may needIf do not use this kind of firewall may need

proxy server and reverse proxy server.proxy server and reverse proxy server.

8/6/2019 Ku Project


Prepared by:Prepared by:

Fatima µFatima µAfzali Afzali¶¶

FarangisFarangis µµJamalzadaJamalzada¶¶

Diana µDiana µFarahmandFarahmand¶¶

Zahra µZahra µShefaShefa¶¶ ZarminaZarmina µµAddel Addel¶¶

JamilaJamila µµJalalzaiJalalzai¶¶

Arezo Arezo µµMuahmadiMuahmadi¶¶

SediqaSediqa µµAhmady Ahmady¶¶ MushtaryMushtary µµKhawjazadaKhawjazada¶¶

Aria µ Aria µKazimKazim¶¶

ku project

Documents