Table of Contents
2 Control centre. 3
2.1.1 Server farm.. 3
2.1.2 VoIP phone
2.1.3 Stacking. 4
2.1.4 Cat 6 Cables. 4
2.1.5 Access point
2.2.1 Core layer. 5
2.2.3 Access layer. 5
2.3.1 Core layer. 6
2.3.3 Access layer. 6
2.4 Protocols. 7
layer protocols. 7
2.4.2 Data Link
Layer Protocols. 7
Layer protocol 7
2.5.1 Passive monitoring. 8
2.5.2 Unauthorised access. 9
2.5.3 Denial service attacks. 9
2.6 Security. 9
2.6.1 LAN.. 9
2.6.2 WLAN.. 10
3 Wireless Sensor Network. 11
3.2 Protocols. 11
3.2.1 Physical layer. 11
3.2.2 Data link
sensor network security. 12
4 Cost. 13
5 References. 14
The following needs to be supported:
design for the network
A custom build router switcher will be built
and connected using Ethernet. This is
because the router will be based on a commodity computer industry switch as
opposed to low volume audio frames and cards, which will keep the cost
low. A custom-made rack will be
constructed from switches each with a 48 port capacity. This will support up to a maximum of 672
devices and with the additional spare ports will support future expansion.
A server Farm will be used which
can be defined as a lightweight framework design for companies which manage
many services and servers which are interconnected using a single platform.
The main advantages of this approach instead of using manual server
management is that it provides:
security configurations of different system components.
and the potential for encrypted backups.
which can manage many servers simultaneously in a reliable way.
There are also some limitations,
for example this approach is not designed to manage monolithic complicated
farms belonging to a single corporation in the presence of multiple roles and
server groups. However, since this issue has not been foreseen based on
the scenario, this should not be an issue (Serverfarmer.org, 2014).
The following servers are needed:
Quantity of wiring will be reduced by having a
direct connection with switch parts and VoIP telephones and workstations.
Although this can have a negative effect on quality, this issue will be dealt
with by limiting voice traffic with a separate VLA.
switches manufacturing by Cisco will be used which will support stacking
which is the useful method when more than the maximum number of ports available
on a single fixed configuration switch, which is usually 48 is required.
The main advantages of fixed configuration switches include:
switches are generally cheaper than modular switches.
Size. Due to
the small size these switches, they can be used in small spaces such as
switches are capable of operating a normal household power, which means it can
be used literally anywhere. Larger chassis bases which require special power
supplies and AC power receptacles when fully loaded with modules.
(Donahue, 2011, p. 14)
1.1.4 Cat 6
This cable will be
used to connect network devices to the switch. The cat6 cable will provide
support for data transfer speeds up to 1 gigabit per second to a distance of
100 m. It is also compatible with 10base-T, 100base TX and gigabit networks.
Such a set up will ensure reliability and high data transfer
On average it is recommended that 30-35 data
users per switch on a 102.8 11 a/b/g/n network. Although some vendors state that their APs
are capable of connecting to 100 or even 200 users, this is arguably
unrealistic due to the nature of the half duplex shared medium. Although 35 per radio using a frequency of
802.11 and access point is realistic with average application use such as web
browsing, this figure will be reduced to 25 per access point in order to take
into account the intensive requirements of VoIP (Coleman, 2012, p. 507). In other words the total number of access
points which will be installed in the network will be 23. This means on average, each Access point one
support 23 users, i.e. 570/25.
The network backbone will consist of
high-speed fibre optic cable which will provide 10 gigabytes of data transfer
per second. One of the major advantages
of using it is that it is easy to scale and manage.
The following hardware is needed here:
This layer will use the same as the core
layer, i.e. fibre optic cable for the physical connections.
The following hardware is needed here:
2 Switches * 2
3 switches * 14 (13 will suffice but 14 will be used to provide redundancy)
The network access layer is implemented in
various network technologies beginning with personal area networks, this
involves connecting areas next to each other i.e. within two metres of each
other, then onto the widely used local network (Meinel and Sack, 2013, p.
The following hardware is needed here:
Ports Switch (stacks 1-4) * 16
Points * 25
2 Switches * 2
This layer will
have a partial mesh topology. Having meshed layers is critical to prevent
formation of a single point failures and to minimise the risk of LAN downtime caused
by link or device failures. The core and the distribution devices
will have two layer switches. Unlike 3 switches, layer 2 switches cannot
route IP packets but offer faster and more cost-effective network services. The
core and distribution layers will be responsible for interconnecting VLANs
configured on access switches (Shin, 2017, p 71).
DMZ will have the routers
connected to them and the servers which have, and can be accessed from the
internet and constitutes an additional security layer. DMZ servers will include the Email, Web, FTP
and VoIP servers.
The distribution layer will have a partial
mesh topology and provide the links between the core and distribution
switches. In addition, the connection
between the access and distribution switches be multi homed and provide redundancy. At first glance, this may appear as a full
mesh topology however, the distribution switches are not connected to each
other (Buhagiar, 2017, p. 328).
This is the primary entry point
into the network for the workstations and for VoIP phones. The access layer switches are connected to
two separate distribution switches which have been mentioned previously and
provide redundancy, shown in the figure below:
1 Access and distribution layer set up (Cisco,
The access layer will provide key features
Inline power for IP telephony
High availability supported by many soft and
802.11ac is considered a next-generation WLAN
standard and provides gigabit Ethernet capacity using Wi-Fi technology and is
considered an evolutionary improvement on 802.11n. Compared to its predecessor
802.11ac improves the amount of bandwidth supported by utilising multi-user
MIMO technology. It will provide the network with high-throughput and allow it
to operate in the 5 gigahertz band, but it is also backward compatible with
802.11n’s band (Sarkar, 2014, p. 338).
It is necessary to use non-overlapping
channels when a single radio is used between on nodes. For example, in 802.11
B/C channels 1, 6 and 11 are the only non-overlapping channels. Therefore,
these channels will be used in the network (Agbinya, 2010, p. 213).
1.4.2 Data Link
VLAN Tagging is a network standard which permits multiple Bridge
networks to share the same physical link without information leakage between
networks. Multiple spanning Tree Protocol is a layer 2 protocol used to
prevent loops in the network topology, it works by selecting the root bridge,
then determining the least cost path to the root and disabling other paths to
The 802.1Q trunking protocol allows multiple
VLANs to span switches. However there are security considerations which
include layer 3 routing devices which can be used to route packets from one
VLAN to the next. Therefore, to make the VLAN secure is necessary to
check each packet passing through the network to ensure is not malicious. This
can be done using a bridge device which sits in front of the switch. This type
of server is responsible for doing layer 2 tagging of the VLAN ID and is
implemented using a MAC address static table and comparing it to the VLAN ID
the tagging server and the switch carries out low level packet filtering.
(Oswego State University of New York)
The open shortest path first or OSPF is a
common TCP/IP internal gateway protocol and is used to distribute routing
data. It has features include routing
updates and authentication. OSPF is advantageous since rooting authentication
is utilized, there are no hop limitations, it allows IP address allocation
flexibility, and it makes use of IP multicast to send link state updates. Although alternatives do exist these will not
be used due to the aforementioned reasons (North Carolina State University)
Sub netting depends upon subnet masks which identify how a network
is divided. A subnet mask shows where
network information is positioned in an IPV4 address. The bits in a subnet mask which
are signed are number 1s and show the corresponding bits in an IPV4 address
containing network information, bits which are signed 0, show corresponding bits in an IP address
which has host information. For example the subnet mask of 11111111 11111111
11111111 00000000, (or 255.255.255.0 in dotted decimal notation), the first
three octets of all IP addresses belonging to that subnet will contain network
information, the final update holds host information. The default subnet mask
in a class C IPV4 address is 255.255.255.0 (Dean, 2012, p. 401)
(50 IPs for the hardware devices firewall and switches etc.)
into three categories including:
Denial service attacks
network will be transmitting radio waves by default, this means unauthorised
person could possibly retrieve sensitive information at a distance. This
could be done by using freely available packet sniffers. After data
capture, the hacker could get access to user passwords and emails on the
server. Although security threat concerns exist on the wired networks it
will be considerably less.
problems are fixed by using encryption between access points and client
devices. The network will use 802.11 encryption named Wi-Fi protected
access or WPA over other options such as wired equivalent privacy or WEP which
is easy to crack.
hacker can access the WLAN all of the resources available on the network could
become available including applications, servers and the client devices. The
hacker will usually look for a back door or other security weaknesses in order
to compromise network security. For example hacker could use a TCP port scanner
to detect unsecured ports on the servers.
This type of attack is capable of slowing down
or crippling the WLAN, this can be very costly for the organisation since it
relies on network services to carry out the business objectives. To prevent
this type of attack It is necessary to make the WLAN as resistive as possible
to incoming radio signals. Therefore, antennas at the organisational periphery
need to be in inward-facing. Radio frequency shielding paint could also be used
and window film could be used to eliminate radio signals. However, a good security policy is also
required to prevent internal intrusion (Cisco, 2015).
The LAN could
be compromised in different ways including Trojan horses, viruses and worms etc.
The solutions for these problems fall into three different categories. The
first involves accepting the insecurity of Ethernet and encircling it with
firewalls, secondary security involves creating a logical separation between
the switches and the end hosts, and lastly centralised cryptography based
schemes must be implemented (Kiravuo, et al, 2013).
In general, it can
be stated that the organisation must have a network security policy which all
employees must adhere to. This can include providing basic training to
employees and providing skills through which common pitfalls can be avoided. Moreover,
all computers should have antivirus software which is updated on a regular
security problems include non-authorised user access, Information Disclosure,
signal interference, session hacking, eavesdropping, disguised address in
unblock sessions, and senior attack. Despite the vulnerabilities and
risks of wireless networking, there are several methods which are recommended
to bring risks down to an acceptable level. These include modifying the default
SSID, utilizing a VPN, access point placement, and minimising radio
wave propagation in unnecessary areas. In addition to these, wireless standards
should also be implemented including 802.1x and 802.11i (Feng, 2012).
(DMZ). This may be a logical or physical sub-network which consists of many of
the networks externally connected services capable of accessing the Internet.
This technology provides a further security layer to the local area network.
If a hacker is able to access the DMZ, they will still be unable to gain
full access to other important segments of the network (idc-online.com).
1.6.3 Physical Security
Physical security will include:
All visitors must
enter the control centre through the main entrance door in reception.
Visitors will not
be permitted to enter the building from emergency access or service areas.
Visitors who are
required to go beyond public areas must be booked in.
to enter sensitive other areas must be accompanied by staff.
will remain locked which can only be accessed with swipe cards
laptops will be secured when not in use. This means they will not be left
unattended in conference or meeting rooms. Individuals will be required to book
equipment and be responsible for it at all times.
Lost or stolen
equipment must be reported immediately to security.
cabinets must be kept locked with the keys stored in a secure location.
Staff will only
have access to the areas on a need to access basis.
wireless sensor network will be made of 1200 nodes using 6 sink nodes and
one base station arranged as follows:
Figure 3 Network Logical Design Diagram
The nodes are connected to cluster head nodes
which are connected to the sink nodes, these are connected to the radio tower
and then to the internet.
An efficient way of sending information is to
cluster the nodes which can be divided into cluster heads and cluster members
(CH and CM respectively). The network
will have different communication mediums, one from CH to CM, inter cluster
communication, and from CH to the base station. After clustering, the WSN will have improved
coverage and energy consumption. A distributed clustering algorithm called low
message over clustering algorithm (LMOCA) should be used which will spend the
minimum amount of energy possible on the clustering process (Elleithy, 2010, p.
2.2.1 Routing layer
The routing protocol must satisfy specific
objectives including consuming minimal energy, choosing the path between sensor
nodes and the base station and increasing network life longevity. Routing protocols fall into four main
categories including network structure, reliable routing, topology based and
the communication model schemes. The
PEGASIS protocol will be used in this instance.
This is a reactive protocol used by nodes to continuously sense the
environment but transmit only when threshold of different parameters are
reached. This means energy consumption
is kept very low. Although there are
alternatives to this protocol which operate in the same way including LEACH,
SEP, and CDMA, these were not selected because they consume greater levels of
power (Arora et al, 2016).
IEEE 802.15 0.4 is standard which has specified
the physical and medium access control layers for low data rate wireless sensor
networks. This standard is also the foundation of the Zigbee protocol which is
a low power, low cost, wireless mesh networking standard. The 802.15 RF
transceivers are available in the form of modules which are commercially ready
and are suitable for rapid prototyping of wireless sensing. Since these systems are readily available
from vendors, and because the Zigbee protocol support low power consumption and
efficiency, these technologies will be used (Sheikh and Xinrong, 2014).
2.2.3 MAC layer
At this level, the
ES-MAC protocol will be used based on the results of a comparison with S-MAC.
The ES-MAC protocol is relatively more energy efficient and more
effective when the number of data packets increases compared to S-MAC.
ES-MAC protocol is a 802.11 MAC protocol which has low energy
consumption in wireless sensor network nodes. The nodes in the system should
make use of this protocol which allow synchronous messages to know the schedule
information. The protocol also uses
CTS/RTS mechanisms to send an appointment time for the long message, and split
a long message into several short messages (Lijuan et al, 2012).
sensor network security
will have major security issues because of its very nature, weaknesses include:
Open wireless channel
Limited resources of sensor node
Deployment in an unattended environment
table below summarises the defence means of the wireless sensor network in the
face of several attacks.
1 Defence means for a WSN (Yi and Zhongyong,
total cost of network ownership has been kept to a minimum using several
strategies. For example, the mesh network architecture which has been suggested
which fulfils the functional requirements of the scenario but also consists of
providing a wireless network which is cost-effective and scalable. It also
provides a solution for easy deployment of high-speed ubiquitous wireless
internet and has the additional benefit of a reduction in installation
costs. It will also supply a high level of reliability since the wireless
backbone would provide redundant paths between each end points. This has
the overall effect of increasing reliability and single point failures in addition
to bottlenecks which are less likely to occur in a mesh network. Where
possible the use of the wireless network will be extended which is also a cost-efficient
exercise because it eliminates cables and will extend the data collection
possibilities where it is difficult to install wires.
node cost is also a primary objective of the WSN because sensors will be
deployed in environments in large numbers which cannot be reused, therefore It
is important to reduce the individual sensor node cost in order to reduce the
cost of the entire network. Proprietary network protocols will also be
avoided for the wireless sensor network, and in accordance with IEEE 802.15.4
Task Group 4, the protocols previously selected will, ‘provide a standard for ultra-low
complexity, ultra-low-cost, ultra-low-power consumption and low data rate
connectivity among inexpensive devices’ (Zheng and Jamalipour, 2009, p. 12).