This report will give the details of the Linfox Company; the entire network will be discussed in this report, all technical details about the company network, the products and technology they use, and a detailed description of the company network diagram will be discussed.
The company background will be discussed in the introduction, explaining what the company does and how it all started. Network management and Network Security will also be discussed, explaining how the Network Management system is used and maintained. Also how secure is the entire network of Linfox, will be explained in Network Security. Protocols Linfox use for their Network will be explained, including the future plans of the company.
Linfox is also a proud sponsor of Mercedes 'Benz SLR McLaren 722 GT Race Car.
Linfox New Zealand is located in:
1 Verissimo Drive
Airport Oaks, Mangere
- Line haul ' This sector provides operation for long distance distribution using Rail and Sea Options.
Linfox earn the right to grow with the customers by delivering consistently excellent service.
Cisco IOS Firewall provides network's security and availability for company's resources by defending the infrastructure of the network against network and application-layer attacks, viruses, and worms. It monitors and guards Session Initiation Protocol (SIP) endpoints and call-control resources by protecting unified communications. Cisco is certified by Common. Cisco Integrated Threat Control framework works well alongside other Cisco IOS security features such as Cisco IOS Intrusion Prevention System (IPS), IOS Content Filtering and IOS Network Address Translation (NAT).
CISCO IOS FIREWALL
Protects Network Resources by using existing routing capabilities that offer threat of worms, viruses and exploits and threats to network and application- layer. Increases Deployment Flexibility: Virtual firewall policies and transparency will be available on WAN, WLAN, LAN, and VLAN interfaces.
Cisco IOS Firewall can be applied on any type of router interfaces, including LAN, WAN, sub-interfaces, routing encapsulation and IP Security to virtual tunnel interfaces.
The Cisco IOS firewall provide protection to the company network by examines all type of routes between networks, using routing and intrusion dictation capability in critical path. Provide dynamic monitoring interception that provides report of network attack and misuse. Provides secure per- application access control for the throughout the network perimeters such as FTP (file transfer protocol) and enhance security for TCP and user datagram protocol (UDP)
When connected to the public and private WAN Internet, network is exposed to a malicious environment. This can bring security breaches, malware, outbreaks and unwanted application traffic, which in return can cause lost revenuers, productivity and damage to corporate reputation.
The network borders has changed significantly to anywhere there is connectivity because of more dangerous target attacks and the wide range in mobile workforce.
BENEFITS OF FIREWALL
Twenty four seven protection for desktop, with minimum administrative efforts. Various firewalls have the ability to offer virus protection.
Firewall blocks most e-mail viruses automatically and is capable of blocking any internet attacks.
There are two configuration models for Cisco IOS firewall which is classic firewall and zone-based policy firewall. Foreseeable future will be minted by the classic firewall and new features will not be enhanced significantly. Instead, the Zone-Based Policy Firewall is being carried with the strategic development direction for Cisco IOS Firewall.
CISCO IOS FIREWALL FEATURES AND BENEFITS:
Table 1. Feature and Benefits
Network zone segmentation
PCI Requirement 3: Protect stored cardholder data Precise zone segmentation capabilities facilitate deploying security for internal, external and DMZ subgroups on the network to prevent unauthorized access.
Management options and flexibility Enable management access from Cisco Configuration Professional, Cisco Security Manager, Unified Firewall MIB, and audit trail and logging.
Application traffic rate and session control Policy-map policing applies rate limits to firewall policies to control network bandwidth usage. Session policing limits connection rates to network hosts and helps protect against denial-of-service (DoS) attacks.
High availability* Stateful Failover provides for active and standby failover between two routers for most TCP-based services. Firewall session state is maintained such that active sessions continue even during a router or circuit failure.
Virtual (VRF-aware) firewall VRF-aware firewall functions offer virtual firewalls for isolated route space and overlapping addresses.
Authentication proxy PCI
Requirement 10: Track and monitor all access to network resources and cardholder data Network administrators can authenticate and authorize each user's access to network resources with Cisco IOS Firewall Authentication Proxy using HTTP, Telnet, FTP, and HTTPS interfaces.
Transparent firewall A transparent firewall facilitates insertion of a stateful Layer 2 firewall within an existing network, without readdressing statically defined devices. It provides the same Layer 3-7 filtering as "routed" mode, but offers the simplicity of bump-in-the-wire deployment.
Policy-map policing and session control Policy-map policing applies rate limits to firewall policies to control network bandwidth usage. Session policing limits connection rates to network hosts and helps protect against DoS attacks.
Instant messenger blocking Instant messenger blocking offers per-service control to block or allow MSN Messenger, Yahoo! Messenger, Windows Messenger and AOL Instant Messenger. It allows service restriction to text-chat only, blocking voice and video chat, and file transfer.
Peer-to-peer control Peer-to-peer control individually blocks access to BitTorrent, Gnutella, KaZaA, and eDonkey file-sharing networks. Service-specific improvements were introduced in Cisco IOS Software Release 12.4(9)T to limit certain activities supported by certain peer-to-peer networks.
Protocol conformance checking This feature enforces protocol conformance for HTTP, Simple Mail Transfer Protocol (SMTP), Extended SMTP (ESMTP), Internet Mail Access Protocol (IMAP), and Post Office Protocol 3 (POP3). It facilitates detection and prevention of unwanted traffic on desired application service ports. HTTP inspection offers Java applet filtering to block malicious content in HTTP traffic. Cisco IOS Software Release 12.4(9)T introduced capabilities to configure regular expression matching for policy enforcement, as well as a granular application inspection and control of various HTTP objects, such as HTTP methods, URLs and URIs, and header names; and values such as maximum URI length, maximum header length, maximum number of headers, maximum header-line length, non-ASCII headers, or duplicate header fields. This feature allows you to limit buffer overflows, HTTP header vulnerabilities, binary or non-ASCII character injections, and exploits such as Structured Query Language (SQL) injection, cross-site scripting, and worm attacks.
Integrates with Cisco IOS Software Intrusion Prevention System (IPS)
PCI Requirement 6: Develop and maintain secure systems and applications Prevent application level attacks from flooding the network.
Integrates with Cisco IOS Software Content Filtering Controls and blocks access to malicious and inappropriate websites.
' A 64-bit processor, which is also backwards compatible with 32-bit
' VMware supports Windows, Linux, MAC OS, MS DOS, Free BSD, Solaris and Novell Netware Operating Systems.
A lot of IT companies, businesses and universities make use of this Virtual environment as it is useful, efficient, and reliable and we are able to gain resources by this. This technology is popularly used worldwide and is very much on demand.
CISCO Gigabit Ethernet Switches
CISCO CATALYST 3750-X SERIES SWITCH
The cisco catalyst 3750-X is an enterprise class of switches. This switch will provide high security with ease of operation with innovative features. These switches are energy efficient which helps the network infrastructure of Linfox reduce costs by consuming less power. This switch has POE (Power over Ethernet) and also Security which includes MAC security.
' DRAM ' 256MB
' Flash ' 64MB
' Total VLANs ' 1005
' Total Routed Port per 3750-X ' 468
' Power Supply Rated Max ' 1100W
' Acoustic Noise ' 43 dba
' Relative Humidity ' 5% to 95% noncondensing
' Connectors: 1000BASE 'T ports, 1000BASE-T SFP based ports, 1000BASE-FX, 1000BASE-SX.
' Cisco Stack wise stacking ports
' Ethernet Management port
' 24 and 48 10/100/1000 POE
' Four optional uplink network modules
' Dual Redundant
' Media Access Control (MAC) security, hardware based encryption
' Open Shortest Path First (OSPF) for routed access in IP Base Image
' IPv4 and IPv6 routing, Multicast routing
' Cisco's stack Power technology, a new feature that allows the switch to share power among stack members.
' Cisco Stack Wise plus technology for ease of use and resiliency with 64 GBps of throughput, also compatible with other models.
Cisco Stack Power technology more in detail, this allows the power supplies in a stack to be shared as common resource among all the switches. It unifies the individual power supplies installed in the switches and creates a pool of power, which it directs that power to where it's needed the most. Up to 4 switches can be configured in a Stack power stack with a special connector at the back of the switch using the stack power cable, which is different to the normal stack cables. This can deployed in two modes either powering sharing mode or redundancy mode. Power sharing mode the power distributed among the switches in the stack. Redundancy mode is when the total power budget of the stack is calculated, the wattage of the largest power supply is not include, that power is reserved and held to be used to maintain power and attached devices when one power supply fails. This allows the network to operate without any interruption. Stack power eliminates the need for an external redundant power system or installation of dual power supplies in all stack members.
This switch also provides a borderless network experience which means connecting anyone, anywhere using any device will be secured and fully reliable. More features these switch Embedded Event Manager which is a feature that will give real time network event detection and on-board automation.
Security for Cisco 3750-X:
Port Security ' which secures to an access based on MAC address, which means it limits the number of MAC address and does not let any other MAC address use the switch.
' Total On-board WAN 10/100/1000 ports ' 3 ports
' RJ-45 Based Ports ' 3 ports
' Service Module Slots ' 1 slot
' Memory (DDR DRAM) ' 2GB
' External USB 2.0 ' 2 slots
' Power Supply Options ' AC and PoE
' AC Input Voltage ' 100 to 240 VAC auto ranging
' Up to 4 Gbps aggregate toward the route processor
Security plays a big part in the Linfox, and this router gives Linfox all the security they need, as a Cisco SAFE architectural framework that allows Linfox to identify, prevent, and adapt to network security threats. This router provides wide range of common security features such as advanced application inspection and control, threat protection and encryption architectures for enabling more scalable and manageable VPN networks. This router also provides hardware based encryption acceleration to provide greater IPsec throughout with less overhead for the route processor when compared with software-based encryption solutions. More features this router has is secure connectivity, which secures communications with group encrypted transport VPN. Integrated threat control which uses a Cisco IOS firewall to block out network attacks and threats, another feature would be Identity management; this feature protects endpoints by using technology such as authentication, authorisation and public key infrastructure (PKI).
1 EHWIC slots1 0, 1, 2, and 3 (0, Far right) 2 USB serial port
3 AUX 4 RJ-45 serial console port
5 10/100/1000 Ethernet port (GE0/0) 6 10/100/1000 Ethernet port (GE0/1)
7 10/100/1000 Ethernet port (GE0/2) 8 USB 0
9 USB 1 10 Ground
11 AC or DC or AC-POE Power Module 12 CompactFlash2 0 and 1 (0, Right)
13 Service module3 slot 1
Category 6 cable (Cat6)
The cable that Linfox use inside the company is the Category 6, this cable is used for data transmission and connecting up devices internally in the network. This cable is also called a twisted pair cable which means it will reduce electromagnetic interference, it is also known as 1000BASET. This cable provides the performance of 250 MHz and is backward compatible with other cables such as category 5/5e and category 3. The maximum allowed length for the this cable is 100 metres, this consists of 90metres of horizontal cabling between the patch panel and the wall jack, plus 10 metres of standard patch cable between each jack and the attached device. The cable consists of four twisted pair wires, which are pair 1 white-green and green, pair 2 white-blue and blue, pair 3 white-orange and orange and pair 4 white-brown and brown.
Fibre Optical Cable
The cable Linfox use to connect their WAN up is Fibre Optical cable;this cable has extremely high capacity. Light created by an LED (light-emitting diode) or laser sent down a thin glass or plastic fibre. The structure of this cable is Core, then cladding, which reflects the signal and then the protective outer jacket. There are three types of fibre optic cables; one is multimode which is cheap but the signal spreads outs over short distances up to 500m, second type of cable is Graded index multimode which reduces the spread problem by changing the refractive properties of the fibre to refocus the signal, the distance of the this type can used up to 1000m.The last type of cable is which is the best one, Single Mode, this type of fibre optic cable is very expensive, this cable can send signals over many kilometres without spreading. This is the type of fibre optic cable Linfox use.