6.

Weekly Plan of Roles and Responsibilities

Smile

Week 1
Week 2
Week 3

Week 4
Week 5

Week 6
Week 7

Week 8

Week 9

Week 10

Week 11
Week 12

Research on
the Cisco
Routers
Analysis of
the Routers
Design and
Implementati
on on the
Routers
Implementati
on of the
Firewalls
Understandi
ng and
Implementin
g of VPN
using
Routers
Configuratio
n of the
Routers
Configuring
Global
Parameters
Configuring
Fast
Ethernet
Wan
interface
Clearing and
Resetting
Interface and
Counters
Shutting
Down and
Restarting
the Interface
Submission
of the Final
Project
Post

Suneer
Dubal
Analysis of
the Network

Muhammad
Arsalan
Analysis of
the Network

Design of
LAN and
VLAN
Subnetting
and IP
Distribution

Design of
LAN and
VLAN
Subnetting
and IP
Distribution

Configuratio
n of VLAN

Configuratio
n of VLAN

Configuratio
n of InterVlan
communicati
on

Configuratio
n of InterVlan
communicati
on

Testing of
VLAN

Testing of
VLAN

Bug Fixing in
VLAN Design
&
Implementati
on
Report
Writing of
VLAN

Bug Fixing in
VLAN Design
&
Implementati
on
Report
Writing of
VLAN

User Manual
of VLAN

User Manual
of VLAN

Administrato
rs Manual of
VLAN

Administrato
rs Manual of
VLAN

Submission
of Final
Project
Post

Submission
of Final
Project
Post

Jaspreet
Kaur
Research on
the Cisco
Switches
Analysis of
the Switches
Design and
implementati
on of the
Switches
Understandi
ng Interface
Types
Using the
Interface
Command

Configuring
Ethernet
Interfaces
Port-Based
VLANS

Monitoring
Interface and
Controller
Status
Clearing and
Resetting
Interface and
Counters
Shutting
Down and
Restarting
the Interface
Submission
of the Final
Project
Post

Implementati
on
Presentation

6.2

Implementati Implementati
on
on
Presentation Presentation
Table 6.1
Roles and Responsibilities of Each Team Members

Team Members
Smile
Jaspreet Kaur
Muhammad Arslaan Yasin
Suneer Subhaschandra Dubal

Implementati
on
Presentation

Roles
Security and Performance Analyst
Designer and Testing of the
Network
Network Administrator, Network
Engineer
Research Analyst, Network Tester

6.2.1 Gantt Chart and WBS appropriate to MN692

Gantt chart is one of the tremendous tool to track the performance of the
project from the planning phase to its implementation then to the end of
the project. It prioritizes different phases according to time schedules, its
weightage and final deliverables delivery [1]. It does not give the
understanding only that where the project is going, but it also makes the
team capable of doing analysis about its progress and performance.
W
W
W
W
W
W
W
W
W
WK WK WK
KKKKKKKKK-6
-10 -11 -12
1
2
3
4
5
7
8
9
Throug
h Out
Analysi
s of
Project
Plannin
g of the
project
Design
of
Networ
k&
Cloud
Service
s
Config
uration
of
Router
s,
Switch
es and
MS
Azure
Conclu
ding
Implem
entatio
n and
Report
Writing
Testing
and
Bug
fixing
of MS
Azure,
Networ

k&
Cloud
Server
Insight
ful
Journal
and
Report
Accom
plishm
ent
Table 6.3A Gantt chart
6.2.2 Work breakdown structure
Work breakdown structure (WBS) is key to the deliverable which
categorizes the team members into manageable sections. It is a welldefined hierarchical decomposition of work to get the tasks executed by
the team members [2]. WBS in the implementation of Microsoft Azure in
cloud computing which contains Tasks, its predecessors and estimated
duration along with the designated team member is as follows.
Estimat
Tas
Predece ed
k
Task
Assigned To
ssor
Duratio
No
n
Analysis of MS
1
3 Days
Research Analyst
Azure
Analysis
of
Hardware
1.1 (Routers,
1
3 Days
Research Analyst
Switches, Server
Machines, Cables)
Analysis
of
1.2
1, 1.1
3 Days
Research Analyst
Network
1,
1.1,
2
Design of Network
4 Days
Designer
1.2
Design of Cloud
2.1
2
4 Days
Designer
Services
Installation of MS
2.2 Azure on Server 2, 2.1
1 Days
Designer
OS R2
Implementation of
Network
Engineer,
3
Client/
Server 2.2
7 Days
Network Administrator
Architecture
Configuration
of
3.1
3
1 Days
Network Administrator
Azure
3.2 Routers
and 2
8 Days
Network Engineer

3.3

3.4

3.5

4.1

4.2

switches
configuration for
Wired
Connectivity
of
WAN
Implementation of 2,
Security Features 2.2,
on Azure Cloud
3.1,
2,
Implementation of
2.2,
Security Features
3.1,
on Router
3.3
2,
Implementation of
2.2,
Security Features
3.1,
on Switches
3.3,
Checking
the
performance
of 3.3
Cloud Server
Checking
the 2.2,
performance
of 3.2,
Azures Working
4
Checking
of 2.2,
Network at User 3.2,
level
4.1
of
2.2,
at
4.2

2.1,
3, 6 Days
3.2
2.1,
3,
2 Days
3.2,
2.1,
3,
2 Days
3.2,
3.4
3 Days
3,
3.3, 2 Days
3,
4, 2 Days

4.3

Checking
Applications
User level

Documentation of
1, 2, 3, 4
User Manual

10 Days

5.1

Documentation of
1, 2, 3, 4
Network Manual

10 Days

5.2

Documentation of
1, 2, 3, 4
OS at cloud server

10 Days

3,

2 Days

Security
Analyst,
Network Administrator
Network
Engineer,
Network Tester

Network
Engineer,
Network Tester
Research
Analyst,
Security
Analyst,
Network Tester
Network Administrator,
Research
Analyst,
Network Tester
Research
Analyst,
Network Administrator,
Network Tester
Research
Analyst,
Security
Analyst,
Network Administrator,
Network Tester
Network Administrator,
Research
Analyst,
Security
Analyst,
Network
Engineer,
Designer
Network Administrator,
Research
Analyst,
Security
Analyst,
Network
Engineer,
Designer
Network Administrator,
Research
Analyst,
Security
Analyst,
Network
Engineer,
Designer

Table 6.3B
6.3 Security Implementation of routers and switches
External networks must be carefully considered as part of the overall
security for an enterprise organization. Cisco router plays an important
role in embedding security at the customer's access edge. A router may
include a firewall, dynamic multipoint virtual private network, Access
Data Point and other security functions that may be handled by separate
devices to secure the data for an organization. These have been
specifically designed to deliver high performance and high availability for
enterprise organization. Cisco 890 series router comes with a
comprehensive security solution that protects organizations' networks
from known and Internet vulnerabilities and attacks, while improving
employee productivity. There are different methods that can be utilised to
provide security in this the focus is on Zone based firewall that will block
the unwanted traffic whereas the other method used for security purpose
is DMVPN that secure IPsec traffic encryption and maintain data privacy.
The other one that will be used is IPS to protect organization network.

Routing:
Routing is the act of moving information across an inter-network from a
source to a destination. Along the way, at least one intermediate node
typically is encountered. Its also referred to as the process of choosing a
path over which to send the packets. Routing is often contrasted with
bridging, which might seem to accomplish precisely the same thing to
the casual observer. The primary difference between the two is that
bridging occurs at Layer 2 (the data link layer) of the OSI reference
model, whereas routing occurs at Layer 3 (the network layer). This
distinction provides routing and bridging with different information to
use in the process of moving information from source to destination, so
the two functions accomplish their tasks in different ways. The routing
algorithm is the part of the network layer software responsible for
deciding which output line an incoming packet should be transmitted on,
i.e. what should be the next intermediate node for the packet. For this
project, EIGRP routing protocol is used.
Benefits of EIRGP routing:

It uses a successor table to plan ahead of time if a route goes down.

EIGRP can converge to a network change faster than OSPF
It is capable of making routing decisions (and defining a metric)
based on bandwidth, delay, load, reliability and MTU.
EIGRP is not bound by the rules of area-based routing like OSPF
and ISIS are. This leads to simpler configuration, and in some ways
increased scalability (debatable) over OSPF since there is no need
to plan everything around a mandatory backbone area 0.
EIGRP can load-balance across unequal cost paths much more
easily than OSPF can, simply by altering the 'variance' within the
EIGRP process.

EIGRP is modular, and can support any L3 protocol scheme as long

as the proper module is loaded. This means EIGRP can support IP,
IPX or IPv6 without having to resort to multiple versions of the
routing protocol.

DEPARTMENT
S

IP
ADDRESSES
(NETWORK)

MANAGEMEN
T
ACCOUNTING
MARKETING

192.168.1.0/29

RESEARCH
AND
DEVELOPME
NT
-- ISP
CONNECTION
-----SWITCH----

ROUT
ER/SW
ITCH
NAME
R1

INTERFACE

IP ADDRESS ON
ROUTER (DEFAULT
GATEWAY)

Fa0/0.99

192.168.1.1

192.168.1.8/28
192.168.1.24/2
7
192.168.1.56/2
5

R1
R1

Fa0/0.10
Fa0/0.20

192.168.1.9
192.168.1.25

R1

Fa0/0.30

192.168.1.57

172.16.1.1/32

R1

Fa1/0

172.16.1.1

192.168.1.2/32

S1

FROM
MANAGEME
NT

192.168.1.2

Zone Based Firewall

Zone Based Firewall is a particular component for Cisco IOS routers. By
implementing zone based firewall security zone can be arranged for
every area of an endeavor inside an enterprise, Moreover, every one of
the interfaces that are appointed to the same zone are ensured with the
comparable level of security. It works on the idea of strategies made for
the traffic moving between the zones in an organisation as it helps to
secure the sensitive data.
There are some approaches that has to be performed to make the
firewall such as:
Define the match criteria (class map)
Associate actions to the match criteria (policy map)
Attach the policy map to a zone pair (service policy)
The first is to create a class that is a strategy for differentiating an
arrangement of different packets in light of its contents. In this way class
guide is utilized to coordinate the packets to a predetermined class. On
the other side inspect, drop, pass and policy are the actions that are
characterized for a class utilizing the policy map. In any case, the policy
map command is utilized to determine the name of the arrangement
guide to be made, included or changed.

Configuration of Zone based firewall

In this formation (figure3) the router is separated into five zones for an
enterprise:

Figure3 Zone Topology Detail

As described in the figure, the public internet in the internet zone is
linked to Fast ethernet0 whereas, the two internet servers are linked to
fast ethernet1 in DMZ zone. Furthermore, the Ethernet switch is
configured with two VLANS. In the client zone the workstation are
connected to vlan1. In addition, in the server zone the servers are
connected to vlan2. The VLAN1 and VLAN2 communicate with the other
networks through virtual private interface.
As shown in the figure these policies are applied for an enterprise
organisation by using the network zone. Hosts in the internet zone can
reach DNS, SMTP and SSH services on one server in the DMZ. The other
server offers SMTP, HTTP and HTTPS services. The firewall policy
restricts access to the specific services available on each host. Moreover,
the DMZ hosts could not connect to hosts in any other zone in an
organisation. However, the hosts in the client zone can connect to hosts
in the server zone on all TCP, UDP and ICMP servers whereas, the hosts
in the server zone cannot connect to hosts in the client zone. In addition,
all hosts in the private zone (combination of client and server) can access
the hosts in the DMZ on SSH, FTP, POP, IMAP, ESMTP and HTTP
services.
Implementation of zone based Firewall
Enable the EXEC mode
After that enter the global configuration mode
Define class maps and ACLs that describe the traffic and enters the
class- map configuration mode.
Configures the match criterion for a class map based on the access
control list (ACL) name or number.

Configures the match criterion for a class map on the basis of a

specified protocol. Only Cisco stateful packet inspection-supported
protocols can be used as match criteria in inspect type class maps.
SignatureSignature-based classification for peer-to-peer packets
is enabled.
Specifies a previously defined class as the match criteria for a class
map
Exits class-map configuration mode and returns to privileged EXEC
mode.

Dynamic multipoint VPN

A dynamic multipoint virtual private network (DMVPN) is a secure
network that can be used for highly secure IPsec traffic encryption and to
corporate the data privacy. It exchanges data between sites without
needing to pass traffic through an organisations headquarter virtual
private network server or a router.
Configuration of cisco DMVPN
To configure the DMVPN the process can be split into four steps. Each
step is required to be completed before moving to the next step.
The first step is to configure the DMVPN Hub router that is simple. After
configuring the routers LAN and WAN interfaces then can create our
mGRE tunnel interface. Next, configure the Tunnel0 interface. To create
a tunnel interface the command ip nhrp map multicast dynamic will
enable the forwarding of the multicast traffic across the tunnel which is
usually required by the routing protocols such as OSPF and EIGRP. In
addition to identify the DMVPN cloud ip nhrp network id 1 will be used.
After that configure the DMVPN spokes that is similar to the
configuration of a hub. In this first configure LAN and WAN interfaces
and then build a tunnel. After few seconds confirmation message will
come that the tunnel is up. There will use the command ip nhrs nhs that
tells the spoke routers who is the next hop server whereas the another
command ip nhrp multicast ensures that the multicast traffic is sent from
the spokes to the hub not from the spoke to spoke. The same
configuration is followed for all the routers such as R2, R2, R3 and all.
The next step after the configuration is to verify the functionality of the
dmvpn, the show dmvpn command can be used to check the DMVPN.
Further, there are GRE tunnels up and running so by using IPsec the data
can be encrypted and it can increase the data confidentiality.
Once all routers are configured IPsec VPN tunnels are brought up than
can verify the functionality by using the show crypto session command.
Last step involves to enable the routing in the dmvpn network. This is

essential as it aware the hub and spoke routers which packets can be
sent via the VPN network. This can be done either using static routes or
routing protocols. To configure the static routes is simple and all it
requires is to set the static routes on each router and point it to the other
networks
Intrusion Prevention System
The purpose of IPS (Intrusion prevention system) technology is to look at
all data inside network packets to determine if malicious traffic exists
within those packets. If an IPS determines that malicious traffic exists
within those packets, it will immediately drop the traffic and stop the
attack; in less-critical situations, the IPS may just generate an alert to let
the clients know that the suspicious traffic was found on the network.
Configuration of IPS
There are few steps that need to follow to configure the IPS to protect
the organization network from known signature based malware
The first thing to configure the IPS is to download the IOS IPS files from
cisco.
There are two files that are required to be downloaded such as

IOS-Sxxx-CLI.pkgContains the signatures themselves with the xs

denoting a specific version

realm-cisco.pub-key.txtContains Cisco public crypto key

The next step is to create the IOS IPS configuration directory in the
device flash so that the features of the IOS IPS can be used. This
directory includes the signature files and the configuration. Moreover,
the name of this directory does not have to be anything specific, but the
name ips is recommended.
After the configuration of the directory than configure the cisco IOS IPS
crypto key. To ensure that the contents of the signature file are authentic,
Cisco has signed the master signature file with their private key. To
ensure that this master file can be verified, Ciscos public key must be
input into the device configuration. The following steps should be
followed to accomplish this:
1. Open the realm-cisco.pub-key.txt file that was downloaded from
Cisco and open it in a text editor.
2. Copy the contents of the file.
3. On the IOS IPS device, enter into global configuration mode with
the configure terminal command.
4. On the IOS IPS device, paste the contents from the text file at the

global configuration prompt (router(config)#).

5. On the IOS IPS device, exit from global configuration mode with
the end command.
6. On the IOS IPS device, verify the input of the key into the
configuration by running the show running-configuration
command; look for the contents from the text file.
Next step is to enable the IOS IPS feature, there are couple of steps
required to enable the features of IOS IPS. These steps are not
complicated but they require a knowledge of which IPS signature
category that is going to be used such as
Create an IPS rule name
Configure the IPS signature storage location
Configure the signature categories that are to be used such as retire all
of the signatures in the signature file and then the signatures that will be
used must be unretired. This can be done by using some of the
commands.
Enable the IPS rule onto the desired interface.
Last step is to load the IOS IPS signatures packages onto the IOS IPS
device that is possible to load by using TFTP or FTP

VLAN:
A Local Area Network (LAN) was originally defined as a network of
computers located within the same area. Today, Local Area Networks are
defined as a single broadcast domain. This means that if a user
broadcasts information on his/her LAN, the broadcast will be received by
every other user on the LAN. Broadcasts are prevented from leaving a
LAN by using a router. The disadvantage of this method is routers usually
take more time to process incoming data compared to a bridge or a
switch. More importantly, the formation of broadcast domains depends
on the physical connection of the devices in the network. Virtual Local
Area Networks (VLAN's) were developed as an alternative solution to
using routers to contain broadcast traffic.
The workstations, hubs, and repeaters together form a LAN segment. A
LAN segment is also known as a collision domain since collisions remain
within the segment. The area within which broadcasts and multicasts are
confined is called a broadcast domain or LAN. Thus a LAN can consist of
one or more LAN segments. Defining broadcast and collision domains in
a LAN depends on how the workstations, hubs, switches, and routers are
physically connected together. This means that everyone on a LAN must
be located in the same area The workstations, hubs, and repeaters
together form a LAN segment. A LAN segment is also known as a

collision domain since collisions remain within the segment. The area
within which broadcasts and multicasts are confined is called a broadcast
domain or LAN. Thus a LAN can consist of one or more LAN segments.
Defining broadcast and collision domains in a LAN depends on how the
workstations, hubs, switches, and routers are physically connected
together. This means that everyone on a LAN must be located in the
same area.
Devices within a VLAN can communicate with each other without the
need of Layer 3 routing. But devices in separate VLANs require a Layer 3
routing device to communicate with one another. For example, same
department vlans can communicate with each other without a router in
the same VLAN 10; different department vlans can not communicate
because of being in different VLANs same like router interfaces with
different network addresses.

VLAN NAME
MANAGEMENT
ACCOUNTING
MARKETING
RESEARCH AND
DEVELOPMENT

VLAN
ID
99
10
20
30

Host
Requirements
5 hosts
10 hosts
20 hosts
100 hosts

Port Allocation on
Switch
N/A
Fa 0/3 4
Fa0/5 8
Fa 0/6 - 12

ACL CREATION:
ACLs are used to control network access or to specify traffic for many
features to act upon. An extended ACL is made up of one or more access
control entries (ACEs). Each ACE specifies a source and destination for
matching traffic. You can identify parameters within the access-list
command, or you can create objects or object groups for use in the ACL.
For the purporse of this project external ACLs are used due to folloing
benefits.

Limit network traffic and increase network performance.

Provide traffic flow control.
Provide a basic level of security for network access.
Traffic decision ( forwarded or blocked at the router interfaces).
Area accessing
To Permit or deny Screen hosts to access a network segment.
It can provide access control based on Layer 3 addresses for IP
and IPX protocols.

Switch security implementation for the enterprise organisation

One of the effortless things the enterprise organisation can do to expand
the security is to implement a standard and policy for the management.
Below is the description of the different techniques for the secure switch
management. [5]
Set CLI and Console Access Passwords
Its always essential to configure the passwords on the switch for the
security purpose. For e.g. if you want to set the telnet and console
credentials on the cisco device than make sure for the all authorisation
level you configure diverse passwords and dont repeat the passwords.
[5]
Secure CLI (enable and disable SSH, telnet)
The next thing you need to do is enable SSH for the management
security. It prevents anybody from sniffing the activity on the wire and
gathering data information along with the usernames and passwords.
SSH is require to run for a client while telnet is enabled and built in by
default in most os. The first step to configure SSH on the switch is to
create a public/private key which will be used by the client to
authenticate the switch while you connect. Its always recommended to
save and install the ssh key to prevent the man in the middle attacks. [5]
After configure the SSH, firstly test it before disable the Telnet Access.
Securing SNMP (remove defaults, generate custom strings)
SNMP (simple network management protocol) is another way to manage
the switches. There are many versions of SNMP. By default, most
switches come with default SNMP string for e.g. public for read and
private for read-write access. Read only string is used only to view the
settings on the switch and SNMP read-write string is used to make any
changes on the switch.
Once the strings changes have been made on the switch, then there is a
need of update the management and monitoring tools. Its useful to avoid
failed scans and complications. [5]

6.4

Performance Analysis
A huge number of masses depend on the prospective of cloud

computing. That is why, it is extremely essential to make it secure. A

number of devices play their role in cloud computing architecture, such
as routers, switches, end users computer, server machines and services
on cloud platform. In this environment, it is inevitable to secure all of the
devices when huge number of attacks are expected. In this paper all of
the devices are secured individually and programmed accordingly to the
security requirements.
Switches are the back bone in this project design when many users are
connected

to

the

cloud

through

switches,

where

VLAN

is

also

implemented. So, the security of the switches are one of the most
important aspect. By putting the passwords on switches console and its
command line interfaces refrains all intruders to break in the switches. In
the same way, if any intruder wants to get the access of switches
remotely via telnet, he will not be able to get in due to the protected
passwords over telnet. Meanwhile, the data transmission including
usernames and passwords to get the access of the switches have been
encrypted by using the SSH version 2 (Secure socket shell). This protocol
encrypts all the information being propagated over the switches in order
to avoid man in the middle attacks. Whereas, other protocols like SSH
version 1, RSH, REXEC used to transmit all information in the plain text
[5].

CLI and Console Access Passwords

Secure remote access of CLI (SSH & telnet)

By putting the security features on the switches makes it slightly slow

but secure, because switch has to process each incoming frame, then
transmit. Obviously, it takes bit of time even though, it is minor and
unnoticed by humans.
Routers also play pivotal role in the project and all the information and
data

including

requests

and

responses

from

clients

respectively, come through the routers after switches.

Zone based firewalls

Dynamic multipoint VPN for encryption and decryption

and

server

Intrusion prevention system via ACLs

In order to protect the router, zone based firewalls have been

implemented to ensure security solutions. Specification of different zones
in the design makes it easy to implement firewall for each zone according
to the security level requirement, such as inside and outside zones.

Firewall in the inside zone enables the inside users to open the sessions
to particular server. Whereas, the firewall policy for the outside zone
refrains all the outsiders from the direct access to the cloud. This
implementation of zone based firewalls makes the design quicker for
insiders and slightly slow for outsiders. And this is because all the
firewalls has to process every incoming packet, match it with the attacks
in its database, filtration of packets and its transmission to the next hope.
The entire process makes the system slightly slow but relatively secure
[6].
Dynamic multipoint VPN allows end users to scale small and big
IPSec

tunnels.

IPSec

protocol

encrypts

each

IP

Packet

in

communication session. IPSec authentication process utilizes hashing

cryptographic function in order to deliver solid authentication for all IP
packets. The common algorithm is MD5 (Message Digest version 5). MD5
ensures nonrepudiation also. It consists of 32bit authentication header
for packet encapsulation, 3DES for encryption and MD5 for integrity
checking

specifications.

3DES

uses

three

independent

keys

for

encryption of each size 56bit and cumulatively 168bits [7]. But due to the
man in the middle attack, the efficient security it provides is 112bits, so it
falls down to 112bits. Whereas, MD5 algorithm uses 128bit hash value
for encryption for 512bit block size of data that cannot be reversed by

any mean, which makes the data more secure and quick. Because the end
user also has its own hash value, he just has to match this hash to the
received hash value. In this case no more processing is required.
ACL (Access Control List), is one of the great solution on from cisco
to avoid unwanted traffic from the network. It works from the general
logic to the specific and works as step by step (statement by statement)
in top to down approach. In this cloud computing environment, end users
will require the maximum and quick response from the cloud server for
requested data. By putting the ACL on the router will allow only the data
requested from server. Apart from this, all of the requests will be blocked
on the router, and this process will make the server robust and quick.
Because server will not have to process unnecessary requests, which will
make it more secure also.

Conclusion and Limitations

References
[1]

R. Daiv, Importance of Gantt Charts in Project Management,

TASKey Planning and Implementing [online Available]
http://www.taskey.com/resources/Related%20articles/importanceof-gantt-charts.aspx
[2]
M. Micah, Work breakdown Structure (WBS) purpose, process and
pitfalls, A guide to the project management [online Available]
https://www.projectsmart.co.uk/work-breakdown-structurepurpose-process-pitfalls.php
[3]
L. Jared, The advantage of a budget within a project, Chron
small business [online Available]
http://smallbusiness.chron.com/advantages-budget-within-project26134.html
[4]
IInet, VDSL2 Broadband, Critical information Summary [online
Available] https://www.iinet.net.au/about/legal/cis/cis-vdsl-iinet.pdf
[5]
5 Secure Switch Management Best Practices, Network
Computing, 2012.
[Online Available]
http://www.networkcomputing.com/networking/5-secure-switchmanagement-best-practices/1337441047/page/0/1
[6]
P. Ivan, Deploying Zone-based Firewalls, Introduction to ZoneBased Firewalls, 2007
[Online
Available]
https://www.scribd.com/document/52442338/Deploying-ZoneBased-Firewall
[7]
S. Doug, Triple DES and Encrypting PIN Pad Technology on Triton
ATMs, Triton, Nov 2002 [Online Available]
http://www.atmdepot.com/wpcontent/uploads/2011/03/3DESWP.pdf