QUESTION ONE

I). The type of LAN network topology

- For the office building with three floors and different departments, we would recommend a
Hierarchical Star Topology.

The reasons for recommend a hierarchical star topology

- This topology provides scalability, ease of management, and clear network segmentation for
each department on different floors. Each floor can have its own network segment, connected
to a central distribution switch.

II).Detailed Network Diagram

+-------------------+

| Router |

+---------+---------+

+---------+---------+

| Distribution |

| Switch |

+---------+---------+

+----------------+------------+----------------+

| | | |
+-------+---+ +------+---+ +---+------+ +---+------+

| Switch | | Switch | | Switch | | Switch |

| (1st Fl) | | (2nd Fl) | | (3rd Fl) | | (Server) |

+-----------+ +-----------+ +-----------+ +-----------+

| Admin | | Sales/ | | IT/Dev | | Servers |

| Dept | | Marketing | | Dept | | |

+-----------+ +-----------+ +-----------+ +-----------+

```

III). Network Segmentation:

- Implement VLANs to separate different departments and floors. For example, create VLANs
for Administration, Sales/Marketing, IT/Development, and Servers to improve performance and
security by isolating network traffic.

IV). Cabling Recommendations:

- For the office building, I would recommend using Cat6 or Cat6a Ethernet cabling for all
sections of the office.

- Cat6 or Cat6a cabling supports Gigabit Ethernet speeds and provides better performance and
future-proofing compared to Cat5e.

- Use fiber optic cabling for inter-floor connections to ensure high-speed and reliable data
transmission over longer distances.

V). Reasoning for Choices of cabling:

- Cat6/Cat6a Ethernet Cabling: Offers higher data rates (up to 10 Gbps) and better performance
compared to Cat5e, suitable for handling the network traffic of a growing company.
- Fiber Optic Cabling: Provides high bandwidth, immunity to electromagnetic interference, and
supports longer distances, making it ideal for connecting switches on different floors.

VI). Steps to Install Cabling Infrastructure:

A). Planning:

- Review the network diagram and determine the cable lengths, types (Cat6/Cat6a, fiber
optic), and quantities needed for each section of the office building.

- Plan cable routes, considering cable management, avoiding interference with electrical lines,
and ensuring proper ventilation for network equipment.

B). Preparation:

- Gather necessary tools and equipment such as cables, cable trays, cable ties, patch panels,
wall plates, and labeling materials.

- Ensure safety measures are in place for working with cabling, such as proper lifting
techniques and following building codes.

C). Installation:

- Run cables along planned routes, ensuring proper support and securing cables with cable
ties or clips.

- Install wall plates and cable drops at designated locations for connecting devices.

- Terminate cables at patch panels and network devices following industry standards.

D). Testing:

- Use cable testers to verify cable continuity, check for wiring errors, and ensure proper
connectivity before connecting devices.

- Document cable runs, labeling both ends of cables for easy identification during
troubleshooting and future maintenance.
E). Cable Management:

- Organize cables using cable management tools like cable trays, racks, and labels to maintain
a tidy and easily maintainable cabling infrastructure.

- Implement cable management best practices to reduce cable clutter and prevent cable
damage.

F). Future Maintenance:

- Create and maintain accurate documentation of the cabling infrastructure, including cable
types, lengths, termination points, and labeling schemes.

- Regularly inspect and maintain the cabling infrastructure to address any issues promptly
and ensure optimal network performance.

VII). Addressing Potential Physical Obstacles:

- Identify potential physical obstacles such as concrete walls, support beams, or HVAC ducts.

- Plan cable routes around obstacles or use conduit or raceways to protect cables.

- Use cable management techniques to secure cables and prevent damage from physical
obstacles.

VIII). Proposed IP Addressing Schemes

A). Subnetting for Network Segmentation:

- Administration Dept (1st Floor): 192.168.1.0/24

- VLAN for Admin: 192.168.1.0/26

- Sales/Marketing Dept (2nd Floor): 192.168.2.0/24

- VLAN for Sales/Marketing: 192.168.2.0/26

- IT/Development Dept (3rd Floor): 192.168.3.0/24

 - VLAN for IT/Dev: 192.168.3.0/26

- Servers (Server Room): 192.168.4.0/24

- VLAN for Servers: 192.168.4.0/26

B). Router IP Address:

- Router Interface for each VLAN:

- VLAN1 (Admin): 192.168.1.1

- VLAN2 (Sales/Marketing): 192.168.2.1

- VLAN3 (IT/Dev): 192.168.3.1

- VLAN4 (Servers): 192.168.4.1

C). DHCP Configuration:

- Configure DHCP scopes for each VLAN to dynamically assign IP addresses to devices within
each segment.

- Reserve static IP addresses for critical network devices such as servers

IX). Assigning IP Addresses:

~ Static vs. Dynamic IP Addresses:

- Assign static IP addresses to critical devices like servers, network printers, and network
infrastructure equipment for easier management and to ensure consistency.

- Use DHCP to assign dynamic IP addresses to end-user devices in each department, allowing
for easier IP address management and flexibility.

X). Potential Security Threats and Mitigation Measures:

1). Internal Threats:

 A). Unauthorized Access: Implement role-based access control (RBAC) to restrict access to
sensitive data and systems based on user roles.

B). Data Theft: Encrypt sensitive data at rest and in transit to prevent unauthorized access.

C). Insider Threats: Monitor network activity for unusual behavior and implement user
behavior analytics to detect anomalies.

2. External Threats:

A). Malware and Phishing Attacks: Deploy email filtering, anti-malware software, and user
awareness training to mitigate the risk of malware and phishing attacks.

B). DDoS Attacks: Implement DDoS protection services and configure firewalls to mitigate the
impact of DDoS attacks.

C). Unauthorized Access: Implement strong authentication mechanisms like multi-factor

authentication (MFA) and regularly update firewall rules to block unauthorized access attempts.

XI). Implementation of Security Devices:

1. Firewalls:

- Deploy a next-generation firewall (NGFW) at the network perimeter to inspect and filter
incoming and outgoing traffic based on defined security policies.

- Configure firewall rules to allow only necessary traffic, block malicious traffic, and log
firewall events for analysis.

2. Intrusion Detection/Prevention Systems (IDS/IPS):

A). Deploy IDS/IPS to detect and prevent suspicious activities and known attack patterns on
the network.

- Configure IDS to monitor network traffic for anomalies and unauthorized access attempts,
while IPS can automatically block or mitigate detected threats.
3. Other Security Devices:

A). VPN Concentrator : Implement a VPN concentrator to provide secure remote access for
employees and ensure data confidentiality over public networks.

B). Web Application Firewall (WAF): Deploy a WAF to protect web applications from
common security threats such as SQL injection, cross-site scripting (XSS), and other web-based
attacks.

4. Implementation Considerations:

A). Regularly update security devices with the latest firmware and security patches to protect
against known vulnerabilities.

B). Conduct regular security audits and penetration testing to identify and address potential
security weaknesses in the network.

C). Implement a comprehensive security policy that outlines security measures, user
responsibilities, incident response procedures, and compliance requirements for the
organization.

REFERENCES

✓ Goleniewski, L. (2006) Telecommunications Essentials, Addison Wesley Professional.

✓ Kurose, J.F. and K.W. Ross (2003) Computer Networking: A Top Down Approach Featuring
the Internet, Addison Wesley.
✓ Mir, N.F. (2006) Computer and Communication Networks, Prentice Hall.

✓ Ogletree, T.W. and M.E. Soper (2006) Upgrading and Repairing Networks, Que.