A. Ali MS posterx

Download Report

Transcript A. Ali MS posterx

“Enterprise Network Design and Implementation for Airports”
Master’s Thesis - Ashraf Ali
Department of Computing and Information Sciences
Introduction
Practical Work
This project presented a network design and implementation plan for an airport’s enterprise
network. The primary goal was to deliver three principle system attributes: security, quality,
and safety.
For the security component, the design uses a variety of tools to craft a network that
provides a high security level. These utilities includes hardware firewalls, IP access control
lists, MAC address-based port security, domain and proxy servers. All of these tools have been
configured to provide a multilayer secure environment – and to prevent hackers form entering
sensitive subnets like those that house the flight management and service providers hosts.
Similarly, a broad collection of services and strategies have been developed that, when
combined, create a high service quality for users. These technical services include: failover
firewalls utility, PXE server (Pre-boot Execution Environment), DHCP Server (Dynamic Host
Configuration Protocol), DNS Server (Domain Name System) and high grade cabling.
Additionally, the overall design provides a stable internet service for the Air Traffic Control
System through the use of both redundant internet service providers and the failover tools.
To meet safety stnards, dual internet providers were adopted for the flight management
department to ensure backup operations for the safety critical Primary and Backup Air Traffic
Control Complex (BATCX) system. External to the Windows servers backup (iSCSI initiators
and iSCSI target) servers were also planned as an additional redundancy measure. This helps to
keep the Air Traffic Control systems’ information in full and safety-centric operation. Also, a
web server was incorporated as a repository for key passenger information.
Methods
The design adopted the following techniques in order to make the network meet the collected
goals and requirements. This includes security specific tools:
•
Hardware Firewalls to increase the level of security and setup rules for network’s
activities.
•
IP access control list to prevent unauthorized activities from guest department.
•
Mac address port security to prevent foreign devices from connecting to the sensitive
departments.
•
Domain Server to establish specific groups for specific tasks depending on needs.
•
Proxy server to setup permission for users depending on their positions and authority.
Figure 1. Airport Network, As Designed
Figure 2. Example Airport Building
To increase the network quality of services, several strategies and systems are included:
•
•
•
•
•
Fail over firewalls utility to support the network with ISP when the first fail.
PXE server (Pre-boot Execution Environment) to provide operating systems.
DHCP Server (Dynamic Host Configuration Protocol) to provide IPs.
DNS Server (Domain Name System) to manage Airport’s website.
Cabling system to provide the network an appropriate connection’s system.
Further Design Considerations/Points
Additionally, safety critical systems were given additional protections and mechanisms:
•
•
Dual ISPs to provide Air Traffic Control System (ATC).
Web Server to keep the passengers’ information's in safe place.
•
•
•
References
1. Burns, S. F. GIAC Security Essentials Certification (GSEC) Practical Assignment v1. 4c January
5, 2005. Threat Modeling: A Process to Ensure Application Security.
2. Lambert, P. (2012). The basics of using a proxy server for privacy and security. Tech Republic.
3. Chadwick, D. W. (2001). Network Firewall Technologies. NATO SCIENCE SERIES SUB SERIES III
COMPUTER AND SYSTEMS SCIENCES, 178, 149-168.
4. Cezar, M. (2014, October 16). Setting up a ‘PXE Network Boot Server’ for Multiple Linux
Distribution Installations in RHEL/CentOS 7. Retrieved March 22, 2016, from
http://www.tecmint.com/install-pxe-network-boot-server-in-centos-7/
5. Bipin. (2014, April 01). Configure iSCSI SAN in Server 2012 R2. Retrieved April 01, 2016, from
http://www.mustbegeek.com/configure-iscsi-san-in-server-2012-r2/
•
•
•
•
•
•
•
•
•
Dual internet service providers helps the Air Traffic Control System’s backup to work 24 hours
and place the data outside the network in safe area.
Filtering the ins and outs connections in the airport’s network.
Prevent the users from accessing the management system in the airport which represent by the Air
Traffic Control System.
The authorized devices can not connect to the physical part of the network.
The network’s users assigned to small groups to verify the identity of local users.
The outside attack has been prevented by squid proxy server and limit the inside requests to the
internet from users.
Failover utility in firewalls provide 24 house of internet services when one of the services goes
down.
The connected devices in the local network has operating systems that available to access any
time.
Assign internet protocols (IPs) to any device in the network automatically for each department
during the operations hours.
Translate IP addresses to the airport’s website internally.
The cabling system between buildings helps to reduce the time that used o transferee the data.
Passengers’ information protected in the local web server which placed inside the network.
Future Refinements
Several further possible enhancements emerged in the course of the
design project:
• Involve the Windows Servers in the security aspect to filter the
untested data that entered into the flight management system.
•
Create bootable operating system from different buildings or the
cloud when the local System fails or in the case of sudden fire in
any department.
•
Apply the failover configurations on the firewalls’ user interface
in a state of the terminal that has been used in the Packet Tracer
program to ensure the configurations process steps.
•
Use the IP subnet utility to limit the IPs in the network which
allows the network to be organized more easily.
•
Increase the target storage capacity for the Air Traffic Control
System backup to make sure that the target server has enough
space to store the data, especially in big airports which have
many traffic activities during the work operations.