Network Performance for Davis Networks

Network Implementation for Davis Networks Inc.

In the proposal, effort is made to develop an affordable local LAN for Davis Networks Inc. The effort involves provision of wireless Internet connection to all individuals for their desktops and laptops from the current high speed connection they have at an affordable price (800 USD -- 1000 USD). Provision of the internet to the same location costs approximately 700 USD including all other expenses like doing the wiring etc. To implement the project, there are various obstacles that have to be considered like electric poles, trees and walls. The core location is the Computer Center building. It has the highest speeds of connection. From this building, there will be distribution to the surrounding buildings located between 500 and 1000 meter range. The establishment of the network needs 5 Wireless Access points (WAP) having Omni antennas (A, B, C, D, E) and two directional (X and Y) are taken. A Wireless Access Point will be installed at the computer building and it will have 2 Antennas (one Omni and another one Directional). Directional antenna (X) will be communicating with antenna (Y) which is also a directional antenna and Omni antenna (B) will be supported in between (Deep, Kush & Kumar, 2010).

Figure 1: Wireless network (ad-hoc mode)

Figure 2: Wireless network (infrastructure mode)

Communication will be made through the antennas by corresponding WAP. Line of sight existing between the antennas will be clear. In the network, all the used antennas shall communicate through other antennas and so there will be Access points at A, B, C, D and E (and working in repeater mode). As illustrated in the figure above, every access point gives the signals to the laptops and computers or other devices that can be found around. Support will be given to weak access points by a stronger one (Deep, Kush & Kumar, 2010).

As soon as the area is understood properly and the locations for the Wi-Fi identified, a survey of the market will be carried out to identify which products have the highest cost-benefit expectations and ratios. An alternative strategy can have a wired network being maintained as the pillar of the WAP. Laying down Wired networks can be expensive. To increase the bandwidths, fiber optics may be brought on board. Besides, a collection of low gain antenna WAP can be positioned to cover two to four houses that neighbor each other (Deep, Kush & Kumar, 2010).

2. Review of What Other Work

These days, several Radio Access Technologies (RATS ) are in existence including GSM/GPRS, UMTS, IEEE 802.11-based wireless LAN (e.g. WiFi) as well as IEEE 802.16-based Wireless Metropolitan Area Network (e.g. WiMAX). The coming systems of mobile communications foretell the availability of wireless communication environment that is heterogeneous and makes communication seamless. Also available will be adaptive service quality and joint service management. In a setting that has several technologies, making Radio Access Networks (RANs) that cooperate with one another can be challenging. Next Generation Mobile Networks (NGMN) gives recommendations to help in the supporting of the job of bodies concerned with standardization as well as manufacturers so as to achieve cost-effectiveness in integrated mobile communication systems in the future. There are 3 he recommendation groups. The first is functional recommendations which target the service provider's ability to give attractive and flexible services. The second relate to efficiency as far as cost is concerned. The third concerns guidance given towards the evaluation of suitability of deployment. The NGMN has expectations of the integrated network maximizing its exploitation of resources in situations where terminals are needed to give support to other RATs. A subsystem based on Session Initiation Protocol might be implemented to control access and also for network and service function (Luo & Bodanese, 2008).

Several access points and laptops with wireless capabilities can be found in homes today. It is expected that the wireless devices numbers will continue rising given the falling costs. Because only 3 non-interfering channels in 802.11 exist, performance will suffer due to the interference that will be caused by the wireless devices. Spectrum scarcity could be a big issue in the future. Solving this problem could take actively monitoring the usage of spectrum in a specific location and allocate spectrums efficiently as the wireless devices need them (Li & Liu, 2005).

Infrastructure Mode

The wireless LAN can be infrastructure mode because of the wireless access point. The mode allows wireless connection to devices in the given area covered. The access point has at least one antenna that allows interaction with wireless nodes. In infrastructure mode, the wireless access point ensures conversion of airwave data into wired Ethernet data, connecting wireless clients and the LAN. The network coverage can be extended by connecting several access points through a wired Ethernet backbone. A mobile device moving away from the range of an access point, it gets into the range of a different access point. Wireless clients can therefore seamlessly roam from one point to another without the connection being cut. IEEE 801.11 g/b wireless nodes are in communication with one another by way of radio frequency signals in the Industrial Scientific and Medical (ISM) band ranging from 2.4 GHz to 2.5 Ghz. The surrounding channels are apart by 5 MHz. Nonetheless, because of the effect of the spread spectrum, a node that is sending signals will make use of frequency spectrum 12.5 MHz below and above the frequency of the center channel. Interference will therefore result because of the closeness of the channels. The use of two channels which are optimally separated will improve performance a great deal as the amount of channel cross-talk will be greatly reduced. There is vulnerability and risk of theft of information as well as eaves dropping because of the wireless nature of the connection (Chapter 2 Wireless Networking Basics, 2005).

The most used WLAN protocol is 802.11b EEE standard. The protocol's operation is in the frequency range of 2.4 GHz having a 54 Mbps maximum data link and about 26 Mbps throughput rate. Depending on the technique of modulation, higher frequency means higher bandwidth, the range decreases as a result. The recently developed 802.11g protocol is a specification of the IEEE that was developed as 802.11b extension that operates in the frequency band of 2.4 Ghz, but employs better modulation so as to increase the bandwidth. The standard has a 54 Mbps data ceiling and a throughput of 22 Mbps on the higher end. So, 802.11g aims at capturing the benefits of both 802.11b and 802.11a. Radio signal propagation by the three protocols is determined by several factors and so the feature performances as outlined by the manufacturer may be misleading. The factors could include barriers like glass, metal and wood (Sohal & Dowdy, 2004).

3. Project Rationale

The wireless technology has revolutionized several cost-effective and popular wireless solutions for educational and business purposes. This paper seeks to make an affordable wireless local area network. In the case of Davis Networks Inc., it has been found out that the proposal is workable and very good given the budget as well as the time frame. Wireless technology is becoming more popular in computing and also in everyday life as it is made use of in TV remotes, unlocking or locking cars, radio, Wi-Fi and phones. Wireless adoption has enhanced the mobility of workers allowing them to travel around the world while being able to gain access to information through electronic media. The past two years has seen widespread adoption of wireless networking and mobile telephony. These devices have been further integrated to various networks like the internet. The reasons people give for not using the wired networks are delays and expenses, and hassles. Even homeowners and enterprises are foregoing installation of wired networks. Wireless networks are less expensive and have higher throughput. This has ensured the exponential growth of wireless networks in communities, homes and businesses as well as open spaces. This explains the widespread usage of wireless networks the world over and high-speed internet is no longer a luxury and is enjoyed by all travelers the world over. Two variations exist of mobile wireless networks. The first one is infrastructure networks and the other is called infrastructure less mobile network that is also referred to as ad-hoc network.

The market for wireless networking is rapidly growing as various establishments discover the advantages of using wireless networks. Wi-Fi affords users higher mobility and this is crucial in business operations in various fields like warehousing, manufacturing, transportation, airports, hotels, colleges and convention centers. Within the business, public areas, conference rooms as well as branch offices are some areas that need LANs (WLANs) (Tsi -Global, n.d).

The project has the competency to execute this big Wi-Fi rollout.

Requirements Analysis

This involves defining technical requirements as well as specifications that is the basis upon which the wireless network is designed (Tsi -- Global, n.d).

System Design

This involves defining the optimum system architecture, wireless technologies, configurations and products that ensure meeting the requirements (Tsi -- Global, n.d).

Site Surveys

Surveying the sites entails identifying the most suitable location for the installation of wireless access points and/or nodes, analyzing the current RF interference and assessing assets for mounting of equipment as well as the current wired distribution systems (Tsi -- Global, n.d).

System Testing

This entails verifying the installing the wireless network through the development of a test plan carrying out tests ensuring that all requirements like signal coverage, security, supportability and performance are met (Tsi -- Global, n.d).

System Installation

This entails the planning of the installation, giving training to installers and supervising the wireless network installation. Recommendations can be made of installers who are reputable if it is needful that the process be outsourced (Tsi -- Global, n.d).

Security Assessments

This is about assessing the security of the current wireless network through going through the network configuration and carrying out tests for penetration (Tsi -- Global, n.d).

Expert Troubleshooting

This entails determining the main cause of problems affecting wireless networks through the observation of the system's behavior and carrying out protocol analysis and RF tests (Tsi -- Global, n.d).

Operational Support Planning

Involves developing support plans for wireless networks, and includes assessing the prevailing support methods and organization, creating decision trees that the support staff can follow as they troubleshoot any existing problems and identify the required tools needed and so recommend how the network can be best supported (Tsi -- Global, n.d).

Project Management

Involves the planning how the enterprise wireless network will be deployed and how the various operations of the project will be managed. The requirements for the project will be defined, design done, installation done, the network tested and the support plan put in place (Tsi -- Global, n.d).

B. Project Goals and Objectives

As should be in any system, the first things to be considered are scalability, ease of use, as well as cost. This project meets every one of these. The layout and people's ability to move from one place to another is a key consideration. The ideal is that it be possible to trace a network to a particular individual for ease of doing security audits. This need complicates the implementation of the wireless network. The objective and goals of the project are as below:

1. Ease of Use

The design is done having the user in mind. A computer account will be needed to gain access to the network. At Davis Network Inc., every person using the network can get a computer account from the central computer services. LAWN shall make use of this account for authentication. Since LAWN's design is such that users rather than hardware are authenticated, a change of hardware by the user has no effect (Makmur & Mc Grew, 2002).

The process of authentication is simple and easy. A user having wireless device just has to run a browser and attempt to load a web page. If a user isn't authenticated, there will be a redirect to a login screen on which the user is requested to confirm if he/she is a valid user. On authentication, access will be granted to the network until a manual or automatic log out is done. An automatic logout will take place following 30 minutes of inactivity from the user (Makmur & McGrew, 20002).

2. Scalability

The design of the network will be as a top-down infrastructure and this will ensure easy deployment. For a department to be part of the LAWN system, an implementation of LAWNs firewall part is needed. Because authentication is done centrally, the departments can also use the central authentication system instead of having a different scheme of their own.

Deployment of the LAWN system requires a dual Ethernet interface Linux system. The firewall software can be found at DCIS/LCSR through the RPM file. An Ethernet interface on the firewall can get a connection to outside users while another one to the HUB or switch that is connected to the access points. If a case arises where there is a need for the entire LAWN system -- plus "in-house" authentication, there can be implementation of a trust relationship between the various authenticators. In such a trust system, the behavior of the LAWN system will be such that it is like one. An authenticator will contact other authenticators to confirm authentication of a given user (Makmur & McGrew, 2002).

3. Low Cost

Since firewall handles all the issues related to networking like access restrictions, name servers and dynamic configurations; there isn't a need to buy wireless access points having several features. The only thing to consider is cost and reliability. The machine for firewall is also constructed from affordable software and hardware. A PC having Pentinum 300 Mhz 256 Mb memory plus a hard disk of 10GB and the free Linux OS is adequate. A PC like that can cost as low as $200 a piece (Makmur & McGrew, 2002).

4. Secure

Security is a key component of the LAWN system. Authentication is a necessity and it necessitates the LAWN system. Having LAWN ensures that each and every access can be traced to a particular person who can be questioned in case of unauthorized use. There are two LAWN security issues. The first is accessing the wireless network. Anyone who wants to gain access must be authenticated. Passwords used against various usernames are verified at the central servers, or some other servers used for authentication before the person is given access. The HTTPs protocol is applied in authenticating the passwords through the web browsers and so ensures privacy of the password and the username (Makmur & McGrew, 2002).

The other issue is the security of transmitted data which pass through the air waves. Solving this can be tricky. The 802.11b protocol (Wi-Fi), which is being used now in networking technology makes use of an in built technology for encryption of data so as to ensure security of data. The technology is referred to as Wired Equivalent Privacy (WEP) and was designed specifically to tackle the issue of security of transmitted data. Nonetheless, it has proven inadequate and capable of being breached in a very short time. LEAP (Lightweight Extensible Authentication Protocol) has been developed as an alternative to WEP. It is a proprietary technology of Cisco. It is currently running only on the Apple Airport card (version 2.x firmware), Cisco Access Points and the Cisco 802.11b wireless card. This implies that one cannot use LEAP when using other 802.11b card brands (Makmur & McGrew, 2002).

Given WEP's weaknesses, it will not be involved in designing LAWN. This is deliberate so as to ensure that the users know the potential security problems. In addressing the issue of transmitted data security, LAWN system has a Virtual Private Network (VPN) server that is optional. The VPN will afford users a secure private network between the VPN server and the computer of the user. Having all transmitted data encrypted regardless of the medium ensures that no eavesdropping can occur. As opposed to LEAP that works only with costly Cisco Access Points or Cisco brand 802.11b cards, users that do not have 802.11b wireless cards or even those that are at home will be able to use the VPN connection through any low-cost access point and have their security guaranteed. To use LAWN and VPN, the user will log in two times. The first is to gain access to LAWN and then to the VPN server to utilize the encryption service (Makmur & McGrew, 2002).

Having the VPN as optional will probably result in less VPN users (due to cost or "ease of use"). Therefore, the data of users will be available openly and someone can eavesdrop. An alternative is using the current encrypted services to have the entire network traffic encrypted. For instance, a user might make use of Secured Shell (SHH) instead of IMAP or Telnet with SSL or POP with SSL instead of IMAP or POP for the reading of email, and SMTP with SSL to send email. The tools are available for free on the Internet for any computing platform (Makur & McGrew, 2002).

Meanwhile, all the users ought to know that WEP security is quite weak and no one should rely on it. The best option is using secure services and aiming for the usage of VPN which is very secure.

Implementation

The design of the LAWN system is like that of a workgroup. Every one of the workgroups is composed of dynamic firewall based on the Linux OS, a network hub plus/or switch as well as wireless access points. One interface has an outside world connection and another has a wireless world connection. The decision on who accesses the outside world is done by the firewall through the addition of particular hardware address in the access list, based on the authentication or not added to the access list if not authenticated or there is a log out (Makmur & McGrew, 2002).

Discovery Process

If the computer of a user can be found in the wireless access point's range, all the required configurations will be sent to it (IP address, name server, gateway) through the Dynamic Host Configuration Protocol (DHCP) server that is running in the firewall machine. Immediately a software that requires network access is run by the user, discovery of the hardware will be made by the firewall and the address will be evaluated in the authentication server. An authenticated user will be granted access. If the application in question is a web browser, there will be a redirection to the authentication server and a login page will present itself. On authentication, the firewall directs the server to give access to the computer hardware address. The firewall then continues monitoring the activity level of the user. If the computer of the user fails to answer network request for a given time period, or there is a manual log out, the access for the hardware address is removed from the routing tables of the firewall (Makmur & McGrew, 2002).

C. Project Deliverables

The infrastructure shall be comprised of fixed wireless relays and wired base stations. Base stations connect the wireless network and the Internet. In the networks, a mobile unit is connected to the closest base station that is available in the radius of communication and so communicates with it. Typical uses of such a network type are in office wireless local area networks (WLANs). Mobile ad-hoc networks are autonomous connected systems of wireless routers and mobile hosts which can be moved from one place to another and be able to arbitrarily organize themselves and are heavily used by homeowners. While wireless networks are popular with home owners, its security issues have had an effect on the rate of deployment of WAN. Nonetheless, several misconceptions may exist about the security situation of wireless networks. The increased uptake of WLANs are drawn from a research that said WLAN uptake would be two times the current rate in two years (Deep, Kush & Kumar, 20101). The growth is attributable to:

Companies enjoying fast deployment benefits

Cost of infrastructure is lower

Productivity has improved

Rushing the implementation raises the concern that security issues may arise and such concerns should be addressed. Security is the big question. An increase in popularity of any given technology increases the risk of security attack. For the case of the WLAN, the issue of security is worsened by its mode of transmission that can be breached as well as the inadequate infrastructure (Deep, Kush & Kumar, 2010).

Like with every other company, Davis Network Inc. will have its network protected to ensure the security of the connections between the users and that all data being sent arrive safely. VPN is a sound solution in the organization of a safe remote access to the server. Internet protocol security (Ipsec) configuration is with VPN so as to be more secure (Kadry & Hassan, 2008). Nonetheless, Davis Network incorporated will make use of a private key. Also, the network will have firewall as an added feature in its security.

Encryption is a very good method of encoding data or messages by using mathematical keys in a way that hides the substance of the message and so no one can decipher what is being said. However, it hasn't always been used in network security. In the past, encrypted data transmitted in a network needed that an encryption key of the same kind be in use by the person receiving the message. There have been developments and now asymmetric encryption classes have two different keys for encrypting and decrypting. The receiving device makes use of a private key in decrypting the received data. A remote device that wants to send encrypted information must make use of a public key to have the information encrypted before having it sent (Kandry & Hassan, 2008).

The paper focuses on the design as well as the implementation of the proposal that requests the low cost wireless system. It will have firewall that will be used in protecting both individual and corporate clients. The Dual-homed host architecture will be made use of in implementing the low cost wireless system proposed. Firewall ensures there is a barrier that imposes restriction on packets accessing the private network. All outside traffic coming in and those coming out from inside will have to pass through the firewall, but only the traffic that has authorization will be allowed in. Access will not be given to packets unless they meet the requirements or are authenticated. The firewall ought to be penetration resistant. Firewalls are used in creating checkpoints (or choke points) between the internal network and Internet that is not trusted. The establishment of choke points allows the device to monitor all inbound as well as outbound traffic, filtering and verifying traffic in the process (Kadhim & Hussain, 2006).

Firewall

A firewall system can be personal computer, a host, a collection of hosts or a router whose function is shielding sites or subnets from services and protocols which can face abuse from hosts located outside of the subnet. The firewall acts as the gatekeeper to the central control between the trusted internal network and the untrusted Internet. So because of the behavior of the firewall, the level is all over the place. The levels include one being located between the Internet and the internal network, between internal networks and subnets and also in one PC and other computers on a similar network or some other Internet networks (Kadhim & Hussain, 2006). The proposed system has a monitor of level of application and mechanism for packet filtering. The single box architecture is applied in constructing this part of the firewall (Dual -- homed host) since the architecture gives the very best isolation between the protected network and the Internet. Packet filtering is applied since it is required that all kinds of mechanisms of firewall be constructed and that they make use of packets. The other firewall part makes use of mechanisms such as log file and auditing. It is used in identifying the employee or manager and in displaying the private data or information to the particular employee or manager (Kadhim & Hussain, 2006).

The proposed firewall system operates through the receiving of packet data from the initial LAN card which gains Internet connection and from the ports where it is scanned. The packet is then sent to a buffer. Every packet is examined by comparing it to the IP addresses of the source computers as well as the destination computer packet using the table of authorized IPs. So, the port count and the source of IP and the destination determine the security level. If the Source IP or that of the destination is not authorized, the system will reject the packet, it will be denied access and a message is sent to the initiator of the request concerning the situation. If there is authorization, the firewall system will request password and username from the request initiator to login into the network. An incorrect username-password combination is rejected. A correct combination will be given access. The proposed firewall system makes use of several algorithms in completing the work (Kadhim & Hussain, 2006).