Project Implementation and Network Upgrade at AIBT Corporation: A Success Story

1.1 Legislation and WHS Implementation

AIBT Corporation's recent network upgrade project was executed with meticulous planning and
adherence to relevant legislation and workplace health and safety (WHS) standards. In alignment
with IT regulations and WHS guidelines, the project aimed not only to enhance the technological
capabilities of the organization but also to ensure a safe and secure working environment.

The relocation to a new building prompted a thorough review of WHS measures. Concerns
regarding cabling issues, particularly co-axial cables running across the floor, were identified as
serious occupational health and safety (OH&S) issues. To address this, cable management
solutions were implemented, eliminating tripping hazards and mitigating the risk of accidents.
Regular WHS training sessions were conducted to educate employees on safe practices and
minimize potential risks associated with the new infrastructure.

1.2 Access to the Facility:

Access control measures were established to safeguard the facility and the network
infrastructure. Biometric scanners and card-based access systems were implemented to ensure
that only authorized personnel could enter the server room and have physical access to
networking equipment. This enhanced security not only protected sensitive data but also ensured
the integrity of the network infrastructure.

1.3 Review and Implement Design Documentation:

The project began with a comprehensive review of existing design documentation. The peer-to-
peer network, consisting of eight IBM compatible PCs running Windows XP, was upgraded to a
more robust infrastructure. The new design accommodated the growth of the organization,
separating the HR, Finance, Marketing, and Sales departments into distinct subnets connected
via routers.

Implementation involved reconfiguring the network infrastructure to align with the proposed
design. New switches, routers, and cabling were strategically deployed to optimize performance
and minimize potential issues. This reconfiguration facilitated efficient communication and data
sharing among the different departments.
1.4 Network Topology Design:

The design of the network topology considered both logical and physical aspects. Logical
separation into distinct subnets using routers enhanced security and facilitated effective traffic
management. The physical topology was carefully planned, taking into account the layout of the
new building. Network components were strategically placed to minimize cable lengths,
reducing the risk of interference and optimizing overall performance.

1.5 VLSM Addressing Scheme Design:

A Variable Length Subnet Masking (VLSM) addressing scheme was designed using the
192.168.72.0/24 network. Each department was allocated a subnet based on its specific host
requirements. This meticulous allocation ensured efficient utilization of IP addresses and
accommodated the varying needs of each department:

SW-1 (HR): 192.168.72.0/29 (7 hosts)

SW-2 (Finance): 192.168.72.8/28 (15 hosts)

SW-3 (Marketing): 192.168.72.24/27 (29 hosts)

SW-4 (Sales): 192.168.72.56/26 (58 hosts)

This addressing scheme laid the foundation for seamless communication and data sharing
between departments.

1.6 Vendor Selection and Cost Analysis:

Vendor selection played a crucial role in the success of the project. After careful consideration of
reliability, performance, and scalability, vendors for switches, routers, and cables were chosen. A
detailed cost analysis was conducted to estimate the budget required for the entire infrastructure
upgrade. This analysis covered not only upfront costs but also factored in ongoing maintenance
and potential future expansion costs.
1.7 Plan Development with Task Priority and Contingency Arrangement:

The development of a comprehensive project plan was instrumental in ensuring a smooth

implementation. Tasks were prioritized based on dependencies and critical path analysis.
Contingency arrangements were incorporated to address unforeseen challenges, such as
equipment delivery delays or unexpected technical issues. Clear communication channels and
escalation procedures were established to ensure efficient problem resolution.

2. Determine the Basic Routing Requirements and Their Operating Parameters

2.1 Routing Requirements Analysis:

Before implementing any routing protocols, a thorough analysis of the organization's routing
requirements was conducted. This involved understanding the communication needs between
departments and establishing the criteria for selecting appropriate routing protocols. Key
considerations included scalability, convergence speed, and ease of configuration.

During this phase, the specific needs of each department were taken into account. The HR,
Finance, Marketing, and Sales departments had distinct requirements, and the routing solution
needed to cater to their individual needs. This analysis laid the foundation for the subsequent
configuration of routing protocols.

2.2 Selection of Routing Protocols:

Based on the routing requirements analysis, suitable routing protocols were selected to meet the
organization's needs. Considerations included the ability to scale as the network grows, the speed
at which the network can adapt to changes, and the ease of configuration and maintenance.

In this scenario, the decision was made to configure Enhanced Interior Gateway Routing
Protocol (EIGRP) on the routers. EIGRP is known for its efficiency in adapting to network
changes, providing faster convergence, and optimizing the utilization of available bandwidth.
The selection of EIGRP was a strategic choice to align with the organization's routing goals.

This phase involved collaborating closely with network administrators and department heads to
ensure that the chosen routing protocols aligned with the specific operational requirements of
each department. The emphasis was on creating a robust and scalable routing infrastructure that
would support the organization's current and future needs.
This careful analysis and selection process set the stage for the subsequent steps in the network
upgrade, ensuring that the routing solution implemented was tailored to the unique requirements
of AIBT Corporation's growing network.

2.3 Upgrade the Firmware on the Router:

Router firmware upgrades are critical for enhancing security, improving performance, and
ensuring the routers operate with the latest features and patches. Here's how this process was
executed:

2.4 Identify the Latest Firmware Version:

The first step in the firmware upgrade process was to identify the latest version of firmware
compatible with the selected routers. This involved consulting the router manufacturer's
documentation, release notes, and official channels to ensure accurate information. Identifying
the latest firmware version was crucial for obtaining the most up-to-date security features and
bug fixes.

2.5 Meticulous Planning for Firmware Upgrade:

Once the latest firmware version was identified, the planning phase commenced. Meticulous
planning was essential to minimize disruptions and potential risks associated with the firmware
upgrade. This phase included:

Scheduled Downtimes: The team scheduled specific downtimes during which the firmware
upgrade would take place. This was carefully coordinated to impact operations minimally,
ensuring that essential tasks and communication were not disrupted.

Risk Assessment: A thorough risk assessment was conducted to identify potential challenges or
issues that might arise during the firmware upgrade. Contingency plans were developed to
address any unforeseen circumstances promptly.

Communication Plan: Clear communication channels were established to inform all relevant
stakeholders about the upcoming firmware upgrade. This included notifying department heads,
IT personnel, and end-users about the scheduled downtimes and potential impacts on network
accessibility.
Backup Procedures: Before initiating the firmware upgrade, comprehensive backup procedures
were put in place. This involved saving the current router configurations and settings to facilitate
a swift rollback in case any issues occurred during the upgrade.

2.5.1 Execute the Firmware Upgrade:

With the planning phase completed, the actual execution of the firmware upgrade commenced.
This involved the following steps:

Accessing the Routers: Authorized personnel accessed the routers using secure channels,
ensuring that only qualified individuals were involved in the upgrade process.

Upload and Verification: The identified firmware version was uploaded to the routers, and a
thorough verification process was conducted to ensure the integrity of the uploaded firmware.
This step included checksum verification and confirming that the firmware version matched the
expected version.

Sequential Upgrade: Routers were upgraded sequentially to avoid simultaneous disruptions

across the network. This careful sequencing allowed for continuous network functionality during
the upgrade process.

Post-Upgrade Testing: After completing the firmware upgrade, a series of post-upgrade tests
were conducted. These tests verified that the routers were functioning correctly, and connectivity
across departments was restored.

2.5.2 Regular Monitoring and Maintenance:

Post-firmware upgrade, regular monitoring and maintenance procedures were established. This
involved:

Continuous Monitoring: Ongoing monitoring of router performance to identify any anomalies or

issues that might arise post-upgrade.
Periodic Checks: Regular checks were scheduled to ensure that the upgraded firmware continued
to meet the organization's requirements. This included reviewing system logs, analyzing
performance metrics, and addressing any emerging issues promptly.

Documentation: Detailed documentation of the firmware upgrade process, including version

information, upgrade steps, and post-upgrade monitoring procedures, was maintained for future
reference.

2.6 Configure Basic Router Security:

Implementing effective security measures at the router level is paramount to safeguarding an

organization's network infrastructure. AIBT Corporation, recognizing the importance of securing
its network, meticulously configured basic router security to protect against unauthorized access
and potential security threats.

1. Establishment of Strong Passwords:

One of the fundamental aspects of basic router security is the establishment of strong passwords.
Weak or easily guessable passwords pose a significant risk to network integrity. AIBT took a
proactive approach by setting robust, complex passwords for router access. These passwords
were carefully crafted, incorporating a mix of uppercase and lowercase letters, numbers, and
special characters. By enforcing strong password policies, the organization significantly fortified
the first line of defense against unauthorized access attempts.

2. Implementation of Access Control Lists (ACLs):

Access Control Lists (ACLs) serve as a critical tool for controlling and restricting access to the
router. AIBT configured ACLs to define rules governing which devices or users could access the
router and what actions they were permitted to perform. ACLs acted as a filtering mechanism,
allowing only authorized traffic to pass through while blocking or restricting unauthorized
access. This granular control over network access added an extra layer of security, minimizing
the risk of malicious activities and unauthorized configuration changes.
3. Disabling Unnecessary Services:

To further reduce the attack surface and enhance security, unnecessary services on the router
were disabled. Routers often come with default services that may not be essential for the
organization's specific needs. AIBT identified and turned off any services that were not critical
for day-to-day operations. This practice not only reduced the potential vulnerabilities but also
contributed to optimizing the router's performance by allocating resources only to essential
services.

4. Regular Audits for Vulnerability Identification:

Recognizing that security is an ever-evolving landscape, AIBT incorporated a proactive

approach by conducting regular audits of router security settings. These audits involved a
comprehensive review of configurations, access controls, and logs to identify any anomalies or
potential vulnerabilities. By routinely examining the security posture of the routers, the
organization could stay ahead of emerging threats and address any weaknesses promptly.

5. Timely Response to Security Incidents:

In the event of any suspicious activity or security incident, AIBT ensured a swift and efficient
response. The regular audits served as a proactive means of detecting any irregularities, allowing
the IT team to investigate and mitigate potential threats promptly. The organization had
established incident response protocols to address security breaches effectively, minimizing the
impact on network operations.

6. Documentation of Security Measures:

Documentation played a crucial role in ensuring the consistency and repeatability of security
measures. AIBT maintained detailed documentation outlining the configured security settings,
ACL rules, and any changes made to router configurations. This documentation served as a
valuable resource for reference during audits, troubleshooting, and future security assessments.

2.7 Configure and Verify Classless Routing Protocols (EIGRP):

For efficient and scalable routing, Enhanced Interior Gateway Routing Protocol (EIGRP) was
configured on routers. This dynamic routing protocol adapted to network changes, providing
faster convergence and optimal use of available bandwidth. The configuration was thoroughly
verified to ensure proper functioning and adherence to the organization's routing requirements.

2.6 Assign IP Addresses to Devices and Verify Connectivity:

IP addresses were assigned to devices based on the VLSM addressing scheme. Each device was
configured with its designated IP address and subnet mask. Thorough connectivity tests were
conducted to verify that devices in different departments could communicate successfully. This
step validated the effectiveness of the addressing scheme and ensured seamless data exchange.

2.7 Save and Backup the Router Configuration Files:

Regular saving and backup of router configuration files were implemented to prevent data loss
and facilitate rapid recovery in case of hardware failures or configuration errors. Automated
backup procedures were established to ensure consistency and minimize the risk of oversight.

3. Configure Site-to-Site VPN:

Recognizing the critical importance of secure and seamless communication between its two
office locations, AIBT Corporation strategically implemented a Site-to-Site Virtual Private
Network (VPN). This innovative solution added an extra layer of security, ensuring the
confidentiality and integrity of transmitted data. The implementation was particularly crucial for
AIBT due to the heavy sharing of sensitive information between departments.

a. Understanding the Need for Secure Communication:

AIBT Corporation, with departments spread across different locations, faced the challenge of
maintaining secure communication channels. The nature of their operations involved heavy data
sharing between departments, ranging from HR and Finance to Marketing and Sales. Given the
sensitive nature of the information being exchanged, establishing a secure communication
framework became paramount. The decision to implement a Site-to-Site VPN was driven by the
need to protect data during transmission and guarantee secure interoffice connectivity.

b. Site-to-Site VPN Configuration:

The configuration of the Site-to-Site VPN followed industry best practices, ensuring a robust and
standardized approach to secure communication. Several key components of the VPN
configuration were meticulously addressed:

Authentication Protocols: The VPN implementation incorporated strong authentication protocols

to verify the identity of each communicating office location. This often involved the use of
digital certificates or pre-shared keys to authenticate and establish trust between the VPN
endpoints.

Encryption Standards: To safeguard the confidentiality of transmitted data, the VPN

configuration included robust encryption standards. Commonly used protocols like IPSec were
employed to encrypt data packets, making them secure from unauthorized interception during
transit.

Tunneling Protocols: Tunneling protocols played a vital role in encapsulating and protecting data
as it traversed the insecure public internet. Protocols like GRE (Generic Routing Encapsulation)
or IPSec were employed to create a secure tunnel, shielding the transmitted data from potential
eavesdropping or tampering.

Key Management: Effective key management mechanisms were implemented to generate,

exchange, and refresh cryptographic keys used for encryption and decryption. Regular key
rotation ensured that even if a key were compromised, its exposure would have a limited impact.

c. Ensuring Confidentiality and Integrity:

The primary goal of the Site-to-Site VPN implementation was to guarantee the confidentiality
and integrity of transmitted data. AIBT Corporation took a multi-faceted approach to achieve
this:

Data Encryption: By encrypting data within the VPN tunnel, AIBT ensured that even if
intercepted, the information would be indecipherable to unauthorized entities. This encryption
provided an essential layer of confidentiality, safeguarding sensitive business data from prying
eyes.
Integrity Verification: The VPN configuration included mechanisms to verify the integrity of
transmitted data. Hash functions and checksums were employed to ensure that the data arriving
at its destination had not been altered during transit. Any tampering would be detected, triggering
security alerts and preventing the acceptance of compromised data.

d. Benefits of Site-to-Site VPN for AIBT Corporation:

The implementation of the Site-to-Site VPN yielded several tangible benefits for AIBT
Corporation:

Secure Interoffice Communication: The VPN established a secure and private communication
channel between the two office locations. This ensured that sensitive data, including financial
transactions, employee records, and marketing strategies, remained confidential and protected.

Enhanced Data Integrity: With data integrity verification mechanisms in place, AIBT could trust
that the information shared between departments arrived intact and unaltered. This was crucial
for maintaining the accuracy and reliability of critical business data.

Compliance with Security Standards: By adhering to industry best practices in VPN

configuration, AIBT demonstrated a commitment to meeting security standards and compliance
requirements. This not only safeguarded the organization's reputation but also positioned it as a
trustworthy custodian of sensitive information.

e. Ongoing Monitoring and Maintenance:

To ensure the continued effectiveness of the Site-to-Site VPN, AIBT established protocols for
ongoing monitoring and maintenance. This involved:

Regular Security Audits: Periodic security audits were conducted to evaluate the effectiveness of
the VPN configuration. This included reviewing access logs, monitoring for unusual patterns,
and validating adherence to security policies.

Software Updates and Patch Management: Keeping VPN-related software and firmware up to
date was prioritized.

4. Troubleshoot the Devices (4.1):

Device troubleshooting became an integral part of the post-implementation phase. A systematic
approach, including the division of the network into segments for isolation, facilitated efficient
troubleshooting. Any connectivity issues were promptly identified and resolved, ensuring
uninterrupted operations across departments.

4.2 Document the Common Problems with the IP Addressing:

Documenting common IP addressing problems and their resolutions was essential for knowledge
transfer and future reference. This documentation covered issues related to subnetting,
misconfigured IP addresses, and troubleshooting steps. It served as a valuable resource for IT
personnel responsible for maintaining the network, allowing them to address common challenges
with ease.