MUHAMMAD KHALIS BIN MOHD JAMIL

1.0 Objective

• I have been asked to designing a network for a Mara Professional College Seri
Iskandar(MPCSI) that requires its computers to communicate each other and on
the internet. The task given is for me to enable all of the PCs in MPCSI includes
with the wireless access point to sharing file. To achieve the objectives, I need to
understand what does it means by Network. Network or computer network can
be defined as a collection of computers and devices connected by
communications channels that facilitates communications among users and
allows users to share resources with other users. Networks may be classified
according to a wide variety of characteristics. This article provides a general
overview of types and categories and also presents the basic components of a
network.

2.0 Introduction

2.1 Company Background

 Directly register with the Edexcel Foundation / Business And Technology

Education Council (BTEC) from United Kingdom where this organization would
award the Higher National Diploma (HND) course with center No. 92013. Get
certificate from the Education Institution Registry with certificate registry No.
A/IPTK/28/(110) where this institution will produce worker at Diploma level in
business, marketing and information technology course in order to fulfill country
work force needs. Already get the credits from the Lembaga Akreditasi Negara
LAN.

2.2 Scope of Network

• Inside Mara Professional College Seri Iskandar

2.3 Document Overview

• This report would provide information about the networking in MPCSI area.

1
MUHAMMAD KHALIS BIN MOHD JAMIL

3.0 Design

3.1 Network Diagram

MPCSI network diagram

The IP address for the other PCs or servers, I would like to create its own IP address and use
the 192.168.0.0 as the MPCSI network.

Table below shows the IP address that I have already classified for certain place in MPCSI
network.

Location Subnet IP address

ROUTER 0 193.188.34.0

ADMINISTRATOR ROOM 1 192.168.0.1 – 192.168.0.2

LAB 1 2 192.168.0.3 - 192.168.0.26

LAB 2 3 192.168.0.27 - 192.168.0.50

CLASS 4 192.168.0.51 - 192.168.0.57

LECTURERS ROOM 5 192.168.0.58 - 192.168.0.60

OFFICE 6 192.168.0.61 - 192.168.0.65

WIRELESS ACCESS POINT 5 192.168.0.66 - 192.168.0.254

2
MUHAMMAD KHALIS BIN MOHD JAMIL

3.2 Component / Network Devices

Components Price Quantity Total Price

CISCO 8 – Port ADSL

RM 140 1 RM 140
Router with Firewall

D-LINK DES-1024R+
100Mbps 24-Port UTP
RM 385 3 RM 1155
Stand-alone Unmanageable
Switch

NETGEAR FVS318
ProSafe VPN Firewall 8 with
RM 484 1 RM 484
8-Port 10/100 Switch
(include with IDS)

Fileserver (Windows 2008

RM 2300 1 RM 2300
server)

Web Server RM 2599 1 RM 2599

[WTS] DLINK Print Server RM 150 1 RM 150

Printer (Canon MP 145) RM 199 6 RM 1194

D-Link DIR-615 Wireless N

RM 164 1 RM 164
Router

CAT5E Straight-Through
Enhanced Network Cable
RM 30 70 RM 2100
20 Meters w/Plug (For PC
To Switch)

TOTAL PRICE RM 10286

3
MUHAMMAD KHALIS BIN MOHD JAMIL

• CISCO 8 – Port ADSL Router with Firewall

A router is a networking device whose software and hardware are customized to

the tasks of routing and forwarding information. This router is already built-in with
firewall that enables security in it. All router firewall devices are basically
hardware firewalls. They keep people and software on the outside of your
network from getting in without being invited. It will prevent unrecognized IP
addresses that have connected with this router where the IP that will able to
connect with it have been set in this router.

• D-LINK DES-1024R+ 100Mbps 24-Port UTP Stand-alone Unmanageable Switch

- A network switch is a computer networking device that connects network

segments.

- There have about 3 switch 24-port been used in this network. It been
used in Lab 1, Lab 2, and the administration department where at
administration department includes office, lecturer room, class and
system administration (administration room). For the Lab 1 and 2, I using
switch 24-port because I think there will be have some modification or
addition in PCs. For now, each lab has 15 PCs plus with printer that
having 3 function (3 in 1) which are printing, scanner, and Photostat.

- Therefore, each lab only using 16 port from the 24 port provide by switch
and still have 8 port remain in order for them to increase the PCs number.
For another 24-port switch that will be used at administration site, it will
used 23 ports from 24 ports provided. 6 ports from it been used in office
where it would be used 5 ports for the administration PCs and 1 ports for
network printer that will be provide at office. Another 4 ports will be used
at the lecturers’ room where 3 for lecturers’ PCs and 1 more for the

4
MUHAMMAD KHALIS BIN MOHD JAMIL

network printer. 8 ports will be used at the class room where 7 ports for
the PCs provide to lecturers that will used class PCs to help them for
teaching session and 1 port for the network printer that will be provide for
those 7 classes. 3 ports from the 24-port switch will be used for the
system administration. 2 ports for system administration PCs and 1 port
for the network printer provided. There also required for the wireless
network should be made available to students which allow them to an
internal access to the file and server. Therefore, 1 port for the wireless
access point will be used. The last one port should be used for the 8-port
switch that will be providing for the Demilitarized Zone (DMZ). Where at
this zone only 5 ports from those 8-port switch will be used. Those 6
things that able in DMZ are Intrusion Detection System (IDS), Firewall,
printer server, web server and file server.

• NETGEAR FVS318 ProSafe VPN Firewall 8 with 8-Port 10/100 Switch (include
with IDS)

- A firewall is a part of a computer system or network that is designed to

block unauthorized access while permitting authorized communications. It
is a device or set of devices which is configured to permit or deny
computer applications based upon a set of rules and other criteria.

- Firewalls can be implemented in either hardware or software, or a

combination of both. Firewalls are frequently used to prevent
unauthorized Internet users from accessing private networks connected
to the Internet, especially intranets. All messages entering or leaving the
intranet pass through the firewall, which examines each message and
blocks those that do not meet the specified security criteria.

• Fileserver (windows 2008 server)

- A file server is a computer attached to a network that has the primary

purpose of providing a location for shared disk access, i.e. shared storage
of computer files (such as documents, sound files, photographs, movies,
images, databases, etc.) that can be accessed by the workstations that
are attached to the computer network. The term server highlights the role

5
MUHAMMAD KHALIS BIN MOHD JAMIL

of the machine in the client–server scheme, where the clients are the
workstations using the storage. A file server is usually not performing any
calculations, and does not run any programs on behalf of the clients. It is
designed primarily to enable the rapid storage and retrieval of data where
the heavy computation is provided by the workstations.

- As for the network at MPCSI, the file server been provided for the
purpose of to enable the administration department where it include the
office, lecturers room, classes, system administration, and wireless
access point that will be provided to students to sharing file that available
in those file server.

- Therefore, the MPCSI should have this file server in order to give
information not only about students but also provided information about
students result to the students that like to know their performance.

• Intrusion Detection System (IDS)

- An IDS is a device (or application) that monitors network and/or system

activities for malicious activities or policy violations and produces reports
to a Management Station. Intrusion detection is the process of monitoring
the events occurring in a computer system or network and analyzing them
for signs of possible incidents, which are violations or imminent threats of
violation of computer security policies, acceptable use policies, or
standard security practices. Intrusion prevention is the process of
performing intrusion detection and attempting to stop detected possible
incidents. Intrusion detection and prevention systems (IDPS) are primarily
focused on identifying possible incidents, logging information about them,
attempting to stop them, and reporting them to security administrators. In
addition, organizations use IDPSs for other purposes, such as identifying
problems with security policies, documenting existing threats, and
deterring individuals from violating security policies. IDPSs have become
a necessary addition to the security infrastructure of nearly every
organization.

6
MUHAMMAD KHALIS BIN MOHD JAMIL

• Web Server

- A web server is a computer programs that delivers (serves) content, such

as web pages, using the Hypertext Transfer Protocol (HTTP), over the
World Wide Web. The term web server can also refer to the computer or
virtual machine running the program. In large commercial deployments, a
server computer running a web server can be rack-mounted with other
servers to operate a web farm.

- For MPCSI, they should have their own website to introduce to the people
what is their education centre are. The capabilities of their education,
mission and vision, organizations charts, and any other things that they
should introduce to the people either inside MPCSI or outside of it and
that’s the purpose of having the web server.

• [WTS] DLINK Print Server

- Printer server function is been used to control the documents that would
be print by the user to the network printer that provided at each place. For
example, for the Lab 1, it having about 15 PCs and 1 printer. Therefore,
the printer server will detect the documents that user want to print and
give access to the printer at Lab 1 only. Printer server also controlled the
documents should print at where so that if the user in Lab 1 want to print
documents, it didn’t goes to the other Lab printer or out at other places
printer.

• Printer (Canon MP145)

- Speedy document printing: 20ppm monochrome/ 15ppm color, document

copying: 19cpm monochrome/ 15cpm in color, Sharp 600dpi CIS flatbed
scanning with image-retouching capabilities, With the Multi-Crop function
you can select several sections of a document, scan one time, then save
each section as an individual scan in a multi-page file.

- It was a 3 in 1 printer where it having accommodation such as printing,

scanning, and Photostatting documents.

7
MUHAMMAD KHALIS BIN MOHD JAMIL

• D-Link DIR-615 Wireless N Router

- This wireless access point will also using 8-port ADSL Router with
Firewall but using wireless device to provide wireless services to MPCSI
student and enable them to sharing data that has in file server at MPCSI.

• CAT5E Straight-Through Enhanced Network Cable 20 Meters w/Plug (For PC To

Switch)

- Pins on one end correspond exactly to the corresponding pins on the

other end (pin 1 to pin 1, pin 2 to pin 2, etc.). Using the same wiring (a
given color wire connects to a given number pin, the same at both ends)
at each end yields a straight through cable.
- I choose this cable because it easy to connect between PCs and switch.

3.3 Network OS and Software Application

• CentOS

- CentOS is a community-supported, mainly free software operating system

based on Red Hat Enterprise Linux. It exists to provide a free enterprise
class computing platform and strives to maintain 100% binary
compatibility with its upstream distribution. CentOS stand for Community
ENTerprise Operating System.

- CentOS will be used at IDS and Printer server where it will be set to
detect the harmful files or documents that have at PCs in the MPCSI
network.

• Windows 2008 server

- Windows Server 2008 is one of Microsoft Windows' server line of

operating systems. Released to manufacturing on February 4, 2008, and
officially released on February 27, 2008, it is the successor to Windows
Server 2003, released nearly five years earlier. A second release, named

8
MUHAMMAD KHALIS BIN MOHD JAMIL

Windows Server 2008 R2, was released to manufacturing on July 22,

2009. Like Windows Vista and Windows 7, Windows Server 2008 is built
on Windows NT 6.x.

- This network OS will be used at file server because of this server is easy
to conduct and setup also easy to sharing file. It would be used only for
file server to enable file server sharing file.

3.4 Control Mechanism (Network management)

3.4.1 How to manage User

- IDS

IDS would be used to control the file or documents that will be share from
the file server or printer server. It will prevent the harmful file or
documents from being share from file server to users or users to file
servers. The file or documents that will be print by users also will be scan
first by this IDS to determine that file or documents is safe from any harm

9
MUHAMMAD KHALIS BIN MOHD JAMIL

or that file is been classified as top secret file by MPCSI and prevent them
to look over it or been shared by them.

- Firewall

Firewall will be used to manage the user authority in using

accommodations such as sharing file and using internet. The firewall
would be set with several IP addressed that allowed several place such
as Lab 1 and 2 PCs, 7 classrooms PCs and 2 PCs that will be used by
system administrator to use internet. While the other places such as 5
other PCs at office that also be used for administration, 3 PCs at lecturers
room and wireless access points didn’t have internet connection.
Therefore, this Firewall will cut off the internet connection from the several
users in MPCSI which its IP address has been set not to receive internet
services.

There are about 17PCs at different places in Admin Building where first
for their system administration that will have 2PCs where these 2PCs will
be giving authority to having Internet and also the classes that been
provided with 7 PC that will be used by the lecturer also will be given
Internet. So, the firewall will be set by me to allow these 2 places which
are Administration Room and 7 classes IP address to use the Internet.

For the other 8PCs that would be in the lecturers room that
contains 3PCs and the administration office 5PCs didn’t get the
authorities to accessed Internet and it would be block by the
firewall because I already set those 2 places IP address not
having Internet and the Wireless Access Point (WAP) also didn’t
get the Internet. But, all of this PCs and WAP will get the
authorities to access the file server that would enabled them to
sharing file at file server.

For another 2 labs which are Lab 1 and Lab 2 will receive
internet but didn’t get accessed to file server. Each lab is using
IP address 192.168.0.3 - 192.168.0.26 and 192.168.0.27 - 192.168.0.50

10
MUHAMMAD KHALIS BIN MOHD JAMIL

and this IP been recognized by firewall to only using the internet but not
having authorities to access the file server to sharing data or files.

The NOS and IDS will be installed in the server and be used by
the administrator which their own ID and Password that been set
in the NOS. This is because due to the requirement from the
University of Final Fantasy so they can have their own personal
setting of NOS. For the lecturer, some of them are dividing into
department so each of them will have their own ID and Password
to enter their department files to input or output the data that
they needed. All of this is available in the NOS, it is depend on
the administrator to make the work done.

3.4.2 How to manage Resources (file/printer)

- Fileserver

It allows the other user except Lab 1 and 2 to sharing files that have in
that file server. The file server is using windows 2008 server and it would
be easy to conduct it. It would be no problem to manage resources that
the users will use to working on it. File server just providing the sharing
file service to the office, lecturers room, system administration, classes
and also can be used by student that using MPCSI wireless service to
enable the students to look over their records whether the discipline and
academic records that already been stored in file server. But, the students
didn’t have authority to modify those data’s in the file server. The system
administration will conduct this file server along with other server that
have in the MPCSI.

11
MUHAMMAD KHALIS BIN MOHD JAMIL

- Printer server

A print server, or printer server, is a computer or device that is connected

to one or more printers and to client computers over a network, and can
accept print jobs from the computers and send the jobs to the appropriate
printers. By using the CentOS as OS, it enables security on it already.
Plus, with using the IDS as another security which it will help to identify
harmful files and data and other unrecognized file or data to be accepted
to print such as “pornographic”.

3.5 Security Requirement

3.5.1 Securing Internal Network at MPCSI

- In terms of network security, the first line of defense revolves around user
logon issues and the different levels of access provided to network
resources. It really goes without saying that users must have a valid
username and password to log on to the network.

- Resources on the network can also be secured by assigning the

appropriate level of access to the resource for each and every user on the
network. For example, most users might only need to be able to read a
particular database file on the network (file server). Therefore, it would
make sense to only give those users the “read” permission or right for that
file.

3.5.2 User access

- Network administrator is responsible for creating user accounts (system

administrator). Every network operating system provides a built-in
administrator’s account that is used to create and modify network user
accounts and manage the resources on the network. This administrator’s
accounts are given various names in different OS such as root, admin,
and administrator.

12
MUHAMMAD KHALIS BIN MOHD JAMIL

3.5.3 Password Protection

- Password provides security for the network authentication process. This

means that the MPCSI must develop a set of rules for the type of
passwords that MPCSI will allow on the network. Network OS allow them
to set the conditions that must be met for a legal password such as the
number of characters, the inclusion of both alphabets and number.

- A strong password must contain at least seven characters, combination of

number and alphabets. But, does not contain the complete dictionary
words or user real or company names even relatives names.

3.5.4 Resource Permissions

- Each network OS provides a method of assigning permission to folders or

directories on network server (file server and printing server).

3.5.5 Demilitarized Zone (DMZ)

- In computer security, a DMZ, or demilitarized zone is a physical or logical

subnetwork that contains and exposes an organization's external services
to a larger untrusted network, usually the Internet. The term is normally
referred to as a DMZ by IT professionals. It is sometimes referred to as a
Perimeter Network. The purpose of a DMZ is to add an additional layer of
security to an organization's Local Area Network (LAN); an external
attacker only has access to equipment in the DMZ, rather than any other
part of the network. Therefore, the DMZ will include several components
that needs in the MPCSI network. The components that should have in

13
MUHAMMAD KHALIS BIN MOHD JAMIL

this DMZ are Firewall, IDS, File server, web server and printer server.
Where in this zone having high security for the whole MPCSI network.

3.5.6 Firewall

- In the MPCSI network, firewall will manage the security about the network
flow. Example like manage who will have authority to manage the network
system, get accessed to internet, manage the file server and the other
server as well. Not all PCs in MPCSI network get those authorities. Only
several PCs will get full authority to control whole of MPCSI network
system and those authorities will be giving to system administrator. The
top security will be place under the system administrator that will control
whole of the MPCSI network.

- By having this firewall device that already been installed with the IPSec
OS that having security for the internet connection as well. This firewall
also have setting the IP address that should have in the MPCSI network
so it can manage to give authorities whether that IP address can
accessed to file server, printing or using internet. For the wireless access
point, this firewall will only give authorities to accessed to student file only
at file server that been provided so the student can accessed to their
student file to look over their academic and discipline.

3.5.7 IDS

- The IDS will protect the network from unwanted data or files that able to
harm the whole network system. Act as the antivirus for the MPCSI
network, it will block several files and data that contain virus or files and
data that been recognized as illegal files example like pornographic or
porn video that irresponsible person have upload to the file server.

3.5.8 Wardriving and wireless network

- In terms of security, wireless networking provides a number of

challenges. These have been made extremely obvious by a new hacker
exploit termed wardriving. Wardriving is basically driving around with a

14
MUHAMMAD KHALIS BIN MOHD JAMIL

wireless enabled laptop computer, which is used to find and connect to

unsecured wireless networks. This can often provide free access to the
internet and also allow hackers with the inclination to try and crack
wireless network. Wardrivers often outfit their laptop with external
wireless antennae, which makes it easier to find wireless hotspots.

- To prevent from it, I already setting the default configuration which also
includes with administrative password, the default subnet and security
settings related to the 802.11 security protocols Wired Equivalent Privacy
(WEP) and Wifi Protected Access (WPA) and students that wanted to
accessed to the file server will need to go to administration first to give
their laptop first to setting all these things in order to protect the MPCSI
network from being hack by hacker.

3.6 Network performance

3.6.1 Bandwidth

- In computer networking and computer science, bandwidth, digital

bandwidth, or network bandwidth is a measure of available or consumed
data communication resources expressed in bit/s or multiples of it (kbit/s,
Mbit/s etc). Bandwidth may refer to bandwidth capacity or available
bandwidth in bit/s, which typically means the net bit rate, channel capacity
or the maximum throughput of a logical or physical communication path in
a digital communication system. For example, bandwidth test implies
measuring the maximum throughput of a computer network. The reason
for this usage is that according to Hartley's law, the maximum data rate of
a physical communication link is proportional to its bandwidth in hertz,
which is sometimes called frequency bandwidth, radio bandwidth or
analog bandwidth, the last especially in computer networking literature.

- Some authors prefer less ambiguous terms such as gross bit rate, net bit
rate, channel capacity and throughput, to avoid confusion between digital
bandwidth in bits per second and analog bandwidth in hertz.

- Refer to the MPCSI network. It should have the high bandwidth in order to
having smooth network flow or file upload and download work. By using

15
MUHAMMAD KHALIS BIN MOHD JAMIL

the big bandwidth, the data transfer rate will be smoother and faster and
with the help of RJ45 LAN cable, the performance will increase better.

3.6.2 Throughput

- Throughput or network throughput is the average rate of successful

message delivery over a communication channel. This data may be
delivered over a physical or logical link, or pass through a certain network
node. The throughput is usually measured in bits per second (bit/s or
bps), and sometimes in data packets per second or data packets per time
slot. The system throughput or aggregate throughput is the sum of the
data rates that are delivered to all terminals in a network.

- The throughput can be analyzed mathematically by means of queuing

theory, where the load in packets per time unit is denoted arrival rate (λ),
and the throughput in packets per time unit is denoted departure rate (μ).
Throughput is essentially synonymous to digital bandwidth consumption.
Maximum throughput is essentially synonymous to digital bandwidth
capacity.

- Therefore, the MPCSI network should also have maximum throughput for
the easiness of data or files transfer from the file server to other PCs
where it would make sure there no delayed in transferring file or data.

3.6.3 Latency

In a network, latency, a synonym for delay, is an expression of how much

time it takes for a packet of data to get from one designated point to
another. In some usages (for example, AT&T), latency is measured by
sending a packet that is returned to the sender and the round-trip time is
considered the latency. The latency assumption seems to be that data
should be transmitted instantly between one point and another (that is,
with no delay at all). The contributors to network latency include:

16
MUHAMMAD KHALIS BIN MOHD JAMIL

• Propagation:

This is simply the time it takes for a packet to travel between one
place and another at the speed of light.

• Transmission:

The medium itself (whether optical fiber, wireless, or some other)

introduces some delay. The size of the packet introduces delay in
a round trip since a larger packet will take longer to receive and
return than a short one.

• Router and other processing:

Each gateway node takes time to examine and possibly change

the header in a packet (for example, changing the hop count in
the time-to-live field).

• Other computer and storage delays:

Within networks at each end of the journey, a packet may be

subject to storage and hard disk access delays at intermediate
devices such as switches and bridges. (In backbone statistics,
however, this kind of latency is probably not considered.)

17
MUHAMMAD KHALIS BIN MOHD JAMIL

4.0 Conclusion

The conclusion that I can made after doing some research for the network of
MPCSI is the MPCSI network now is standardize with the other education centre
that having network at their place nowadays. But it still not enough to be
compare with certain education centre that having advance networking system
with advance security. Therefore, I really hope that MPCSI can increase the
number of server, PCs also improve the connection in their networking system
and can provide to all places around MPCSI with Internet. So, the students will be
more relax by having free Internet then go to the cyber café or buying
broadband just for the purpose of to use Internet.

Nowadays technology improves speedily and that will be the main reason MPCSI
should upgrade their network gadgets such as PCs, servers and others to let the
user such as student to improve their skills on IT. Technology of networking
component also always up-to-date and if we doesn’t alert when seeking a best
set of component network, you might miss the best and suitable component for
you. The better technology helps to increase students’ knowledge about
computing plus improve their achievement in using the technology.

By preparing this report, hopefully MPCSI would give full cooperation and
understand also learn on about the pricing of the current component network. I

18
MUHAMMAD KHALIS BIN MOHD JAMIL

also hope that MPCSI would clearly understand when read this report and can
make a wise decision about the network that they requested.

5.0 References

Book references

• SAMS TEACH YOURSELF NETWORKING by Joe Habraken and Matt Hayden.

Internet sources

• http://www.kensavage.com/wp-content/uploads/2006/12/maze-game.swf

• http://www.microsoft.com/windowsserver2008/en/us/overview.aspx

• http://en.wikipedia.org/wiki/Computer_network

• www.google.com.my

• http://searchcio-
midmarket.techtarget.com/sDefinition/0,,sid183_gci212456,00.html

6.0 Appendices

19
MUHAMMAD KHALIS BIN MOHD JAMIL

20