Comprehensive Authentic Assessment Plan Deliverables

For this course AAP is a response for customer's RFP or customer's design requirements and type of solution used in network design. Typically a customer's RFP includes following topics.

• Business goals for the project
• Scope of the project
• Information on existing network
• Information on new applications
• Technical requirements, including scalability, availability, network performance, security, manageability, usability, adaptability, and affordability
• Warranty requirements for products
• Environmental or architectural constraints
• Training and support requirements
• Preliminary schedule with milestones and deliverables
• Legal contractual terms and conditions

Your AAP should include responses to all of customer's RFP and should include logical and physical component pf the design, information on technologies used in design solution, and proposal to implementing the design.

Design Requirements

Network Requirements

• Design & configure enterprise campus model design
o State of the art VoIP and Data Network
o Modular, scalable network
o Provide faster Network services
- LAN speed minimum 100 MB and Internet speed minimum 54 MB
o Use appropriate Cisco switch models
o Integrate voice and data network to reduce cost
o 100% connectivity with a minimum number of outside lines for dialing outside numbers.
o Access layers switches
- One port for each device
- Provision for 100% growth
o Server farm switches
- Assume 6 NIC cards in each server and one NIC card uses one port of switch
- Dual processors and dual power supply
- Centralize services and servers
o Built-in redundancy at:
- building core layer and building distribution layer and access layer
- workstation level
- uplinks connection to Building Distribution layer for Building Access layer
o Aggregate routing protocols with hierarchal IP scheme
o TCP/IP protocols for the network
- Guest network must support AppleTalk protocol

• Fast and secure wireless services in the lobby and two large conference rooms
o minimum 54 Mbps of bandwidth

• Video conference and multicast services

• Extra switch capacity at for authorized users to attach their notebook PCs to the network
o Port Security, Sticky MAC, 802.1x protocols to ensure only authorized systems

• IP addressing redesign that optimizes IP addressing and IP routing with IPv6 migration provisions
o Internal/External DNS
o Dual stack, 6to4 tunnel capability or NAT-PT for IPv6 transition

• Site-to-site VPN must be mutually authenticated and utilize cryptographic protection

• PSTN dial-up
o must authenticate with username and OTP
o RADIUS/NAP

• Based on equipment inventory and other requirements:
o Access Layer port count:
- 94 ports for phones, but by utilizing network port on phone this number can be reduced in half to 47. 47 additional ports will be needed for the extra phone in offices.
- 107 ports for desktop/workstation. In most cases a workstation will connect to a phone using the trunking capability of the access switch and the phone.
o Distribution/datacenter
- 240 ports (6 ports per server; 40 servers total)

Security Requirements

• Multilayer security or defense-in-depth security
o Smart card w/ PIN

• Classified Network
o Data Separation from Unclassified network
o Physical Security
- Locks / Smart Cards to access area/systems (multi-factor authentication)
o IPSEC
o No Internet Access
o No USB/Removable Media/Printers/CD Burners (disabled by GPO)

• Encrypted network must use SSL

• Public Servers
o HTTPS (SSL)
- Provide secure means of customer purchase and payment over Internet
o Inside DMZ
o NAT
o Identity Check (User authentication/ Certificate)

• Secure key applications and servers without using encryption on all devices

• Security policies in place to stop sniffing and man-in-the-middle attacks

• Data transmitted on the classified network must be cryptographically protected throughout the network

• Data crossing wide-area links should undergo another layer of cryptographic protection

• All devices must be mutually authenticated and cryptographic protection should be provided.

• Users should undergo periodic user awareness training program on network threats and good security practices
o Acceptable Use Policy to define appropriate user behavior and security configuration settings

• Resolve current security audit problems

• Physical security

• Email protection to protect unclassified and sensitive business emails

Active Directory Requirements

• Servers
o Centralize all services and servers
o Implement Failover cluster services
o File classification infrastructure feature
o IP Address Management (IPAM)
o DHCP (for employee systems)
o Exchange/Outlook (Sending and receiving e-mail)
o Windows Deployment Services
o File Server
- FSRM (quota & file screening)

• OU Infrastructure
o Role-Based
o Department-based OUs
o Global/ Universal/ Local groups
- Utilize least privileged principle for membership
- (delegate group ownership for adding/removing users)

• GPOs
o Bitlocker
o Configure Netscape or Microsoft's Internet Explorer
o Block removable media on classified network
o Create appropriate GPO and GPO policies

• Bitlocker
o BitLocker encryption technology for devices (server and Work station) disc space and volume
o Enable a BitLocker system on a wired network to automatically unlock the system volume during boot
o GPO enforced Used Disk Space Only or Full Encryption is used when BitLocker is enabled

• Enable BranchCache

• Implement Cache Encryption to store encrypted data by default.

Attachment:- Assignment.rar