PROJECT 1 –Exploring network Objective: 1. To study the existing network infrastructure 2. To explore the current trends of networking Instruction: 1. Each group should consist maximum of 4 members. 2. Study the tasks below and write a documentation required for the assessment mechanism. Tasks: 1. Each group need to select a private or government company/agency as your case study location. 2. You are required to gather information about the existing network infrastructure and operation including cabling structure (e.g. fiber, UTP Cat6 etc.), network security system (e.g. firewall, IDS etc.) and other supported system such as e-mail services, payroll system, finance, Internet services and other related systems. 3. Then, you need to analyse all information that has been gathered by following the strength, weaknesses, opportunities and threat (SWOT) analysis. You should identify the SWOT based on current network implementation and configuration. 4. From the SWOT analysis result, you are required to give some suggestions and recommendations to improve the existing network and system in that company. 5. Snap some pictures and include in the report. 6. Write your report in journal format consist of the following items: a. Person-in-contact, contact number, email, position b. Introduction c. Company background d. Existing network implementation e. SWOT analysis f. Network improvement recommendation g. Conclusion h. References 7. Appendix i. Resume of each group member including roles played in this project ii. Diagrams (if applicable) iii. Evidences (photographs)
1
TABLE OF CONTENTS
1.0 : Task 1.1 Project 1 – Exploring Network 2.0 : Table of Contents 3.0 : Person-in-contact, contact number, e-mail, position 4.0 : Introduction 5.0 : Company Background 6.0 : Existing Network Implementation 7.0 : SWOT Analysis 8.0 : Conclusion 9.0 : References 10.0Appendix 10.1: Resume of each member including roles played in this project 10.2Diagrams (if applicable) 10.3Evidences (photographs)
2
PERSON-IN-CONTACT, CONTACT NUMBER, EMAIL, POSITION We’ve arrived the Malaysia Airport around 9 o’clock. When we arrived, we meet Puan Jasmin. She takes us to the guard then we leave our student card there and take the visitor pass. Then, we are introducing to Encik Azman b. Mohd Zain. He take us to the IT department and meet the senior IT executive that is Encik Nor Aizam Mohd Nor. Encik Aizam had explain to us about their network system.
Person-in-contact: Encik Nor Aizam Mohd Nor Contact number: 03-78466539 Email:
[email protected] Position: Senior IT executive
Figure : IT Executive, Mr. Aizam with us from left (Raidah,Afifah,Mr.Aizam, Nazirah,Nadiah)
INTRODUCTION 3
Data communication and networking A computer network is a group of interconnected computers. Networks may be classified according to a wide variety of characteristics. This article provides a general overview of some types and categories and also presents the basic components of a network. A network is a collection of computers and devices connected to each other. The network allows computers to communicate with each other and share resources and information. The Advance Research Projects Agency (ARPA) designed "Advanced Research Projects Agency Network" (ARPANET) for the United States Department of Defense. It was the first computer network in the world in late 1960's and early 1970's.
Network classification •
Connection method Computer networks can also be classified according to the hardware and software technology that is used to interconnect the individual devices in the network, such as Optical fiber, Ethernet, Wireless LAN, HomePNA, or Power line communication. Ethernet uses physical wiring to connect devices. Frequently deployed devices include hubs, switches, bridges and/or routers. Wireless LAN technology is designed to connect devices without wiring. These devices use radio waves or infrared signals as a transmission medium.
•
Scale Based on their scale, networks can be classified as Local Area Network (LAN), Wide Area Network (WAN), Metropolitan Area Network (MAN), Personal Area Network (PAN), Virtual Private Network (VPN), Campus Area Network (CAN), Storage Area Network (SAN), etc.
•
Functional relationship (network architecture) Computer networks may be classified according to the functional relationships which exist among the elements of the network, e.g., Active Networking, Clientserver and Peer-to-peer (workgroup) architecture.
•
Network topology Computer networks may be classified according to the network topology upon which the network is based, such as bus network, star network, ring network, mesh 4
network, star-bus network, tree or hierarchical topology network. Network topology signifies the way in which devices in the network see their logical relations to one another. The use of the term "logical" here is significant. That is, network topology is independent of the "physical" layout of the network. Even if networked computers are physically placed in a linear arrangement, if they are connected via a hub, the network has a Star topology, rather than a bus topology. In this regard the visual and operational characteristics of a network are distinct; the logical network topology is not necessarily the same as the physical layout. Networks may be classified based on the method of data used to convey the data, these include digital and analog networks. Types of networks •
Personal area network A personal area network (PAN) is a computer network used for communication among computer devices close to one person. Some examples of devices that are used in a PAN are printers, fax machines, telephones, PDAs and scanners. The reach of a PAN is typically about 20-30 feet (approximately 6-9 meters), but this is expected to increase with technology improvements.
•
Local area network A local area network (LAN) is a computer network covering a small physical area, like a home, office, or small group of buildings, such as a school, or an airport. Current LANs are most likely to be based on Ethernet technology. For example, a library may have a wired or wireless LAN for users to interconnect local devices (e.g., printers and servers) and to connect to the internet. On a wired LAN, PCs in the library are typically connected by category 5 (Cat5) cable, running the IEEE 802.3 protocol through a system of interconnected devices and eventually connect to the Internet. The cables to the servers are typically on Cat 5e enhanced cable, which will support IEEE 802.3 at 1 Gbit/s. A wireless LAN may exist using a different IEEE protocol, 802.11b, 802.11g or possibly 802.11n. The staff computers (bright green in the figure) can get to the color printer, checkout records, and the academic network and the Internet. All user computers can get to the Internet and the card catalog. Each workgroup can get to its local printer. Note that the printers are not accessible from outside their workgroup. All interconnected devices must understand the network layer (layer 3), because they are handling multiple subnets (the different colors). Those inside the library, which have only 10/100 Mbit/s Ethernet connections to the user device and a Gigabit Ethernet connection to the central router, could be called "layer 3 switches" because they only have Ethernet interfaces and must understand IP. It would be more correct to call them access routers, where the router at the top is a distribution router that connects to the Internet and academic networks' customer access routers. The defining characteristics of LANs, in contrast to WANs (wide area networks), include their higher data transfer rates, smaller geographic range, and lack 5
of a need for leased telecommunication lines. Current Ethernet or other IEEE 802.3 LAN technologies operate at speeds up to 10 Gbit/s. This is the data transfer rate. IEEE has projects investigating the standardization of 100 Gbit/s, and possibly 400 Gbit/s. •
Campus area network A campus area network (CAN) is a computer network made up of an interconnection of local area networks (LANs) within a limited geographical area. It can be considered one form of a metropolitan area network, specific to an academic setting. In the case of a university campus-based campus area network, the network is likely to link a variety of campus buildings including; academic departments, the university library and student residence halls. A campus area network is larger than a local area network but smaller than a wide area network (WAN) (in some cases). The main aim of a campus area network is to facilitate students accessing internet and university resources. This is a network that connects two or more LANs but that is limited to a specific and contiguous geographical area such as a college campus, industrial complex, office building, or a military base. A CAN may be considered a type of MAN (metropolitan area network), but is generally limited to a smaller area than a typical MAN. This term is most often used to discuss the implementation of networks for a contiguous area. This should not be confused with a Controller Area Network. A LAN connects network devices over a relatively short distance. A networked office building, school, or home usually contains a single LAN, though sometimes one building will contain a few small LANs (perhaps one per room), and occasionally a LAN will span a group of nearby buildings. In TCP/IP networking, a LAN is often but not always implemented as a single IP subnet.
•
Metropolitan area network A metropolitan area network (MAN) is a network that connects two or more local area networks or campus area networks together but does not extend beyond the boundaries of the immediate town/city. Routers, switches and hubs are connected to create a metropolitan area network.
•
Wide area network A wide area network (WAN) is a computer network that covers a broad area (i.e. any network whose communications links cross metropolitan, regional, or national boundaries [1]). Less formally, a WAN is a network that uses routers and public communications links [1]. Contrast with personal area networks (PANs), local area networks (LANs), campus area networks (CANs), or metropolitan area networks (MANs), which are usually limited to a room, building, campus or specific metropolitan area (e.g., a city) respectively. The largest and most well-known example 6
of a WAN is the Internet. A WAN is a data communications network that covers a relatively broad geographic area (i.e. one city to another and one country to another country) and that often uses transmission facilities provided by common carriers, such as telephone companies. WAN technologies generally function at the lower three layers of the OSI reference model: the physical layer, the data link layer, and the network layer.
COMPANY BACKGROUND 7
Sultan Abdul Aziz Shah Airport, LTSAAS formerly Subang International Airport often called Subang Airport, is located in Subang Airport, is an airport located in Subang, Malaysia and primarily serves general aviation and some turboprop domestic flights. Although plans existed to convert the airport into a low-cost carrier hub, the change was opposed by Subang Jaya residents. Until the 1998 opening of the Kuala Lumpur International Airport (KLIA) in Sepang, the Subang International Airport then served as Kuala Lumpur’s primary airport. Subang Airport is currently the hub for Berjaya Air and Firefly.
The airport officially was opened to traffic on August 30th, 1965, and had the longest runway (3.7km long, 45m wide- runway 15-33) in Southeast Asia. By the 1990s, the airport had three terminals, Terminal 1 for the International flights, Terminal 2 for Singapore to KL shuttle flights by Singapore Airlines and Malaysia Airlines, and Terminal 3 for domestic flights. Toward the end of service, the airport suffered at least two major fires that forced traffic to be diverted to other airports. By the end of 1997, Subang Airport handled 15.8 million passengers. In July 2002, AirAsia began flying from KLIA, and in 2004, AirAsia considered utilizing the airport as a primary hub in Malaysia. However, the plan was rejected and the Malaysian government now plans to turn the airport into an international conference centre. Since Firefly started operations in the airport, AirAsia has been lobbying the government to allow AirAsia to use Subang Airport. As of December 2007, the government still maintains its policy of only allowing general aviation and turbo-prop flights out of Subang Airport. Currently, the airport serves as Berjaya Air's main gateway to several Malaysian holiday destinations, including Pulau Tioman. Transmile Air Services a national cargo carrier chose Subang Airport as their main cargo operation center, Several companies offer chartered 8
flights and helicopter services from the airport. A number of flying clubs are also located at Sultan Abdul Aziz Shah airport, the most famous of these being Subang Flying Club, Elite Flying Club, Eurocopter(An EADS Company), ESB Flying Club(Eurodynamic Sdn Bhd). With Eurocopter, the airport servers as a maintenance and support facility for Malaysian Maritime Enforcement Agency helicopters. Malaysia Airline's subsidiary Firefly has been granted approval by the Malaysian Government to utilise the airport for turboprop flights. MAS Aerospace, a subsidiary of Malaysia Airlines, operates a maintenance, repair and overhaul center at the airport for Malaysia Airline's aircraft and third party aircraft. Apart from that, Sultan Abdul Aziz Shah Airport was to be a hub for Global Flying Hospitals, but the humanitarian medical charity made the decision to close down Malaysian Operations, stating that the elements to make the correct formula for the GFH model were not present. Terminal 3 Transformation Plan On 4 December 2007, Subang SkyPark Sdn Bhd announce a RM 300 million plan to transform the Terminal 3 building into an ultra-modern general and corporate aviation hub. The plan includes upgrading the terminal, creation of regional aviation center and finally the establishment of a commercial nexus. Under an agreement with Malaysia Airports, Subang Skypark will serve private aviation while Malaysia Airports will serve Berjaya Air and Firefly Airlines. Subang Skypark recently signed a lease agreement with Malaysia Airports for the land in the Airport in Langkawi. On the next day, VistaJet, a business jet service provider, has announced that it will use the airport as a base of operations in Malaysia. It has chosen Terminal 3, which is being operated by Subang Skypark to be the hub in Asia. The operator announce that construction works for a 9000 square feet, five star executive lounge begins in February 2008. The construction works was awarded to ArcRadius Sdn Bhd. It is expected that the lounge works will be done by end of March 2008. The transformation plans also calls for a construction of two 42 meters by 47 meters maintenance, repair and overhaul hangars and ten 36 meter by 36 meter parking hangars. The construction of the MRO hangars will complete by end of 2008 while two of the ten parking hangars will complete by end of 2009. On August 8, 2008, VistaJet Holding SA started operations from the airport. It provides private jet travel from Malaysia to anywhere in the world. Pejabat Imigresen Subang Terminal 2 03-78471678 Lapangan Terbang SAAS 03-78471851 47200 Subang.
EXISTING NETWORK IMPLEMENTATION 9
Network implementation consists of the following steps: 1. Physical network design •
Local Area Network design LAN design consists of selecting appropriate devices such as Hubs, Bridges, Switches, and Routers. Criteria for selecting LAN devices include the following: • • • • • • • •
•
The number of ports required at different levels The speed (10Mbps/100Mbps/1Gbps or others) Media considerations, such as Ethernet, Token Ring etc. Support for different network protocols such as TCP, VOIP etc. Ease of configuration, and maintainability Management (SNMP etc.) Availability Documentation
Wide Area Network design Various WAN technologies are available for connecting enterprise resources. A few prominent technologies are given below: • • • •
Leased lines Synchronous Optical Network (SONET) Frame Relay Asynchronous Transfer Mode (ATM) The technology that suits an enterprise requirement depends on the bandwidth and QoS requirements, security requirements, and application requirements.
Remote Access requirements: The companies are increasing becoming mobile. This demands remote access capability to its executives, customers and vendors. Devices are chosen taking into consideration the remote access requirements of the Company. Several technologies can be used for remote access including PPP, Multilink PPP, ISDN, or Cable Modem. Careful consideration to be given whether the software or WAN devices support authentication and authorization methods intended to be adopted by the Company.
Netwotk Implementation at
10
Internationa Subang Airport – Imegresion Department
According to the information gathered, we determine that the International Subang Airport, Immigration Department used backbone CAT5e also using CAT6. The IT Executive added, the building at Subang Airport, especially at Department of Immigration, is kind of old building. So that why they still using an old network even though the accessibility are wider now. Furthermore, the IT Department is using ipv4 for their internet protocol provider. They are about to upgrading the internet protocol once the building is moved to KLIA as it much bigger and easy on implement new technology at a new building. The network implementation is divided into two, the left wing, and the right wing.
L Since, every implementation got to have LANs included, as to defined LANs is as follow; Network in limited geographical area such as home or office building. They also are
R
11
using wireless LANs connection. The LANs connection connects them to the FRS, Police Station and also Kuala Lumpur International Airport (KLIA). In LANs, it has three directories, such as, active directory, authentication, and radius server. The directory also constraints, DHCP, Short for Dynamic Host Configuration Protocol, a protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network. In some systems, the device's IP address can even change while it is still connected. DHCP also supports a mix of static and dynamic IP addresses. Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather than requiring an administrator to manage the task. This means that a new computer can be added to a network without the hassle of manually assigning it a unique IP address. Many ISPs use dynamic IP addressing for dial-up users. DNS, ) Short for Domain Name System (or Service or Server), an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they're easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.example.com might translate to 198.105.232.4. The DNS system is, in fact, its own network. If one DNS server doesn't know how to translate a particular domain name, it asks another one, and so on, until the correct IP address is returned. Other directories are, Windows’98 -NetBIOS, print server and IDP. They choose to use the IDP because it can be paced anywhere. Different with the IDS that only be placed at the gateway only. Commonly every company that have directory will choose to use IDP. The topology that they used is a Star Topology. Star Topology is, all devices connect to a central device, called hub. In addition, all data transferred from one computer to another passes through hub. In spite of that they also have core switch, distribution switch and edges switch. The backbone they are using basically base on their network card available. The network card is about, 10/100MBps. At the core network, they have the primary switch and backup switch. Other than that, the International Subang Airport is using a high supported packet. According to the person in charge, the IT Executive Mr. Aizam, he says that, “The packet must be highly supported, if not, the firewall will turn down”.
internet
Serv er DM zone
intern et
Core switch
intern et
12
Proxy-free-script
LANs Firewall
Telekom M
KLIA
VADs
Outsource server
Figure: extract of network implementation at Subang Airport
Based on the figure above, we can say that, they are using the DMZ. DMZ is Demilitarized Zone. In computer networking, DMZ is a firewall configuration for securing local area networks (LANs). In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network like the Internet. One or more computers also run outside the firewall, in the DMZ. Those computers on the outside intercept traffic and broker requests for the rest of the LAN, adding an extra layer of protection for computers behind the firewall. Traditional DMZs allow computers behind the firewall to initiate requests outbound to the DMZ. Computers in the DMZ in turn respond, forward or re-issue requests out to the Internet or other public network, as proxy servers do. (Many DMZ implementations, in fact, simply utilize a proxy server or servers as the computers within the DMZ.) The LAN firewall, though, prevents computers in the DMZ from initiating inbound requests. DMZ is a commonly-touted feature of home broadband routers. However, in most instances these features are not true DMZs. Broadband routers often implement a DMZ simply through additional firewall rules, meaning that incoming requests reach the firewall directly. In a true DMZ, incoming requests must first pass through a DMZ computer before reaching the firewall. The part of MPLS is being connected to the KLIA. Currently, KLIA is being connected to 32 branch of airports overall. Under the International Subang Airport, it is being connected to one branch only, IMC at Jalan Sultan Ismail. They also have the system AD. For the devices, they put on vLAN. And for the user they put on vLAN1, vLAN2, vLAN3 and vLAN4. Wi-Fi and consultant also using vLAN, overall they have 7 vLAN. The MPLS is, short for Multiprotocol Label Switching, an IETF initiative that integrates Layer 2 information about network links (bandwidth, latency, utilization) into 13
Layer 3 (IP) within a particular autonomous system--or ISP--in order to simplify and improve IP-packet exchange. MPLS gives network operators a great deal of flexibility to divert and route traffic around link failures, congestion, and bottlenecks. From a QoS standpoint, ISPs will better be able to manage different kinds of data streams based on priority and service plan. For instance, those who subscribe to a premium service plan, or those who receive a lot of streaming media or high-bandwidth content can see minimal latency and packet loss. When packets enter a MPLS-based network, Label Edge Routers (LERs) give them a label (identifier). These labels not only contain information based on the routing table entry (i.e., destination, bandwidth, delay, and other metrics), but also refer to the IP header field (source IP address), Layer 4 socket number information, and differentiated service. Once this classification is complete and mapped, different packets are assigned to corresponding Labeled Switch Paths (LSPs), where Label Switch Routers (LSRs) place outgoing labels on the packets. With these LSPs, network operators can divert and route traffic based on data-stream type and Internet-access customer. VADS is one of Malaysia’s leading Managed ICT Services providers. Growing from our heritage as a joint venture between IBM Global Network Services and Telekom Malaysia Berhad, today they are a public listed company serving more than 500 medium to large enterprises across various industries. Over the years VADS has strengthened the foundation of its triple pillars of services and solutions in Managed Network Services (MNS), Systems Integration Services (SIS) and Business Process Outsourcing (BPO). By adding value for our customers and empowering them to be efficient and productive, VADS has managed to achieve 16 years of uninterrupted revenue growth.
NETWORK SECURITY SYSTEM
14
In Malaysian Airport, they use firewall in their security system. A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system. It is also a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria. A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. There are several types of firewall techniques: •
Packets filter: Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
•
Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.
•
Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
•
Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.
Function A firewall is a dedicated appliance, or software running on computer, which inspects network traffic passing through it, and denies or permits passage based on a set of rules. A firewall's basic task is to regulate some of the flow of traffic between computer networks of different trust levels. Typical examples are the Internet which is a zone with no trust and an internal network which is a zone of higher trust. A zone with an intermediate trust level, situated between the Internet and a trusted internal network, is often referred to as a "perimeter network" or Demilitarized zone (DMZ). A firewall's function within a network is similar to physical firewalls with fire doors in building construction. In the former case, it is used to prevent network intrusion to the private network. In the latter case, it is intended to contain and delay structural fire from spreading to adjacent structures. Without proper configuration, a firewall can often become worthless. Standard security practices dictate a "default-deny" firewall rule set, in which the only network connections which are allowed are the ones that have been explicitly allowed. Unfortunately, such a configuration requires detailed understanding of the network applications and 15
endpoints required for the organization's day-to-day operation. Many businesses lack such understanding, and therefore implement a "default-allow" rule set, in which all traffic is allowed unless it has been specifically blocked. This configuration makes inadvertent network connections and system compromise much more likely.
The picture takes in front the firebox-watchguard firebox
The picture takes from the upper of firewall
16
The picture takes from the upper of firewall
The firebox place in the sever room in the IT department
CABLING STRUCTURE 17
Cabling structure For the cabling structure, the company use the Cat5 and Cat5e cable. Category 5 cable, is a twisted pair (4 pairs) high signal integrity cable type often referred to as "Cat5". Many such cables are unshielded but some are shielded. Category 5 has been superseded by the Category 5e specification structured cabling for computer networks such as Ethernet, and is also used to carry many other signals such as basic voice services, token ring, and ATM (at up to 155 Mbit/s, over short distances). The specification for category 5 cable was defined in ANSI/TIA/EIA-568-A, with clarification in TSB-95. These documents specified performance characteristics and test requirements for frequencies of up to 100 MHz. Category 5 cable includes four twisted pairs in a single cable jacket. This use of balanced lines helps preserve a high signal-to-noise ratio despite interference from both external sources and other pairs (this latter form of interference is called crosstalk). It is most commonly used for 100 Mbit/s networks, such as 100BASE-TX Ethernet, although IEEE 802.3ab defines standards for 1000BASE-T - Gigabit Ethernet over category 5 cable. Cat 5 cable typically has three twists per inch of each twisted pair of 24 gauge copper wires within the cables. Cat 5e cable is an enhanced version of Cat 5 that adds specifications for far end crosstalk. It was formally defined in 2001 as the TIA/EIA-568-B standard, which no longer recognizes the original Cat 5 specification. Although 1000BASE-T was designed for use with Cat 5 cable, the tighter specifications associated with Cat 5e cable and connectors make it an excellent choice for use with 1000BASE-T. Despite the stricter performance specifications, Cat 5e cable does not enable longer cable distances for Ethernet networks: cables are still limited to a maximum of 100 m (328 ft) in length (normal practice is to limit fixed ("horizontal") cables to 90 m to allow for up to 5 m of patch cable at each end, this comes to a total of the previous mentioned 100m maximum). Cat 5e cable performance characteristics and test methods are defined in TIA/EIA-568-B.2-2001. The cable exists in both stranded and solid conductor forms. The stranded form is more flexible and withstands more bending without breaking and is suited for reliable connections with insulation piercing connectors, but makes unreliable connections in insulation-displacement connectors. The solid form is less expensive and makes reliable 18
connections into insulation displacement connectors, but makes unreliable connections in insulation piercing connectors. Taking these things into account, building wiring (for example, the wiring inside the wall that connects a wall socket to a central patch panel) is solid core, while patch cables (for example, the movable cable that plugs into the wall socket on one end and a computer on the other) are stranded. Outer insulation is typically PVC or LSOH. Cable types, connector types and cabling topologies are defined by TIA/EIA-568-B. Nearly always, 8P8C modular connectors, often incorrectly referred to as "RJ-45", are used for connecting category 5 cable. The specific category of cable in use can be identified by the printing on the side of the cable. The cable is terminated in either the T568A scheme or the T568B scheme. It doesn't make any difference which is used as they are both straight through (pin 1 to 1, pin 2 to 2, etc); however mixed cable types should not be connected in series as the impedance per pair differs slightly and could cause signal degradation. The article Ethernet over twisted pair describes how the cable is used for Ethernet, including special "cross over" cables.
Cables However, for the internet they are using internet protocol version 4 (IPv4). Internet Protocol version 4 (IPv4) is the fourth revision in the development of the Internet Protocol (IP) and it is the first version of the protocol to be widely deployed. Together with IPv6, it is at the core of standards-based internetworking methods of the Internet, and is still by far the most widely deployed Internet Layer protocol. 19
It is described in IETF publication RFC 791 (September 1981) which rendered obsolete RFC 760 (January 1980). The United States Department of Defense also standardized it as MILSTD-1777. IPv4 is a data-oriented protocol to be used on a packet switched internetwork (e.g., Ethernet). It is a best effort delivery protocol in that it does not guarantee delivery, nor does it assure proper sequencing, or avoid duplicate delivery. These aspects are addressed by an upper layer protocol (e.g. TCP, and partly by UDP). IPv4 does, however, provide data integrity protection through the use of packet checksums. IPv4 uses 32-bit (four-byte) addresses, which limits the address space to 4,294,967,296 (232) possible unique addresses. However, some are reserved for special purposes such as private networks (~18 million addresses) or multicast addresses (~16 million addresses). This reduces the number of addresses that can be allocated as public Internet addresses. As the number of addresses available is consumed, an IPv4 address shortage appears to be inevitable; however network address translation (NAT) has significantly delayed this inevitability. This limitation has helped stimulate the push towards IPv6, which is currently in the early stages of deployment and the only contender to replace IPv4.
OTHER SUPPORTED SYSTEM 20
E-mail services For the e-mail services, the company use Lotus Note 6. Lotus Notes 6 actually shipped in October 2002. Lotus Notes is a client-server, collaborative application developed and sold by IBM Software Group. IBM defines the software as an "integrated desktop client option for accessing business e-mail, calendars and applications on IBM Lotus Domino server. The Notes client is mainly used as an email client, but also acts as an instant messaging client (for Lotus Sametime), browser, notebook, and calendar/resource reservation client, as well as a platform for interacting with collaborative applications. In the early days of the product, the most common applications were threaded discussions and simple contact management databases. Today Notes also provides blogs, wikis, RSS aggregators, CRM and Help Desk systems, and organizations can build a variety of custom applications for Notes using Domino Designer. Since version 7, Notes has provided a web services interface. Domino can be a web server for HTML files too; authentication of access to Domino databases or HTML files uses Domino's own user directory and external systems such as Microsoft's Active Directory. A design client is available to allow rapid development of databases consisting of forms, which allow users to create documents; and views, which display selected document fields in columns. In addition to being a groupware system (e-mail, calendaring, shared documents and discussions), Notes/Domino is also a platform for developing customized client-server and web applications. Its use of design constructs and code provide capabilities that facilitate the construction of "workflow" type applications (which may typically have complex approval processes and routing of data).Since Release 5, Lotus server clustering has been capable of providing geographic redundancy for servers.
Security
21
Lotus also employs a code-signature framework that controls the security context, runtime, and rights of custom code developed and introduced into the environment. With Release 5, Lotus introduced Execution Control Lists at the Client level - starting with 6, ECL's can be managed centrally by server administrators through the implementation of Policies. Since release 4.5 the code signatures listed in properly configured ECLs entirely prevent code execution by external malicious sources, and therefore virus propagation, through native Notes/Domino environments. Administrators can centrally control whether each mailbox user can add exceptions to, and thus override, the ECL. Programming Notes/Domino is a cross-platform, secure, distributed document-oriented database and messaging framework and rapid application development environment that includes pre-built applications like email, calendar, etc. This sets it apart from its major commercial competitors, such as Microsoft Exchange or Novell GroupWise, which are generally purposebuilt applications for mail and calendaring that offer APIs for extensibility. Lotus Domino databases are built using the Domino Designer client, available only for Windows; while standard user clients are available for Windows, Linux, and Mac[3]. A key feature of Notes is that many replicas of the same database can exist at the same time on different servers and clients, across dissimilar platforms, and the same storage architecture is used for both client and server replicas. Originally, replication in Notes happened at document (i.e. record) level. With release of Notes 4 in 1996, replication was changed so that it now occurs at field level. A database is an NSF (Notes Storage Facility) file, containing basic units of storage known as a "note". Every note has a UniqueID and a NoteID. The UniqueID uniquely identifies the note across all replicas within a cluster of servers, a domain of servers, or even across domains belonging to many organizations that are all hosting replicas of the same database. The NoteID, on the other hand, is unique to the note only within the context of one given replica. Each note also stores its creation and modification dates, and one or more Items. There are several classes of notes, including design notes and document notes. Design notes, which are created and modified with the Domino Designer client, represent programmable elements, such as the GUI layout of forms for displaying and editing data, or formulas and 22
scripts for manipulating data. Document notes, which are created and modified with the Lotus Notes client, via a web browser, via mail routing and delivery, or via programmed code, represent user data. As of version 6, Lotus established an XML programming interface in addition to the options already available. The Domino XML Language (DXL) provides XML representations of all data and design resources in the Notes model, allowing any XML processing tool to create and modify Notes/Domino data. Use as an email client Lotus Notes is commonly deployed as an end-user email client in larger organizations, with IBM claiming a cumulative 145 million licenses sold to date. (IBM does not release the number of licenses on current maintenance, nor does it track number of licenses in current use.) When an organization employs a Lotus Domino server, it usually also deploys Lotus Notes for its users to read mail and use databases. However, the Domino server also supports POP3 and IMAP mail clients, and through an extension product (Domino Access for Microsoft Outlook) supports native access for Microsoft Outlook clients. Lotus also provides Domino Web Access, to allow the use of email and calendaring features through Internet Explorer and Firefox web browsers on Windows, Mac and Linux. There are several spam filtering programs available, and a rules engine allowing user-defined mail processing to be performed by the server. Finance and payroll system The company use the software application program for their finance and payroll system. SAP, started in 1972 by five former IBM employees in Mannheim, Germany, states that it is the world's largest inter-enterprise software company and the world's fourth-largest independent software supplier, overall. The original name for SAP was German: Systeme, Anwendungen, Produkte, German for "Systems Applications and Products." The original SAP idea was to provide customers with the ability to interact with a common corporate database for a comprehensive range of
23
applications. Gradually, the applications have been assembled and today many corporations, including IBM and Microsoft, are using SAP products to run their own businesses. SAP has recently recast its product offerings under a comprehensive Web interface, called mySAP.com, and added new e-business applications, including customer relationship management (CRM) and supply chain management (SCM). As of January 2007, SAP, a publicly traded company, had over 38,4000 employees in over 50 countries, and more than 36,200 customers around the world. SAP is turning its attention to small- and-medium sized businesses (SMB). A recent R/3 version was provided for IBM's AS/400 platform. SAP Financial Database provides a framework for managing user’s control, reporting, and compliance data and all related applications – and sets a solid foundation for a strategic information architecture. This powerful application enables data assembly, modeling, and analysis in a consistent fashion. The user can extract once, efficiently ensure the highest possible data quality, and guarantee that all reported results are reconciled and accurate. SAP Financial Database is compatible out-of-the-box with all SAP transactional and analytical banking applications. Plus, the application provides accelerated integration with inhouse and third-party applications through SAP NetWeaver – eliminating the issues of redundant data and high operating costs inherent in isolated point solutions. SAP financial modules give customer the whole picture of the accounting functions with, extensive report facilities to allow for fast decision-making support. They are also perfectly suited for international corporations with multiple subsidiaries, including support for foreign currencies and multilingual capabilities. The financial area contains the following module groups: •
FI. Financial accounting
•
CO. Controlling
•
EC. Enterprise controlling
•
IM. Investment capital management
•
TR, Treasury
Internet services
24
The company uses the proxy server for the internet services. In computer networks, a proxy server is a server (a computer system or an application program) that acts as a gobetween for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. In this case, it 'caches' responses from the remote server, and returns subsequent requests for the same content directly A proxy server has two purposes: •
To keep machines behind it anonymous (mainly for security).
•
To speed up access to a resource (via caching).
It is commonly used to cache web pages from a web server. A proxy server that passes requests and replies unmodified is usually called a gateway or sometimes tunneling proxy. A proxy server can be placed in the user's local computer or at various points between the user and the destination servers or the Internet. Caching proxy server A caching proxy server accelerates service requests by retrieving content saved from a previous request made by the same client or even other clients. Caching proxies keep local copies of frequently requested resources, allowing large organizations to significantly reduce their upstream bandwidth usage and cost, while significantly increasing performance. Most ISPs and large businesses have a caching proxy. These machines are built to deliver superb file system performance (often with RAID and journaling) and also contain hot-rodded versions of TCP. Caching proxies were the first kind of proxy server.
SWOT ANALYSIS 25
SWOT Analysis is based on the aspect of strength, weakness, opportunities, and threat. According to our project, we identify that the system and network they used is standardized and commonly used. From the aspect of strength, we notice that, International Subang Airport strength is lies on the secured and common network. If we can see from the report on the network implementation of International Subang Airport before, we notice that they are using VADs as the out source of their network system. VADS is one of Malaysia’s leading Managed ICT Services providers. Growing from our heritage as a joint venture between IBM Global Network Services and Telekom Malaysia Berhad. As we know choose the right ISP’s is very important on determining and ensure that the network implementation work properly and user friendly. In addition, they also used MPLS. MPLS is, short for Multiprotocol Label Switching, an IETF initiative that integrates Layer 2 information about network links (bandwidth, latency, utilization) into Layer 3 (IP) within a particular autonomous system--or ISP--in order to simplify and improve IP-packet exchange. MPLS gives network operators a great deal of flexibility to divert and route traffic around link failures, congestion, and bottlenecks. Thus we may say that the strength of their network configuration is at excellent condition since they are using the VADs services and have MPLS apart from it. The other aspect from SWOT analysis is weakness. We can generally see that obviously the office and the department is build in the old building that might not have enough supported system or configuration. Nothing much can be done to the configuration process if the building remains the same. Because, analogy of putting a “big” thing, thus we also must have “big” place. So same goes with the network. The evaluation must equally develop and maintain. Next, we have from the aspect of opportunities. Basically, they have opportunities on using 100/1000MBps data rate, but they decided to go on 10/100MBps only because, for them it takes lot of work to be done to configured everything including changing the network card and etc. in fact the current building that they used does not match the evolutions of new technology. Last but not least, the analysis from the aspect of their threats, International Subang Airport uses to be hack by other, not responsible ones. But, currently, the firewall they are using, still never been hacked. The watchguard firewall is generally protecting the system anyway.
NETWORK IMPROVEMENT RECOMMENDATION
26
Finally, we may recommend on the existing network improvement. As we know, International Subang Airport, use the star topology. A star topology is one of the most common network setups where each of the devices and computers on a network connect to a central hub. A major disadvantage of this type of network topology is that if the central hub fails, all computers connected to that hub would be disconnected. To prevent this problem, they should prepare a back-up system or any emergency configuration to not stop the production and the employees work. Because stopping on the system may affect the quality and process of work and also may distort their daily routine. Other than that, now the IPv6 is well known to be better and upgraded internet protocol. But the International Subang Aiport still using the IPv4. So we recommend them to upgrade the internet protocol to the latest internet protocol. In fact, currently they are using Lotus Notes version 6.5. We also want to recommend them to upgrade the system to Lotus Notes version 8.0. So that the payroll system, e-mail services, internet services, web authentication would be better and improve their services on that and become more user friendly. Last but not least, improvement recommendation on the data rate sends and receives. As the International Airport, they should have better speed on sending and receiving the data rate. Thus, once they are moved to KLIA or new building with better configuration, they should implement better data rate like, 100/1000MBps. Overall that is all our piece of recommendation on their network implementation. Based on our limited and not that much knowledge, we manage to finalize the recommendation needed.
CONCLUSION
27
The conclusion of this project is, we unconsciously gain and learning about the important things of network implementation. Other than cabling structure, network security system, other supported system and etc. Therefore, we may say that this project benefit us in the way it is. The recommendation we give just based on our knowledge that is limited to certain information that we know. Perhaps, there is better way to be recommended to this network implementation. We also see that most of the company according to their IT Executive’s opinion used star topology, because it is easy to monitor them all when all the devices is centred at one spot. Even though there is some information that we cannot obtain, which is strictly private n confidential to the company, but still, we managed to gather information that needed and complete the task.
References
28
1. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/localdir/ld31rns/ldicgd/ld3_c
h3.htm 2. http://en.wikipedia.org/wiki/Uninterruptible_power_supply 3. http://compnetworking.about.com/cs/networksecurity/g/bldef_dmz.htm 4. http://www.webopedia.com/TERM/M/MPLS.html 5. http://www.vads.com/main.html
6. http://www.webopedia.com/TERM/D/DHCP.html 7. http://www.webopedia.com/TERM/D/DNS.html
8. William Stallings, Data and Communications, eight Edition,2007;Pearson International Edition(Education)
29
RESUME 30
Name : Nadiah Atikah binti Abdullah Identity Card : 891025-14-6914 Student ID : 2008401582 Course Code : ITT460 Program Code : CS226 Group : CSB26A Part : II Role : Existing network infrastructure Also responsible on ensure that the team objectives and project were done successfully interpreted. E-mail :
[email protected] Testimonials : I, as the team leader would gratitude our thanks to Madam Rozita Yunos for the opportunities she gave us to complete and experience the project given. Even though it quite a while but we manage to complete and gather the information as we told to. The knowledge and experiences we gain would remain and be as precious as the beginning. We are hoping to make it better for the next project.
RESUME 31
Name : Nor Raidah binti Rai Identity Card : 891130-07-5214 Student ID : 2008401594 Course Code : ITT460 Program Code : CS226 Group : CSB26A Part : II Role : Responsible on extracting information about the Network security System. Also responsible on contacting the person in charge at International Subang Airport. E-mail :
[email protected] Testimonials : I, as the member of team would gratitude our thanks to Madam Rozita Yunos for the opportunities she gave us to complete and experience the project given. Even though it quite a while but we manage to complete and gather the information as we told to. The knowledge and experiences we gain would remain and be as precious as the beginning. We are hoping to make it better for the next project.
32
RESUME Name : Afifah Amirah binti Mohamed Identity Card : 890222-03-5522 Student ID : 2008401566 Course Code : ITT460 Program Code : CS226 Group : CSB26A Part : II Role : Responsible on extracting about the cabling structure Also responsible on taking photos and prepare several question to be asked to the IT Executive, Mr. Aizam. E-mail :
[email protected] Testimonials : I, as the member of team would gratitude our thanks to Madam Rozita Yunos for the opportunities she gave us to complete and experience the project given. Even though it quite a while but we manage to complete and gather the information as we told to. The knowledge and experiences we gain would remain and be as precious as the beginning. We are hoping to make it better for the next project.
33
RESUME Name : Siti Nazirah binti Yacob Identity Card : 900120-04-5152 Student ID : 2008401602 Course Code : ITT460 Program Code : CS226 Group : CSB26A Part : II Role : Responsible on extracting information about the others supported system Also responsible on taking photos, printing the report, collecting money for the use of this project E-mail :
[email protected] Testimonials : I, as the member of the team, would gratitude our thanks to Madam Rozita Yunos for the opportunities she gave us to complete and experience the project given. Even though it quite a while but we manage to complete and gather the information as we told to. The knowledge and experiences we gain would remain and be as precious as the beginning. We are hoping to make it better for the next project.
34
DIAGRAMS
35
EVIDENCES
Figure : The picture in the sever room
Figure :Main frame
Figure : Landscape of the Lapangan
Figure : Malaysia Airport – International Subang Airport
Figure : Lapangan Terbang Antarabangsa Subang Kuala Lumpur 36
Figure : Server Room
Figure : Main Frame
Figure : connected to KLIA Figure : the UPS
37
38