“Enterprise Network Design and Implementation for Airports” Master’s Thesis - Ashraf Ali Department of Computing and Information Sciences This project presented a network design and implementation plan for an airport’s enterprise network. The primary goal was to deliver three principle system attributes: security, quality, and safety. For the security component, the design uses a variety of tools to craft a network that provides a high security level. These utilities includes hardware firewalls, IP access control lists, MAC address-based port security, domain and proxy servers. All of these tools have been configured to provide a multilayer secure environment – and to prevent hackers form entering sensitive subnets like those that house the flight management and service providers hosts. Similarly, a broad collection of services and strategies have been developed that, when combined, create a high service quality for users. These technical services include: failover firewalls utility, PXE server (Pre-boot Execution Environment), DHCP Server (Dynamic Host Configuration Protocol), DNS Server (Domain Name System) and high grade cabling. Additionally, the overall design provides a stable internet service for the Air Traffic Control System through the use of both redundant internet service providers and the failover tools. To meet safety stnards, dual internet providers were adopted for the flight management department to ensure backup operations for the safety critical Primary and Backup Air Traffic Control Complex (BATCX) system. External to the Windows servers backup (iSCSI initiators and iSCSI target) servers were also planned as an additional redundancy measure. This helps to keep the Air Traffic Control systems’ information in full and safety-centric operation. Also, a web server was incorporated as a repository for key passenger information. The design adopted the following techniques in order to make the network meet the collected goals and requirements. This includes security specific tools: Hardware Firewalls to increase the level of security and setup rules for network’s activities. IP access control list to prevent unauthorized activities from guest department. Mac address port security to prevent foreign devices from connecting to the sensitive departments. Domain Server to establish specific groups for specific tasks depending on needs. Proxy server to setup permission for users depending on their positions and authority. To increase the network quality of services, several strategies and systems are included: Fail over firewalls utility to support the network with ISP when the first fail. PXE server (Pre-boot Execution Environment) to provide operating systems. DHCP Server (Dynamic Host Configuration Protocol) to provide IPs. DNS Server (Domain Name System) to manage Airport’s website. Cabling system to provide the network an appropriate connection’s system. Additionally, safety critical systems were given additional protections and mechanisms: Dual ISPs to provide Air Traffic Control System (ATC). Web Server to keep the passengers’ information's in safe place. 1. Burns, S. F. GIAC Security Essentials Certification (GSEC) Practical Assignment v1. 4c January 5, Threat Modeling: A Process to Ensure Application Security. 2. Lambert, P. (2012). The basics of using a proxy server for privacy and security. Tech Republic. 3. Chadwick, D. W. (2001). Network Firewall Technologies. NATO SCIENCE SERIES SUB SERIES III COMPUTER AND SYSTEMS SCIENCES, 178, Cezar, M. (2014, October 16). Setting up a ‘PXE Network Boot Server’ for Multiple Linux Distribution Installations in RHEL/CentOS 7. Retrieved March 22, 2016, from Bipin. (2014, April 01). Configure iSCSI SAN in Server 2012 R2. Retrieved April 01, 2016, from Dual internet service providers helps the Air Traffic Control System’s backup to work 24 hours and place the data outside the network in safe area. Filtering the ins and outs connections in the airport’s network. Prevent the users from accessing the management system in the airport which represent by the Air Traffic Control System. The authorized devices can not connect to the physical part of the network. The network’s users assigned to small groups to verify the identity of local users. The outside attack has been prevented by squid proxy server and limit the inside requests to the internet from users. Failover utility in firewalls provide 24 house of internet services when one of the services goes down. The connected devices in the local network has operating systems that available to access any time. Assign internet protocols (IPs) to any device in the network automatically for each department during the operations hours. Translate IP addresses to the airport’s website internally. The cabling system between buildings helps to reduce the time that used o transferee the data. Passengers’ information protected in the local web server which placed inside the network. Several further possible enhancements emerged in the course of the design project: Involve the Windows Servers in the security aspect to filter the untested data that entered into the flight management system. Create bootable operating system from different buildings or the cloud when the local System fails or in the case of sudden fire in any department. Apply the failover configurations on the firewalls’ user interface in a state of the terminal that has been used in the Packet Tracer program to ensure the configurations process steps. Use the IP subnet utility to limit the IPs in the network which allows the network to be organized more easily. Increase the target storage capacity for the Air Traffic Control System backup to make sure that the target server has enough space to store the data, especially in big airports which have many traffic activities during the work operations. Methods References Figure 1. Airport Network, As Designed Figure 2. Example Airport Building Introduction Further Design Considerations/Points Future Refinements Practical Work