Presentation is loading. Please wait.

Presentation is loading. Please wait.

“Enterprise Network Design and Implementation for Airports” Master’s Thesis - Ashraf Ali Department of Computing and Information Sciences This project.

Published byMarcia Haynes Modified over 8 years ago

Similar presentations

Presentation on theme: "“Enterprise Network Design and Implementation for Airports” Master’s Thesis - Ashraf Ali Department of Computing and Information Sciences This project."— Presentation transcript:

1 “Enterprise Network Design and Implementation for Airports” Master’s Thesis - Ashraf Ali Department of Computing and Information Sciences This project presented a network design and implementation plan for an airport’s enterprise network. The primary goal was to deliver three principle system attributes: security, quality, and safety. For the security component, the design uses a variety of tools to craft a network that provides a high security level. These utilities includes hardware firewalls, IP access control lists, MAC address-based port security, domain and proxy servers. All of these tools have been configured to provide a multilayer secure environment – and to prevent hackers form entering sensitive subnets like those that house the flight management and service providers hosts. Similarly, a broad collection of services and strategies have been developed that, when combined, create a high service quality for users. These technical services include: failover firewalls utility, PXE server (Pre-boot Execution Environment), DHCP Server (Dynamic Host Configuration Protocol), DNS Server (Domain Name System) and high grade cabling. Additionally, the overall design provides a stable internet service for the Air Traffic Control System through the use of both redundant internet service providers and the failover tools. To meet safety stnards, dual internet providers were adopted for the flight management department to ensure backup operations for the safety critical Primary and Backup Air Traffic Control Complex (BATCX) system. External to the Windows servers backup (iSCSI initiators and iSCSI target) servers were also planned as an additional redundancy measure. This helps to keep the Air Traffic Control systems’ information in full and safety-centric operation. Also, a web server was incorporated as a repository for key passenger information. The design adopted the following techniques in order to make the network meet the collected goals and requirements. This includes security specific tools: Hardware Firewalls to increase the level of security and setup rules for network’s activities. IP access control list to prevent unauthorized activities from guest department. Mac address port security to prevent foreign devices from connecting to the sensitive departments. Domain Server to establish specific groups for specific tasks depending on needs. Proxy server to setup permission for users depending on their positions and authority. To increase the network quality of services, several strategies and systems are included: Fail over firewalls utility to support the network with ISP when the first fail. PXE server (Pre-boot Execution Environment) to provide operating systems. DHCP Server (Dynamic Host Configuration Protocol) to provide IPs. DNS Server (Domain Name System) to manage Airport’s website. Cabling system to provide the network an appropriate connection’s system. Additionally, safety critical systems were given additional protections and mechanisms: Dual ISPs to provide Air Traffic Control System (ATC). Web Server to keep the passengers’ information's in safe place. 1. Burns, S. F. GIAC Security Essentials Certification (GSEC) Practical Assignment v1. 4c January 5, 2005. Threat Modeling: A Process to Ensure Application Security. 2. Lambert, P. (2012). The basics of using a proxy server for privacy and security. Tech Republic. 3. Chadwick, D. W. (2001). Network Firewall Technologies. NATO SCIENCE SERIES SUB SERIES III COMPUTER AND SYSTEMS SCIENCES, 178, 149-168. 4. Cezar, M. (2014, October 16). Setting up a ‘PXE Network Boot Server’ for Multiple Linux Distribution Installations in RHEL/CentOS 7. Retrieved March 22, 2016, from http://www.tecmint.com/install-pxe-network-boot-server-in-centos-7/ http://www.tecmint.com/install-pxe-network-boot-server-in-centos-7/ 5. Bipin. (2014, April 01). Configure iSCSI SAN in Server 2012 R2. Retrieved April 01, 2016, from http://www.mustbegeek.com/configure-iscsi-san-in-server-2012-r2/ http://www.mustbegeek.com/configure-iscsi-san-in-server-2012-r2/ Dual internet service providers helps the Air Traffic Control System’s backup to work 24 hours and place the data outside the network in safe area. Filtering the ins and outs connections in the airport’s network. Prevent the users from accessing the management system in the airport which represent by the Air Traffic Control System. The authorized devices can not connect to the physical part of the network. The network’s users assigned to small groups to verify the identity of local users. The outside attack has been prevented by squid proxy server and limit the inside requests to the internet from users. Failover utility in firewalls provide 24 house of internet services when one of the services goes down. The connected devices in the local network has operating systems that available to access any time. Assign internet protocols (IPs) to any device in the network automatically for each department during the operations hours. Translate IP addresses to the airport’s website internally. The cabling system between buildings helps to reduce the time that used o transferee the data. Passengers’ information protected in the local web server which placed inside the network. Several further possible enhancements emerged in the course of the design project: Involve the Windows Servers in the security aspect to filter the untested data that entered into the flight management system. Create bootable operating system from different buildings or the cloud when the local System fails or in the case of sudden fire in any department. Apply the failover configurations on the firewalls’ user interface in a state of the terminal that has been used in the Packet Tracer program to ensure the configurations process steps. Use the IP subnet utility to limit the IPs in the network which allows the network to be organized more easily. Increase the target storage capacity for the Air Traffic Control System backup to make sure that the target server has enough space to store the data, especially in big airports which have many traffic activities during the work operations. Methods References Figure 1. Airport Network, As Designed Figure 2. Example Airport Building Introduction Further Design Considerations/Points Future Refinements Practical Work

Download ppt "“Enterprise Network Design and Implementation for Airports” Master’s Thesis - Ashraf Ali Department of Computing and Information Sciences This project."

Similar presentations

5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public ITE PC v4.1 Chapter 4 1 Chapter 12: Advanced Troubleshooting IT Essentials v5.0.

© Cisco Systems, Inc. All rights reserved. Cisco Public ITE PC v4.1 Chapter 4 1 Chapter 12: Advanced Troubleshooting IT Essentials v5.0.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.

History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Lesson 1: Configuring Network Load Balancing

Lesson 1: Configuring Network Load Balancing
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
A Guide to major network components

A Guide to major network components
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Chapter 11: Dial-Up Connectivity in Remote Access Designs

Chapter 11: Dial-Up Connectivity in Remote Access Designs
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
Prepared by:Nahed AlSalah Data Security 2 Unit 19.

Prepared by:Nahed AlSalah Data Security 2 Unit 19.

Similar presentations

Ads by Google