1. “Enterprise Network Design and Implementation for Airports” Master’s Thesis: By Ashraf Ali and advised by professor Nicholas Rosasco
Introduction
Practical Work
Airport’s network design and implementation was the aim of this project to introduce a suitable network for most airports around the world. This project focused on three main parts which are; security, quality, and safety.
In security part, the project have been provided by different utilities to introduce a network with high security level for the airport’s network. These utilities are hardware firewalls, IP access control list, Mac address port security, domain server and Proxy server. All of these tools have been configured to provide a secure environment for the entire network by preventing hackers form entering sensitive departments like flight management and service providers departments.
In quality part, improving the performance of any network need a high quality of techniques and services that help to improve the general task of the network. The technical services that have been placed in the airport’s network are; failover firewalls utility, PXE server (Pre-boot Execution Environment), DHCP Server (Dynamic Host Configuration Protocol), DNS Server (Domain Name System) and cabling system. These tools increases the preferment of the network as a general and provide a stable internet service for the Air Traffic Control System with using dual internet service providers and the failover utility.
In safety part, The Dual internet providers’ roles was providing the flight management department which help to confirm the backup operation for the Backup Air Traffic Control Complex (BATCX) system to outside the local network by using Windows servers backup (iSCSI initiators and iSCSI target) servers. This help to keep the Air Traffic Control systems’ information in safe place. Also, web server was the second service that help to save passengers’ lives by saving their personal information.
Methods
Airport Network Security followed the following techniques in order to make the
Network more secure.
Hardware Firewalls to increase the level of security and setup rules for network’s activities.
IP access control list to prevent unauthorized activities from guest department.
Mac address port security to prevent foreign devices from connecting to the sensitive departments.
Domain Server to establish specific groups for specific tasks depending on needs.
Proxy server to setup permission for users depending on their positions and authority.
Airport Network Quality follows these techniques in order to increase the network quality of services.
Fail over firewalls utility to support the network with ISP when the first fail.
PXE server (Pre-boot Execution Environment) to provide operating systems.
DHCP Server (Dynamic Host Configuration Protocol) to provide IPs.
DNS Server (Domain Name System) to manage Airport’s website.
Cabling system to provide the network an appropriate connection’s system.
Airport Network safety follows these techniques in order to insure the safety for passengers.
Dual ISPs to provide Air Traffic Control System (ATC).
Web Server to keep the passengers’ information's in safe place.
Figure 1. Airport's Network
Figure 2. Airport's Building
Results and discussion
Future work
Dual internet service providers helps the Air Traffic Control System’s backup to work 24 hours and place the data outside the network in safe area.
Filtering the ins and outs connections in the airport’s network.
Prevent the users from accessing the management system in the airport which represent by the Air Traffic Control System.
The authorized devices can not connect to the physical part of the network.
The network’s users assigned to small groups to verify the identity of local users.
The outside attack has been prevented by squid proxy server and limit the inside requests to the internet from users.
Failover utility in firewalls provide 24 house of internet services when one of the services goes down.
The connected devices in the local network has operating systems that available to access any time.
Assign internet protocols (IPs) to any device in the network automatically for each department during the operations hours.
Translate the IPs to the airport’s website internally.
The cabling system between buildings helps to reduce the time that used o transferee the data.
Passengers’ information protected in the local web server which placed inside the network.
Involve the Windows Servers in the security aspect to filter the untested data that entered into the flight management system.
Bootable operating system from different buildings or the cloud when the local System fails or in the case of sudden fire in any department.
Apply the failover configurations on the firewalls’ user interface in a state of the terminal that has been used in the Packet Tracer program to ensure the configurations process steps.
Use the IP subnet utility to limit the IPs in the network which allows the network to be organized more easily.
Increase the target storage capacity for the Air Traffic Control System backup to make sure that the target server has enough space to store the data, especially in big airports which have many traffic activities during the work operations.
1. Burns, S. F. GIAC Security Essentials Certification (GSEC) Practical Assignment v1. 4c January 5, Threat Modeling: A Process to Ensure Application Security.
2. Lambert, P. (2012). The basics of using a proxy server for privacy and security. Tech Republic.
3. Chadwick, D. W. (2001). Network Firewall Technologies. NATO SCIENCE SERIES SUB SERIES III COMPUTER AND SYSTEMS SCIENCES, 178,
4. Cezar, M. (2014, October 16). Setting up a ‘PXE Network Boot Server’ for Multiple Linux Distribution Installations in RHEL/CentOS 7. Retrieved March 22, 2016, from
5. Bipin. (2014, April 01). Configure iSCSI SAN in Server 2012 R2. Retrieved April 01, 2016, from
References