Created
April 14, 2016 16:25
-
-
Save ciscoo/d2ff065bd05126e6769ff3a4a3dfbc16 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| \documentclass[11pt]{article} | |
| \usepackage[T1]{fontenc} | |
| \usepackage{fancyhdr} | |
| \usepackage{titling} | |
| \usepackage{vhistory} | |
| \usepackage{url} | |
| \usepackage{graphicx} | |
| \usepackage{tabularx} | |
| \usepackage{placeins} | |
| \usepackage{listings} | |
| \pagenumbering{arabic} | |
| \setlength{\droptitle}{11em} | |
| \title{\huge \textbf{Network Architect} \\ \large Design Specification \\ \large 1.0.0} | |
| \author{ | |
| Daniel Koch\\ | |
| \texttt{koch0017@rangers.uwp.edu} | |
| \and | |
| Francisco Mateo\\ | |
| \texttt{mateo001@rangers.uwp.edu} | |
| } | |
| \date{} | |
| \begin{document} | |
| \maketitle | |
| \thispagestyle{empty} | |
| \newpage | |
| \setcounter{page}{1} | |
| \pagestyle{fancy} | |
| \fancyhf{} | |
| \renewcommand{\headrulewidth}{2pt} | |
| \renewcommand{\footrulewidth}{1pt} | |
| \lhead{Network Architect} | |
| \lfoot{Design Specification} | |
| \rfoot{\thepage} | |
| \newpage | |
| \tableofcontents | |
| \newpage | |
| \section{Introduction} | |
| The Design Document is to provide documentation which will be used to aid in the development and deployment of this \textbf{network} and its components. The document provides in detail how each component shall be built. | |
| \subsection{Purpose} | |
| The purpose of this document is to provide a detailed description of the design of the system and each of its components. The document aims to provide an understanding of what is to be built and how it is to be built. This document provides a description for the \textbf{network} and its components to be built. This document is to serve as a guideline for a team of network engineers to implement the \textbf{network}. | |
| \subsection{Scope} | |
| The \textbf{network} shall allow the \textbf{users} to access \textbf{data} on the \textbf{network} and any other \textbf{systems} on the \textbf{network}. The \textbf{network} shall support \textbf{Internet Protocol version 4} (\textbf{IPv4}) and \textbf{IPv6}. | |
| \subsection{Overview} | |
| The following sections will outline the \textbf{network} and its components. This document is written according to the standards for Design Documentation as set forth by the Institute of Electrical and Electronics Engineers (\textbf{IEEE}). We will begin by giving an overall view of the system as a whole. Next we will provide in detail the systems architecture. Finally we will provide details how each component is implemented. | |
| % Define "fancy" terms since Heather is playing dumb client | |
| % Abc order | |
| \subsection{Definition and Acronyms} | |
| \label{subsec:defin} | |
| \begin{description} | |
| \item[CentOS] \hfill \\ | |
| A community enterprise operating system that is a Linux distribution that attempts to provide a free, enterprise-class, community-supported computing platform which aims to be functionally compatible with its upstream source. | |
| \item[Data] \hfill \\ | |
| The \textbf{data} is any arbitrary file (excluding system files) that can be accessed on the \textbf{network}. | |
| \item[Internet Protocol] \hfill \\ | |
| From Wikipedia: The principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. | |
| \item[IPv(x)] \hfill \\ | |
| A specific version of the \textbf{Internet Protocol}, see definition of \textbf{Internet Protocol}. | |
| \item[Network] \hfill \\ | |
| The \textbf{network} is the \textbf{local area network} (\textbf{LAN}). | |
| \item[OS] \hfill \\ | |
| See \textbf{operating system} | |
| \item[Operating System] \hfill \\ | |
| From Wikipedia: a system software that manages computer hardware and software resources and provides common services for computer programs. | |
| \item[Users] \hfill \\ | |
| The \textbf{users} are the people are have access or are on the \textbf{network}. | |
| \item[Router] \hfill \\ | |
| From Wikipedia: a networking device that forwards data packets between computer networks. | |
| \end{description} | |
| \section{Network Overview} | |
| The \textbf{network} and its components were developed to aid the research company 190.5. The goal is to create a \textbf{network} that will help build a secure and well maintained network to protect valuable trade secrets, to maintain a high level of accessibility, and to allow collaboration with scientists in other locations. | |
| \section{Network Architecture} | |
| The following section will give an in broad view of how each component of the system should work. | |
| \subsection{Architectural Design} | |
| The \textbf{network} as a whole is divided into three parts: | |
| \begin{enumerate} | |
| \item \textbf{Router} | |
| \item \textbf{Firewall} | |
| \item \textbf{Switch} | |
| \end{enumerate} | |
| \subsection{Design Rationale} | |
| This section shall discuss the rational for selecting the \textbf{networks} architecture. | |
| \subsubsection{Router} | |
| This \textbf{router} is a glorified desktop computer that uses \textbf{CentOS} 7 as it's \textbf{OS}. We are a professionally amateur company whose employees are not that educated with enterprise equipment and/or software. | |
| \subsubsection{Firewall} | |
| The \textbf{firewall} is built in from the \textbf{Linux kernel}. The \textbf{firewall} is configured using \textbf{iptables} The script used to configure the firewall is as follows: | |
| \begin{lstlisting} | |
| #!/bin/bash | |
| # Flush all current rules from iptables | |
| iptables -F | |
| # Allow SSH connections on tcp port 22 | |
| iptables -A INPUT -p tcp --dport 22 -j ACCEPT | |
| # Block null packets | |
| iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP | |
| # Reject syn-flood attacks | |
| iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP | |
| # Block XMAS packets | |
| iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP | |
| # Set default policies for INPUT, FORWARD and OUTPUT chains | |
| iptables -P INPUT DROP | |
| iptables -P FORWARD ACCEPT | |
| iptables -P OUTPUT ACCEPT | |
| # Set access for localhost | |
| iptables -A INPUT -i lo -j ACCEPT | |
| # Accept packets belonging to established and related connections | |
| iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| # Allow SSH | |
| iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT | |
| # Allow OpenVPN | |
| iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT | |
| iptables -A INPUT -p tcp -m tcp --dport 943 -j ACCEPT | |
| iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT | |
| # Vicent's request | |
| iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT | |
| iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT | |
| # Save settings | |
| /sbin/service iptables save | |
| \end{lstlisting} | |
| As you can see from the script, we block off any/all ports we are not using and open up any we need. | |
| \subsubsection{Switch} | |
| The \textbf{switch} is will connect all computers to a \textbf{LAN}. A neccessary component of almost all \textbf{networks}. | |
| \begin{figure}[htp] | |
| \center | |
| \includegraphics[width=11cm]{nd} | |
| \caption{Network Diagram} | |
| \label{fig:nd} | |
| \end{figure} | |
| \section{Network Design} | |
| \end{document} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment