The redesign for Kudler Fine Foods has covered the topology and standards and has defined the architecture, protocols, and strategies it will employ. Now security is the issue that needs to be reviewed. The most important aspect of any communications platform is that it is secure. This paper will discuss the security of the network and the details of the hardware choices that will be used in it.
Security Hardware and Software
Between every network and the outside host of threats there is a first line of defense. For almost every network this will be a firewall. A firewall can be both hardware and software and is usually a combination of the two. A firewall creates a barrier between networks. Any outside computer or client must pass through the firewall to access the network or its resources. Only a computer or system that has proper access can easily access a network protected by a properly configured firewall. Though it is not infallible, a firewall is the first and perhaps best means of security available to a network.
The Kudler Fine Foods network will have firewalls installed and configured at each location. These firewalls will be designed to allow access from authenticated users inside the network. Communication outside of the network should be minimal and not available from unauthenticated sources. Customers do have the ability to access certain account information from the Kudler Fine Foods website. These accounts allow them an authenticated login to the webserver which can access the firewall and the specific account information behind it. Customers themselves do not have access to the network or its files.
A truly secure network does not rely on a firewall alone. Individual devices still require their own security measures installed on them. The method of having each end user device be responsible for its own security is called Endpoint Security and many current forms of security systems use this ideology.
Third party software can be installed that handles the actual endpoint security of the device. The important point is that each device has current software that protects against intrusion, viruses, and malware. Devices on the Kudler Fine Foods network will be installed with an application suite that will suit all of these needs. In addition to antivirus and antimalware software every device should have appropriate encryption.
LAN vs WAN
A local area network (LAN) is the most basic form of network; however the word local can be subjective. A local network can mean a small network in a home, or a business network covering several buildings on a city block. LANs are relatively fast, compact, and when configured correctly, have few errors or problems. The hardware needed to build an LAN is set up on OSI levels 1 and 2 and include devices like switches, bridges, hubs, and repeaters.
Wide area networks (WAN) are complex networks that span large geographical areas. The most commonly known WAN is the Internet. WANs tend to be slower in speed, highly complex, and intolerant of system problems. Because of the multitude of connections on a WAN, even a simple down can create problems across the network.
Fundamental Network Hardware
All networks, whether local or larger, are built on the same types of hardware. Most of these systems are using Ethernet technology to connect them. Ethernet cabling uses twisted pair cabling to transmit data and connect devices with a universal technology. Networks use a system of routers, hubs, and switches connected by Ethernet cable. Routers are gateways between networks; these are frequently combined with other devices like a modem. Hubs create a connection point between sections of a network. Hubs function by relaying frames received to all clients. Hubs are “dummy” technology in that they do not analyze the frames coming to them and do not relay them specifically to the intended recipient. Instead they transmit any received frame to all clients connected to them. This is a quick, cheap way of ensuring data is transmitted, but it does create large amounts of extra network traffic.
A smarter and more expensive piece of equipment contemporary to the hub is the switch. A switch does the same function as the hub but is smarter than a hub. While hubs simply repeat their information to all clients, switches scan the frames that come to them and determine the recipient address. This way the switch can forward the frame to the proper client without tying up more network resources than necessary.
The Kudler Fine Foods network upgrade will be constructed on Ethernet technology, just as it is now. The fundamental construct will involve use of these hardware technologies and will include switches and routers. The three buildings are in different cities, so they will each have their own local networks. Each network has a connection to the other networks so they are connected by a wide area network at the same time. The devices at each location will be responsible for their own endpoint protection while each local network will be protected by a firewall.