Computer Networking

Find a job you love, and you'll never have to work a day in your life.

We have a setup of three stations that will provide web services as a networked load-balanced cluster. We will be introduced to the management of a cluster and devise some simple experiments to test the operational nature of a NLB cluster. We will also learn how to install, configure and operate the Microsoft Web Application Stress Tool.

In this lab, we will setup two small LANs. One of these LANs will represent corporate headquarters while the other will represent a remote station.

We have already seen how we can secure communication between two physical locations using a VPN tunnel between two Linux firewalls (network to network configuration). In this lab, we will investigate how we would configure a Windows Server to handle multiple VPN client connections from various locations. This could allow an organization to allow access to sensitive material only to designated users with little worry that the information could be compromised by their own employees. Connections could also be allowed from external sources through this VPN gateway to allow remote users confidential access provided external access is provided by some means to this VPN server.

In this lab, wewill work with another row and setup two small LANs. Each of these LANs will host resources that will be accessed from the other LAN. Access to these resources could be handled two different ways; either port forwarding or VPN access. Each method results in different levels of security and privacy.

In the previous lab, we configured the Cisco RV340 router and allowed external access by defining specific rules using port forwarding. In this lab, we will be extending a corporate network by means of a VPN tunnel in addition to using port forwarding. We will also inspect the network traffic to determine how secure the information is.

In Even with all the inherent risk of allowing external access to corporate resources, there is still a need to grant some level of access. This access might be for mobile workers or for third party suppliers, but since some access is required, there must be mechanisms in place to minimize the risks involved. We have already looked at software firewalls, which can be implemented on servers and personal workstations. Now let’s turn our attention to securing the network perimeter as well as defining an area that provides external access to corporate servers in a controlled way. The perimeter is protected by a network appliance called a Firewall (a router with special filtering capabilities). Many firewalls also support a special area, called a DMZ (DeMilitarized Zone) that can give external access to enterprise resources in a secured way, while maintaining tight controls on the private resource within the perimeter

Firewalls have an added layer of inspection capabilities that go far beyond just placing packets on the interface required to get them to their destination – as simple routers do. This additional logic is usually configured as an “allow/deny” configuration as determined by what is discovered in the packet. If certain criteria are met, the packet could be allowed to continue to the destination; o n the other hand, if certain criteria are met, then the packet could be denied and not forwarded.

There are two type of firewalls, namely hardware and software firewalls. Hardware firewalls are usually dedicated appliances designed to do perimeter network defense handling from one to several network connections. Software firewalls operate similarly but instead are deployed on computers as one of the last points in a defense in depth configuration. Since these computers often have only one network interface card only the filtering capabilities are actually used.

In large corporate networks there is often a need to join several smaller LANs together. This allows forlocalized management while at the same time making efficient use of the networking infrastructure. This combination of small LANs is often called an Intranet. Corporations can either utilize private communication channels or public links (utilizing VPN technologies) to create an Intranet. This is a setup of multiple stations and networks that will operate as an Intranet that will allow different networks to communicate.

WAN routing can be done in several ways; one of which you did in the last lab. In this lab we will once again be routing, but we will use some different methods to get this accomplished. Depending on the method used you may end up limiting access which may either be a good thing of a bad thing. Let’s experiment with both traditional routing and NAT technologies.

Our task is to setup a client / server environment, similar to that of the Lethbridge College student computing network, but with some extra features. To limit scope, we’ll be focusing on 3 programs, found within the School of Business: CIT, BUS, and AOP. Each program has 3 distinct types of users: students, faculty, and administrators.

Your network will have two servers, running active directory, DNS and DFS. The servers and network setup must be configured in such a way that no services are impacted by a failure of either server (i.e.: tested by simply powering off a VM). Failures of physical infrastructure (i.e.: network cards, cabling, switches) will be tolerated since these will cause only localized problems. All shared folders, as well as other server storage, needs to be set up utilizing DFS for fault tolerance/load balancing.

Users’ My Documents and Desktop folders should be redirected to a fault-tolerant share on your servers. This storage will be limited by Quotas. To provide quick access from applications, the drive letter H: (their home folder location) should be mapped to the users’ My Documents folder. Security of the My Documents and Desktop folders iscritical and must keep the information stored there private.The user environment will also be strictly enforced by a policy scheme based on program affiliation