Network Engineering Objectives
Objective 1
​​1. Analyze personal and organizational requirements and design an appropriate networking architecture.
​
NTW275 Assignment 2.1: Designing a Physical Network Layout for a Small Office
​​​
The document effectively analyzes personal and organizational requirements and designs an appropriate networking architecture. It outlines the specific needs of a small medical office, emphasizing security, compliance, performance, reliability, scalability, ease of management, cost-effectiveness, and flexibility. The design incorporates a star topology, VLANs for network segmentation, WPA2 encryption for wireless security, and enterprise-grade equipment to meet these requirements.
​
​
​
​
NTS415-Final project Word Document
​
NTS415-Final project PowerPoint
The documents effectively analyze organizational requirements and design a detailed networking architecture by first establishing the specific security needs of the University of Advancing Technology (UAT), which involves protecting sensitive student information, research data, and critical systems. In response to these requirements, a secure network architecture is designed, featuring perimeter defense measures like next-generation firewalls and intrusion prevention systems, network segmentation to divide the network into distinct security zones, robust access control mechanisms including multi-factor authentication and role-based access control, and comprehensive data protection strategies employing full-disk encryption and SSL/TLS encryption. This is further supported by detailed security policies covering antivirus, new user security, internet use, and email and software policies, alongside a thorough implementation plan that addresses potential challenges and outlines mitigation strategies.
​
Objective 2
2. Develop cloud solutions emphasizing the benefits of remote infrastructure.​
​
​NTW103 Create a Web Server in AWS
This document effectively shows the development of a cloud solution emphasizing the benefits of remote infrastructure by detailing the process of creating a web server using Amazon Web Services (AWS). The solution centers on a virtual machine (VM), a software-based computer environment that operates independently with its own operating system, demonstrating virtualization's power to enhance resource management and provide flexibility within cloud environments. The document also shows the remote accessibility aspect, showing the web server running and accessible via a public IP address, which demonstrates the key advantage of accessing and managing infrastructure from any location. It also briefly touches on the scalability and cost-effectiveness of AWS, which are important benefits of cloud solutions and remote infrastructure for hosting websites and applications
​
​
NTW 275 Assignment 4.1: Creating a Server Infrastructure Plan for a Mid-Sized Business
The document effectively aligns with the objective of developing cloud solutions that emphasize the benefits of remote infrastructure by proposing a hybrid approach that strategically integrates AWS cloud services with on-premises hardware to meet the specific needs of a mid-sized healthcare organization. This design leverages the scalability and flexibility of AWS services, such as EC2 instances for adaptable computing resources, Amazon S3 for HIPAA-compliant and scalable file storage, and Amazon RDS for high availability and reliable database operations. By incorporating these cloud-based solutions, the proposed infrastructure emphasizes the advantages of remote infrastructure, including enhanced scalability, robust security measures, and cost-effectiveness through optimized resource allocation and usage-based payment models, while also ensuring the necessary redundancy and business continuity critical for healthcare operations.
​
​​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
Objective 3
3. Identify networking misconfigurations and determine solutions to achieve optimal performance​
NTW 275 Assignment 15.1: Network Design Evaluation and Final Project
The document effectively addresses the objective of identifying networking misconfigurations and determining solutions for optimal performance by first detailing the current network setup and its shortcomings, such as basic BGP routing, lack of QoS, and limited bandwidth management in the "Current Infrastructure Analysis" and "Identified Areas for Improvement" sections. It then proposes targeted solutions like BGP routing optimization, QoS implementation, and VLAN configuration in the "Proposed Improvements" section to enhance network performance. Finally, the "Implementation Plan" outlines the specific steps and configurations for implementing these solutions, demonstrating a clear strategy to rectify the identified misconfigurations and achieve optimal network performance.
​​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​​​​
NTW 275 Assignment 9.1: ARP Inspection and DHCP Snooping
The text addresses the objective of identifying networking misconfigurations and their solutions by detailing how ARP poisoning and rogue DHCP servers can disrupt network operations, and by presenting solutions to mitigate these threats. Specifically, it explains that DHCP snooping acts as a control mechanism for DHCP traffic, preventing unauthorized DHCP servers from distributing malicious IP configurations. Furthermore, Dynamic ARP Inspection (DAI) works in conjunction with DHCP snooping to validate ARP packets, thus preventing ARP poisoning attacks that could redirect traffic to an attacker's machine. The text also outlines additional security measures, including IPv6 RA Guard, port security, network segmentation with VLANs, and IP Source Guard, all of which contribute to enhancing network security and performance by creating layered defense mechanisms against man-in-the-middle attacks and other disruptions.
​
​
​
​
​
Objective 4
4. Demonstrate enterprise network administration through access controls, group policy, remote deployment, and backup recovery.
​
This assignment effectively shows enterprise network administration by addressing key components. Access Control Lists (ACLs) are utilized to enforce security policies by filtering network traffic based on criteria like IP addresses and protocols, thus managing access controls. Group Policy is explored as a tool for centralized management of user and device configurations, enabling administrators to enforce security settings and manage permissions. Remote deployment is covered through the use of virtual interfaces, which allow for flexible network configurations and efficient implementation of changes. Finally, the assignment also goes over the importance of backup and recovery mechanisms for network configurations, highlighting best practices for ensuring business continuity.
​​
​
NTS415: New User Account security policy
​
This document comprehensively demonstrates enterprise network administration through its detailed approach to user account lifecycle management, security controls, and system management. It establishes robust access controls by defining standardized processes for user account creation, including identity verification and role-based access privilege assignments, and by detailing account termination procedures. Centralized management is achieved through Group Policy, which enforces password policies, automates software deployment, and standardizes security and user environment settings. The policy also outlines a remote deployment strategy that includes software distribution tools, automated patch management, remote user setup, and operating system deployment. Finally, it ensures business continuity and data protection through detailed data backup and recovery procedures, specifying data storage locations, backup frequency, retention policies, and system recovery plans.
​
​
Objective 5
5. Create networking solutions that incorporate traditional networking, IoT, and mobile devices.
​NTW275 Assignment 2.1: Designing a Physical Network Layout for a Small Office
​​
The assignment effectively integrates traditional networking, IoT, and mobile devices. It employs traditional networking elements like a star topology, a central switch, VLANs for network segmentation, and structured IP addressing. Mobile devices are accommodated through the inclusion of a wireless access point with WPA2 enterprise security and VLAN support. While not explicitly labeled as such, the design demonstrates consideration for IoT integration through features like PoE on the switch and a scalable architecture. PoE simplifies IoT device installation by allowing a single Ethernet cable to provide both power and data, eliminating the need for separate power sources. This capability also enables centralized power management for IoT devices, facilitating remote reboots and monitoring.
​​
​​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​​
​
​
NTW 103 Assignment 4.2: Build a Mobile Network
This document describes a central office tower as a key component of a telecommunications network. It houses essential equipment like switching systems, routers, and servers to manage voice, data, and internet traffic. The central office tower acts as an interconnection point between local subscriber lines and long-distance communication networks. It plays a vital role in routing calls, managing connections, and supporting telecommunication services, including mobile networks. The document also mentions that when a smartphone disconnects from a tower, it automatically connects to another to maintain coverage.
​
​
Objective 6
6. Demonstrate security principles within networking solutions based on industry standards.
​
NTS415-Final project Word Document
​
NTS415-Final project PowerPoint
The documents effectively demonstrate security principles within networking solutions based on industry standards through a dual approach. The first document outlines a secure network architecture and security policies incorporating key security principles, while the second document details a risk assessment for ransomware using the NIST SP 800-30 guideline, a recognized industry standard for risk management. The secure network architecture includes perimeter defense measures like next-generation firewalls, Intrusion Prevention Systems (IPS), VPN for secure remote access, and DNS filtering, network segmentation to isolate critical systems, access control mechanisms such as Multi-Factor Authentication (MFA) and Role-Based Access Control (RBAC), and data protection using full-disk encryption and SSL/TLS for web applications. Complementing this, a set of security policies covering antivirus, new user security, internet use, and email and software management provide guidelines for maintaining a secure environment. The risk assessment document employs a structured methodology aligned with NIST SP 800-30, covering threat and vulnerability identification, control analysis, risk mitigation strategies, and the importance of continuous monitoring and review, thus comprehensively addressing both the proactive design and the ongoing management of security risks within the networking environment.
​
​​
​
This document aligns with the objective of demonstrating security principles within networking solutions by incorporating several key security considerations into its analysis and proposed design. Specifically, it addresses cloud network security within the context of Microsoft Azure, emphasizing the importance of secure remote access and virtual network segmentation, both of which are fundamental security principles for protecting cloud-based resources and ensuring controlled access. Furthermore, the document highlights access control through the implementation of role-based access control (RBAC) and multi-factor authentication, critical mechanisms for verifying user identities and enforcing least privilege. Finally, the analysis includes network segmentation as a design principle, utilizing VLANs and security zones to isolate network segments and thereby contain potential security breaches, limiting their lateral movement and overall impact. Through these explicit references and proposed implementations of cloud security measures, access control, and network segmentation, the document demonstrates a clear focus on integrating security principles into the design of networking solutions.
​