ABSTRACT
Today, a secure and scalable end-to-end private network connection between head office and branches is a fundamental requirement of modern-day businesses. There are multiple solutions available, but this research will focus on the wide availability of the technology in most areas. Internet is standard network connectivity that links different branches from a different location to the business headquarter. The widespread availability of the Internet and the compatibility of the Overlay tunnels make a cost-effective solution to connect businesses. The study location is an advertising firm in the Philippines, classified as a small-to-medium-sized enterprise that requires network architecture enhancements. The critical demand is to connect three remote offices with the headquarters office for more protected file and application sharing. The remote users or employees accessing the resources anytime and anywhere should also be considered. The study will use the Generic Routing Encapsulation (GRE) and the Internet Protocol Security (IPSec) as overlay tunnels to implement interconnectivity between sites at remote locations.
Furthermore, in light of significant security breaches, the design will consider the use of new network security measures. The new network design enables secure file and application sharing through overlay tunnels between the headquarters and the other three provincial branches and remote users. Branch connectivity uses GRE over IPSEC tunnels, dynamic routing, and only authorized VPN connections to access HQ resources. The proposed network architecture operated successfully during the test validation (using ping, tracert, and traceroute utility commands). Finally, the suggested network design is secured from MAC address flooding, ping of death (DOS), and VPN snooping based on the vulnerability studies.
- Edgeworth, Bradley; Rios, Ramiro; Gooley, Jason, and Hucaby, David. CCNP and CCIE Enterprise Core, ENCOR 350-401, Official CertGuide, Advanced your IT Career with Hands-on Learning, Cisco Systems, Cisco Press, 2020.Google Scholar
- Lacoste, Raymond, and Edgeworth, Brad, CCNP Enterprise Advanced Routing ENARSI 300-410, Official CertGuide, Advanced your IT Career with Hands-on Learning, Cisco Systems, Cisco Press, 2020.Google Scholar
- Odom, Wendell. CCNA 200-301 Official CertGuide Volume 2. Cisco Press, 2020.Google Scholar
- Bhalerao, Vitthal, and Sarode, Sambhaji, "A Review Paper on MPLS L3 VPNs Architecture", International Journal of Scientific and Research Publications, Volume 11, Issue 6, June 2021.Google ScholarCross Ref
- K. Sandhya and V. Kakulapati, "Establishing Secured Enterprise Network Routing protocols by using DMVPN", International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 8, August 2018Google Scholar
- Froom, Richard; Sivasubramanian, Balaji; Frahim, Erum. Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide for Switch 642-813. Cisco Press, 2010.Google Scholar
- M. D. Watkins, "CCNA Security Official Exam Certification Guide (Exam 640-553), Cisco Press, 2008.Google Scholar
- Cisco, "Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version 6.2.1", San Jose, CA, Cisco Systems, 2018Google Scholar
- Oracle, "Oracle Documentations – Systems Administration Guide: IP Services," Oracle Corporation, 2010.Google Scholar
Recommendations
Secure IoT framework and 2D architecture for End-To-End security
In this paper, we proposed an secure IoT framework to ensure an End-To-End security from an IoT application to IoT devices. The proposed IoT framework consists of the IoT application, an IoT broker and the IoT devices. The IoT devices can be deployed ...
End to End Security and Path Security in Network Mobility
ICPPW '11: Proceedings of the 2011 40th International Conference on Parallel Processing WorkshopsAt RFC 3776, IP security protocol (IPsec) has been implemented in mobile IP for securing IP datagram at IP layer. Previous research only considered the traffic between mobile node (MN) and home agent (HA), but the traffic from HA to correspondent node (...
Comments