IT Infrastructure for a Small Firm

ITS310- Computer-Based Systems

Colorado State University - Global Campus

March 5, 2017
 Problem

A small firm has approached me to set up an office for their 20 staff members. Half of the

employees will work with a desk top computer, using wired connections. The remaining 10

employees will use laptops and a wireless connection. From this proposal, I have concluded that

the firm will need a solution to keep costs low and productivity high. I will combine hardware,

client operating system and networking to create the most productive and cost efficient

infrastructure for the firm.

Project Deliverables and Beneficiaries

Hardware:

The desktop computers, we will need to create a budget friendly PC that has the

computing power to not slow down at the end of the day and a computer that can multitask

different applications to meet the needs of the office. Each computer will be built inside the

budget friendly Thermaltake Versa H15 case. This sleek looking case will keep the hardware

neatly organized inside of our case. This case allows proper cable management as well as enough

ventilation to keep the PC running at optimal temperatures with a Corsair Air Series AF140 case

fan. Standing at 16.2 inches and only 8 inches wide the Thermaltake Versa H15 doesn’t take up

too much space and can be placed on the floor or the desk.

In my effort to stay within the budget I have found a motherboard for less than $50. The

ASRock H110M-HDS motherboard is a Micro ATX coming in at only 150mm X 150mm. The

ASRock H110M-HDS features the h110 chipset and sports an LGA-1151 socket and is

compatible with an Intel Core i5-6400 processor. Which we intend to use. It also features 2

DDR4 memory slots with a maximum of 32GB memory. Since this motherboard is compatible
with the Intel i5-6400 processor we will be able to cut costs and not need a dedicated video card,

as video is not our primary focus.

As previously stated, we will mate our motherboard with the Intel Core i5-6400 2.7GHz

Quad-Core Processor. The 2.7GHz Core i5 is reasonably priced at $178.89 per processor. At this

price, it is a lot of power on a budget. The Core i5-6400 also comes with a stock CPU cooler,

based on this fact we can save even more money per PC buy not having to purchase a 3rd party

CPU cooler.

For our RAM, we will choose the best priced 1x8GB per stick memory kit. The memory

stick we will choose is the Crucial 8GB (1 x 8 GB) DDR4-2133 MHz memory. Since our

motherboard only has 2 RAM slots and a maximum of 32GB of RAM, 8GB will be perfect to

get our office started and later if we want to upgrade to 16 or 32GB we have the space to do so.

Since we are trying to keep our machines simple we aren’t going to shoot for a ridiculous

amount of storage per computer. Even though we don’t need a lot of storage we still need a

durable startup drive that is fast and can handle multiple applications. For our startup drive we

will use the Mushkin ECO3 480GB 2.5” Solid State Drive. Our SSD will come out on the cheap

side at just under $120 but, at only 2.5” it will free up space inside of our Thermaltake case.

Being a Solid State Drive our startup disk should see blazing speeds of up to 6GB/s through our

SATA ports. Combine that with the 4 USB 3.0 ports on our motherboard and data transfers

should be no problem at all.

Our budget built PC will require about 145W to function. We will power our build with

an EVGA 450W 80+ Bronze Certified ATX Power Supply. This PSU features 1 fan and a >85%

efficiency rate. The EVGA PSU also has the required outputs to properly power our hardware as

is and even if we want to add extra parts such as a graphics card later.
 Since our PC will have integrated USB ports, networking ports, sound I/O card, etc.

installed on the motherboard it will not be necessary for PCIe expansion cards. We will not write

them off completely because, just like our RAM we will use what we have now to meet the

budget requirements and let the office decide later if extra RAM or a graphics card or a

Bluetooth/WIFI card is needed to be productive.

To finish setting up our system we will connect each computer to an ASUS VS228T

monitor. This monitor allows each employee to see their screen clearly, since this monitor is only

21.5” wide the pixel density is fantastic for an office setting. Being priced at $100.00 this is a

bargain for an 1080p LED monitor that is compatible with our motherboard and doesn’t require

any extra video cards. We will also set each computer up with a wireless Logitech keyboard and

laser mouse to help with cable management between 10 computers and to reduce clutter at each

workstation. Speakers aren’t necessary in an office setting however, for the price we can install

basic Logitech 2 channel speakers for $10 per computer to finish our build.

The other 10 employees will utilize a Dell Latitude 15 inch 3000 series laptops. The Dell

Latitude 3000 laptops are the most affordable machines that offer the most performance for the

price. For $529.00 we will receive a 6th gen Intel Core i3-6100u processor performing at 2.30

GHz. The PC will also include, 4GB of RAM, 500GB 7200 RPM HDD, Intel HD Graphics, a

15.6” HD screen, 2 x USB 3.0 ports, a USB 2.0 port and HDMI and VGA output to connect to a

TV or projector for presentations. The Dell 3000 series also offers a Dual-Band Wi-Fi and

Bluetooth wireless card to connect to the internet and Bluetooth devices.

Client Operating System:

Microsoft recently announced that it would no longer provide support—nor security

updates—for Microsoft XP (Weber & Horn 2014). Since Windows XP is no longer supported by
Microsoft every computer will run Windows 7 64-bit Ultimate Edition with Service Pack 1.

While we could update to Windows 10 for the same price I believe Windows 7 SP1 would be the

better choice. Windows 7 has always been a simple yet effective operating system. It was created

from the same kernel as Windows XP and Vista and contains no learning curve for even the most

inexperienced of users. For the office, we need everyone to be able to operate their computer on

day one without having to relearn Windows. Windows 7 is perfect for every employee because

of its simplicity. Programs are made readily available via the task bar and the desktop. Printers

can easily be set up using the devices and printer’s shortcut using the start menu. Windows 7 64-

bit SP1 offers everything an office needs to be productive. Every Dell 15 3000 laptop purchased,

through Dell.com, comes with a free license for Windows 10. This allows the firm to decide if

they would like to upgrade later down the road without having to pay extra for 20 licenses for

Windows 10.

Hardware and Network Topology

Over the previous couple of days, I have contemplated what type of network the office

should enforce. Our network will be a Wireless Local Area Network or WLAN. The firm will

benefit most from WLAN because 10 of our PC’s will be wired to a central hub in a star

topology. The other 10 Dell 3000 series notebooks with be connected in a mesh topology

through a wireless connection. Star topology was chosen because it is the most proficient type of

network topology available, the reason being, if one of our computer’s fail to connect to the

network troubleshooting the problem should be easier in theory. This is because, every node has

its own connection to our Cisco RV325 Router. The star type of topology allows information

packets to travel to and from the node on a single cable. LabSim Online Labs (2016) says that

nodes can be easily added and subtracted from our network as well as cabling problems are
easier to troubleshoot since only one cable connects a node to the router. The Cisco RV325

Router has a built in 14 port Gigabit switch and dual gigabit Ethernet WAN ports for load

balancing and business continuity. I contemplated having an external switch connecting all 10

nodes to the router but, I concluded that having 34 ports open would be overkill for a small

business that only needs 10 open ports to connect to the internet. By installing the Cisco RV325,

our need for a switch or hub is gone. Our wired desktops can utilize the 14 ports on the router

and our wireless notebooks can choose between two wireless connections. The RV325 also has

VPN capabilities which would allow the firm to have a more secure internet connection that can

be accessed from anywhere in the world. From the router, we will use copper core CAT6 cables

to connect to our nodes. The reason I chose CAT6 over fiber optic is simple, price. The firm is

small and won’t experience a large amount of latency that larger corporations experience. If the

firm were larger I would suggest using fiber optic however, since everyone using a wired

connection will have their own port and every wireless user will have the choice between two

different wireless networks the traffic would not jam on the network. By using this system, we

should not have any issue with network speeds or drops in connection.

IPv4 vs IPv6

Another feature of our chosen hardware is that everything can handle either IPv4 and

IPV6 protocols. With a firm that is as small as ours we can choose between IPv4 or IPv6. Much

like the “fiber optic vs CAT6” problem we once again face an “either-or” situation. A firm of our

caliber could survive using IPv4 protocol or we could implement the new technology that is

IPv6. For this proposal, I researched whether the firm should use IPv4 or IPv6. I came across a

research paper where 4 professionals tested TCP and UDP throughput on Windows XP and

Windows 7 using both protocols, IPv4 and IPv6. Per Jain, Singh, Singh & Goel (2012) they
came to this conclusion, “For Windows 7, for all packet size IPv4 performs better than IPv6 with

the lowest performance difference of 16Mbps for small packets but, as we increase the size of

the packet the performance difference increase to the highest difference of 154Mbps.” In my

opinion I think we should implement IPv6 protocol rather than IPv4. I believe in the long term,

IPv6 will be more reliable and offer us the best security. In the words of Supriyanto, Hasbullah,

Murugesan & Ramadass (2013) IPv6 will soon become prevalent. The problem with IPv4 is that

all the IP addresses will soon be unavailable due to the expansion of the internet. IPv6 was

created to allow more IP addresses access the internet and to cover the weak spots of IPv4 as

well as allow users to browse the web in a more secure manner. One of IPv6’s advantages is the

mandatory support of IPSec or IP Security (Supriyanto, Hasbullah, Murugesan & Ramadass

2013).

DNS & DHCP

Our router is equipped with the ability to host a static IP over its WAN wireless

connection. As a small firm with 20 people accessing the internet a static IP address is not

necessary. Large corporations usually host their own DNS and DHCP Servers and their network

is under a static IP address. The purpose of a static IP address is to keep your internet address

fixed with the same numbers all the time. For a computer to send or receive information on a

network, it needs an address. In fact, any device that is connected to a network needs an address.

Without them, computers and connectivity devices wouldn't know where to send data packets.

(LabSim Online Labs 2016). A static IP address also helps for setting up a VPN for remote

access for the firm. Since, our router allows us to create a VPN I highly recommend creating one.

As the company grows and our network starts to slow down I would consider migrating to our

own DNS and DHCP servers. As the number of computers in a company network grows, so does
the administrative overhead involved in maintaining the computer network. (Cohen 2002). For

now, it is in our best interest to allow our ISP handle all DNS requests.

Compared to larger corporations our firm is quite small. Some people do not regard

network security for small firms as important as what operating system being ran. However,

Raikow (2007) states, “There's no such thing as a business too small to worry about information

security; moreover, if you're big enough to network two computers and connect them to the

Internet, you're big enough to have to think about protecting the network as well as the individual

computers.” Attacks on technology happen every day and are all around us but, are less visible

and less personal than other crimes (Rahman & Lackey 2013).

Protection Through Hardware and Software Features

For the network infrastructure, I want to focus on the security features of our Cisco

RV325 router, a Unified Threat Management (UTM) appliance and, software based endpoint

node protection. When vendors began introducing infrastructure gear with security features,

customers were skeptical. There were performance issues – memory and CPU were costly and

precious (Malin 2007). Today the story is different. Routers and switches are manufactured with

an abundance of security features. Malin (2007) states, “Network switches and routers subdivide

networks and may be configured to restrict traffic between zones to enforce security policies.”

Our Cisco RV325 router will be our first line of defense, this router has an abundance of features

to help protect our network. A few basic features include:

 SPI Firewall: Helps protect against DDOS, Ping of Death, SYN Flood, land

attack, IP spoofing and, provides email alerts for hacker attacks. (Cisco n.d.)

 Web Filtering: Content filtering covering 27+ billion URLS (Cisco n.d.)

 Username/Password Complexity Management (Cisco n.d.)

Based upon the specifications of this router that for the money it is the most secure on the market

now. For the second line of defense I would like to implement a Unified Threat Management

system or UTM for short. I assume that we cannot trust our router security features alone, no

matter how advanced they are. Per Raikow (2007), “A UTM appliance is a stand-alone network

device that combines a variety of different security- related functionality in a single piece of

hardware.” It is my belief that we can pair our Cisco RV325 router with a Cisco ASA UTM

appliance. The reason we cannot fully rely on our router to provide our hardware security is

because, routers only manage packets. By utilizing our access rules and SPI Firewall, our router

will automatically sift through packets that are over a certain size and deny those packets access.

For the security levels we need, packet filtering is not enough. By adding the Cisco ASA to our

network, we will be able to utilize the following features:

 Intrusion Prevention (Cisco ASA 2017.)

 Malware Protection (Cisco ASA 2017.)

 Identity Policy & VPN (Cisco ASA 2017.)

 FirePower Management System (Cisco ASA 2017.)

Adding a UTM appliance will improve the security of our office significantly. I would like to

point out that the Cisco ASA has defense software built in called FirePower Management Center.

This software will provide security teams with comprehensive visibility into and control over

activity within the network (Cisco ASA 2017). This visibility includes: users, devices,

communication between virtual machines, vulnerabilities, threats, client-side applications, files,

and web sites. Holistic, actionable indications of compromise (IoCs) correlate detailed network

and endpoint event information and provide further visibility into malware infections. (Cisco
ASA 2017). Adding a firewall to our network will change the topology minimally however, it

will change the settings on our router significantly. For example, we would have to disable

DHCP on our router and give DHCP control over to our Cisco ASA firewall.

Our last line of defense will be our software to block malware. Most vendors provide

products that protect against a wide range of malware including viruses, spyware, adware, and

even spam (LabSim 12.6.7 2017) Windows has Defender installed on it from the factory and can

be used as our third line of defense against malware attacks. Windows Defender is not our only

option though. There are numerous 3rd Party Applications that we can install to provide endpoint

node protection. I prefer using Symantec, BitDefender and Avira Antivirus. Each of these

packages will be more than enough for our but, I do want to point that Avira is the only one that

offers mobile device protection. In the end, it is ultimately up to the firm and what their budget

allows them to spend on antivirus software.

Security Policy

To enforce an effective security policy, we need to decide if every computer can have the

same security access. Now, our network is considered a flat network. A flat network is a network

where every client workstation can reach every other workstation and server, there is an implicit

assumption that a common security policy applies to all computers (Malin 2007). If each

computer cannot share the common security policy this turns into a constraint that might set back

the installation of the infrastructure. To adhere to different security policies, we would have to

set up different zones inside of the firm that would only allow certain clients to the workstation.

Each of these zones would have different security policies. Every zone will have a strict

password policy. Each password will be over 8 characters long and will be required to include

capital letters, lowercase letters, numbers and symbols. Only the node user will know their
password. They must not share their password with anyone even the IT department, unless it is

required by upper management. Even after giving the password they must change it after the

business is complete. Each node user will be given three password attempts before they are

locked out for 30 minutes. This policy is designed to prevent automated password cracking

engines from being able to just submit one password after another at the system trying to find the

right password (LabSim 12.7.3). Some other forms of authentication that we can implement are:

 Biometric Scanners

 Smart Cards and Smart Card Readers

How secure each node needs to be will ultimately depend on the information being accessed.

This can be decided by the firm when the network is installed. I suggest creating different tiers.

We can break down the 10 workstations and 10 laptops into 5 different security tiers. Tier 1

being the least secure and Tier 5 being the most secure and having the strictest security policy

out of all the nodes.

Data Destruction and Disposal

One of the most important aspects of security is how well we will be able to dispose of

our data. Some system administrators mistakenly believe that if they reformat a hard disk drive

then they have erased all the information from the drive. This is not necessarily true, it depends

upon what type of format is used (LabSim 12.3.2). I believe disk reformatting and data

destruction does not get the focus it deserves. With the correct combination of hardware,

software and network security policies we can effectively defend against malware and virus

attacks but, what about attacks that we may have no idea about. Take this scenario for example, a

small business has one computer that they use for everything: website management, finances and

commerce. Let’s say the computer is due an upgrade but the business finds out they need a new
system instead of recycling the old one. They buy their new system and import their data from

the old system to the new one. Not knowing too much about computers they end up formatting

the drive with a low-level format. A low-level format marks the surface of the disk with markers

that indicate the start of each recording block. A low-level format will wipe information from a

hard disk to a degree (LabSim 12.3.2). After they dispose of their computer anyone with a little

patience and the right software will be able to access the old files on the hard drive. Said person

would have access to information that was once thought to be secure. For the firm, we will need

to create a strict data destruction policy. Our firm will comply with the US Government standard

for data destruction, DOD_ 52200.22M Standard. This Standard specifies that for a disk to be

considered sanitized, you must rewrite deleted data seven different times using different

characters each time (LabSim 12.3.2). Complying with policy will ensure that no data leaves our

firm. The data will be created and destroyed in house and no one will be able to use our data

against in the future.

Benefits

I believe if we can implement this system we will be able to benefit the entire firm.

Combining the hardware, topology and protocol the firm should have blazing fast internet that is

secure and accessible from anywhere in the world. By implementing a VPN using our dual WAN

router from Cisco and taking advantage of the static IP it offers, our employees will be able to

access our server remotely and have a more secure connection in the office. By utilizing the star

topology every node will have its own connection to the router. This will allow the IT

department to troubleshoot network problems promptly.

The network should be installed as fast as possible so that the firm can be up and running

soon. However, installation should not be so fast that things are missing from the firm. Below is

a small timeline of how the project should be implemented:

- Setup desktop computers and laptops.

- Attach all necessary hardware is attached to the nodes.

- Nodes are attached to router; the router is attached to the firewall.

- Network security is implemented.

- All software is installed and updated to the needs of the firm.

- Test connections and security

Qualifications

As an IT Engineer, I take great pride in my education and my work. I graduated from

CSU-Global with a bachelor’s in Information Technology with a focus on Systems

Administration. While I was earning my degree, I became certified in CompTIA A+ and

CompTIA Network+.

Project Assumptions and Constraints

With our current infrastructure, we can implement a successful flat network. I believe

that we should revisit the topology of our network so that we can implement multiple security

tiers. To create multiple tiers might increase the budget of the project. We are already adding a

firewall to the network to add security. I can have the IT team consider setting up our router and

firewall combination to allow the multiple security zones. Since our router features multiple

LAN and WLAN ports creating the security zones should not be a problem it will just be time
consuming. The process will be time consuming because we will want to create a secure yet fast

network. We do not want to run the risk of having our firewall and router manage DHCP when

only our firewall needs to manage DHCP. I believe that if we take our time and do it right the

first time we will be able to meet the firms budget and security needs.

Project Risks

The only risk we need to be aware of is us using the Windows 7 operating system. At

some point, soon we will be forced to upgrade to either the Windows 10 operating system or

newer. I don’t know when that will be, or if it will even happen. I believe that the IT department

should create a plan to upgrade every desktop and laptop to Windows 10 or newer. Just in case

the firm is forced to switch to the newer operating system.

Project Expenses

The project is planned to be funded through a loan from a credit union and through backer

support. I have spoken to the accounts before creating the project and they have informed me

that our ceiling would be $23,000. I have prepared a small expense report that covers every piece

of hardware and software that we will require to complete this project.

Name Per One Total

Desktop Hardware (All Components) 942.97 9429.7

Dell 15 3000 Latitude 515 5150.0

Cisco RV325 Router 315 315.0

Cisco ASA Firewall 300 300.00

Windows 7 Professional SP1 139.94 1399.4

Bulk Cat6 Cable 1000ft 89.99 89.99

Labor 2,000

Total 19,144.07

As you can see the project is well under budget and leaves room for miscellaneous

spending. As leader of this project I plan to keep this under budget and on time as we implement

the four phases of this project.

Cisco ASA with FirePOWER Services Data Sheet. (2017, February 10). Retrieved February 18,

2017, from http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-

next-generation-firewalls/datasheet-c78-733916.html

Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Data Sheet. (n.d.).

Retrieved February 18, 2017, from

http://www.cisco.com/c/en/us/products/collateral/routers/rv325-dual-gigabit-wan-vpn-

router/datasheet-c78-729726.html

Cohen, B. (2002, April 30). When’s the Time to Bring DNS and DHCP In-House? Retrieved

February 05, 2017, from

http://www.enterprisenetworkingplanet.com/netsysm/article.php/1025381/Whens- the-

Time-to-Bring-DNS-and-DHCP-InHouse.htm

Jain, P., Singh, S., Singh, G., & Goel, C. (2012). Performance Comparison of IPv4 and IPv6

using Windows XP and Windows 7 over Gigabit Ethernet LAN. International Journal

of Computer Applications, 43(16) doi:http://dx.doi.org/10.5120/6184-8656

LabSim Online Labs. (2016). TestOut PC Pro [6.1.6 Topology Facts]. Pleasant Grove, UT.

LabSim Online Labs. (2016). TestOut PC Pro [12.3.2 Data Destruction and Disposal]. Pleasant

Grove, UT.

LabSim Online Labs. (2016). TestOut PC Pro [12.7.3 Configuring Password Policies on

Windows]. Pleasant Grove, UT.

Lamont, J. (2011). Cloud-Computing: It can work for you. KM World, 20(1), 12-13

Mahesh, S., Landry, B. L., Sridhar, T., & Walsh, K.R. (2011). A Decision for the Cloud
 Computing Decision in Small Business. Information Resources Management Journal,

24(3), 9-25. Doi:10.4018/irmj.2011070102

Malin, A. (2007). Designing networks that enforce information security policies. Information

Systems Security, 16(1), 47-53. Retrieved from https://csuglobal.idm.oclc.org/login?

url=http://search.proquest.com.csuglobal.idm.oclc. org/docview/229553099?accountid=38569

Murphy, M. (Director). (2011, August 28). Introduction to Operating Systems [Video File].

Retrieved January 16, 2017, from https://www.youtube.com/watch?v=MzVGL44eq9w

Rahman, S. M., & Lackey, R. (2013). E-COMMERCE SYSTEMS SECURITY FOR SMALL

BUSINESSES. International Journal of Network Security & its Applications, 5(2), 193.

Retrieved from

https://csuglobal.idm.oclc.org/login?url=http://search.proquest.com.csuglobal.idm.oclc.

org/docview/1671445171?accountid=38569

Raikow, D. (2007). Take A crash course in security risks. VARbusiness, 23(16), 51. Retrieved

fromhttps://csuglobal.idm.oclc.org/login?url=http://search.proquest.com.csuglobal.idm.o

clc.org/docview/194172547?accountid=38569

Supriyanto, Hasbullah, I. H., Murugesan, R. K., & Ramadass, S. (2013). Survey of internet

protocol version 6 link local communication security vulnerability and mitigation

methods. IETE Technical Review (Medknow Publications & Media Pvt. Ltd.), 30(1), 64-

71. doi:10.4103/0256-4602.107341

Weber, R.M., & Horn, B.D. (2014). Is Now The Time to Upgrade Your Operating System and

Personal Computer?. Journal of Financial Service Professionals, 68(4), 29-32.