Proposal for Western County Bank Network Design Modification

Western County Bank, a small community financial institution, is seeking solutions for increasing customer and employee satisfaction with its services via changes in its network design. Western County Bank is modestly profitable through the provision of personal and small business loans to customers locally and in surrounding areas of the county; however, the bank is facing challenges due to unplanned outages and a lack of mobility support as well as no online banking capabilities. 

The security of information in the banking industry warrants measures that are exceedingly stringent for the protection of consumers and banking institutions. Any data breach within a financial organization could lead to insurmountable losses. Several factors have led to an increase in the need for innovative protocol to strengthen information security for the industry in recent years including changes in regulations that mandate protections, digital banking growth, and increased bank enterprise data access. (Simoneau, 2006). Therefore, in designing a network plan that meets Western County Banks’ data storage and networking needs data security must be a top priority. 

Western County Bank is open to changes that are made during times frames for planned outages, and has taken into consideration the inevitability of downtime that cannot be avoided. The bank is requesting that complete outages are avoided whenever plausible as new components are installed. Key areas have been identified by management for updating and expanding the bank’s network architecture. These include designing new capabilities for the needs of customers and employees.

Technical Requirements for Western County Bank

The following graph represents the existing network for Western County Bank. (Western County Bank Scenario, n.d.) 

Table or image redacted in preview but included in download

In addition to lacking online banking capabilities, mobile service support, and the problem with unplanned outages, Western County Bank’s current system relies on outdated devices that prove to be a hindrance to modernization and performance demands. The bank will require new Internet and wide area network technologies to replace existing equipment, which is an estimated 5 years old. Redundant routers and network connections are requested for WAN and the Internet as a result of the frequency of unplanned outage and continual network equipment maintenance. 

The assigned ARIN (American Registry for Internet Numbers) public Internet Protocol (IP) block will remain. Two different providers may be used for redundant Internet connections. Western County Bank would like to apply a redundant security device product that supports filtration at OSI layers 1-7, and aid in the prevention of common attacks on the network so that critical infrastructure is protected. Current network routers only filter OSI layers 2-4 at the network edge. 

The older infrastructure supports 1 GB Ethernet at the access layer of the network. A purchase of redundant distribution switches was recently made to update the support to 10 GB links in addition to static or LACP (link aggregation control protocol) based network interface controller teaming. A new platform is required for the access layer of the interchanged infrastructure.

In order to provide customers and employees with access to mobile technology use, the bank is requesting the deployment of a new wireless infrastructure. If feasible, security concerns can be addressed with integrated authentication through Microsoft Active Directory (AD) infrastructure so that employees may be authenticated prior to being granted network access on mobile devices. The organization is also requesting wireless power access via the implementation of Power over Ethernet (PoE) at the switched infrastructure access layer. The bank would like a pre-shared key authentication protected guest wireless network in the main office. The network would only provide Internet access and Internet-facing application access in the datacenter of the headquarters. 

In order to modernize the datacenter server infrastructure, Western County Bank views virtualization as an option that can reduce capital and operational expenditures significantly. New server infrastructure that can leverage 10 GB Ethernet has been purchased in addition to a multiprotocol storage area network (SAN) array. It is of concern that Fibre Channel (FC) host bus adapters (HBA’s), cabling, and software licensing for FC on the array have not yet also been purchased. The unfamiliarity with FC switching on the part of the operational staff requires a solution that can be straightforwardly managed by administrators who are proficient in dealing with IP-based Ethernet networks. A new fabric for the SAN is required due to the separation of resources for storage and computing, which will have an impact on the new access switch selection for the network. 

There is a major concern that the performance of the main web-based application that supports customers and employees remain at a high level therefore quality of service (QoS) must be configured so that precedence is granted to HTTPS traffic to a specified IP address. The bank also has concerns about network device manageability overall. A monitoring suite has yet to be selected; however, the bank is interested in the use of standardized protocols with adequate security options for monitoring and device administration. Although Western County Bank requires the use of IP addresses that have ranges similar to their current locations, and class C subnets are preferred, the bank does not oppose new IP networks as well as virtual local area networks (VLAN’s).

Lastly, Western County Bank is considering the integration of the main internal web-based application with a SaaS (Software as a Service) provider with an online banking service focus. The application has been designed for the ease of integration into a cloud computing environment. The following is a network diagram that meets Western County Bank’s networking needs.

Table or image redacted in preview but included in download

The third layer of the OSI model handles data routing from one network point to another, and is also referred to as the networking layer. The key function of it is translating a logical address to a physical one. As illustrated by the above diagram, this setup takes care of Western County Bank’s requirement of the use of redundant routers to handle network traffic and issues concerning outages and maintenance. As shown redundant routers are placed at both the WAN and Internet levels. Two redundant routers provide connections for the internal network Internet connection (using the ARIN-assigned public Internet protocol as required) and two WAN routers to effectively manage communication with the organization’s different branches. 

The diagram also illustrates how in the second layer of the OSI model (Data link layer) the raw bit information taken from the physical layer will be converted into packages. Per the needs of the bank, redundant switches are required to ensure optimal performance. A switch is connected to the proxy servers, routers, and data center as illustrated, and high-speed connectivity is provided with the use of a 10 gigabit Ethernet switch that will work in the second layer of the OSI model. 

Wireless Internet connect and a wireless connection to web based applications for the main building is provided at the access point. It will also be utilized for the creation of a guest network within the main building of Western County Bank, working at layer two of the OSI model. A proxy server has been put in place to provide protection from threats by masking the internal network from the external network, working from layers 4 to 7 of the OSI model.

Table or image redacted in preview but included in download

As illustrated by the chart, the backup system for Western County Bank will be updated to manage the data lifecycle and improve the efficiency of data utilization in accordance with the organization’s needs. The plan will be implemented first by a pilot phase then a full roll out so that the services and hosts that require transference to the new storage area network can be transferred without compromise. The storage will be concentrated in the SAN as opposed to being placed on each application server through the use of high-speed connectivity. This will help reduce excess storage that would not be utilized. The storage devices will be connected so that a file server that allows availability to computers in the network at the file level is not needed, and faulty servers can be quickly replaced. Fibre channel switches will be utilized for handling storage communications.

To monitor the availability, stability, and speed of the network, multiple storage related tools will be employed to ensure that sufficient data is provided to storage administrators.  These tools will address communications with the storage device’s API and command-line interfaces. Western County Bank requires tools that support monitoring the updated changes to a new framework for troubleshooting and diagnostic performance testing. Monitoring tools that tactically positioned in relation to the servers and hardware illustrated will provide the specific types of network access required by the bank. 

The challenges presented by Western County Bank can be resolved to meet the needs of the financial institution with regard to improved performance, enhanced reliability, modernization, and increased security with the following modifications to its network infrastructure. The utilization of 10 GB optical fiber cables that connect multiple devices throughout the network. The cable speed will be 10 GB per second. This represents the Physical Layer (layer 1) of the OSI model. This layer defines hardware physical characteristics, and bits are transmitted to and from computers. The second layer of the OSI model (referred to as the data link layer) is represented by the switch, which takes raw information from the physical layer and makes the appropriate package conversions. Western County Bank is seeking improved performance and by utilizing a Netgear Prosafe switch to maintain connectivity at a high speed, and connecting the switch to the routers and datacenter, this can be achieved. 

As noted earlier, a wireless access point will be utilized for the creation of a guest network in the main office. This will maintain a wireless connection for Internet and web-based applications, operating at layer 2 of the OSI model. At this layer, data is designated the appropriate physical protocol and packet frequency is defined. At layer 3 of the OSI model, a main function is the translation of a logical address into the network physical address. Because Western County Bank is requesting the use of redundant router for handling network traffic as well as unplanned outages and maintenance, these will be placed at the Internet and WAN levels as illustrated by the diagram. The two Internet routers are from two providers of Internet service, however, the ARIN-assigned public Internet protocol will remain as requested. High-speed connectivity will be provided with the use of a Cisco Catlyst 4948 (a 10 GB Enternet switch) that will operate as part of the second layer of the OSI model. 

A proxy server will be utilized to operate in the 4th layer (Transport) to handle data recovery and the recognition of errors in addition to the management of application integration into a single stream. Here data transfers will be completed. The proxy server will also be operational in the session layer (5th OSI layer), which is where communication with the receiving device is established, maintained, and ended. This server also operates in the presentation layer (6th OSI layer), which converts data at the application layer (7th OSI layer) into a standard format that can be understood by other layers for additional processing or display. The proxy server will operate in the 7th layer as well. This layer is where interaction takes place within the operating system when users perform tasks such as transferring files, reading messages, or performing other network activities. It will also mask the organization’s internal network from the Internet (outside network). (Simoneau, 2006)

Three logical sub-networks comprise Western County Bank. In order to make sure unrecognized source traffic gets discarded, and maintain traffic control, sub-network information gets altered. The data storage configuration will maximize the effectiveness of this and ensure security is not compromised. Two Internet connections will be utilized for the bank branches. One will connect to the main office, and be the primary service for Internet to be available for the bank’s internal uses. The other will be shared with the East and West branches, and also serve as backup to the main Internet. These will utilize Microsoft Storefront Threat Management Gateway servers, which has the capability of providing a firewall for the network and web content caching. The use of Microsoft’s Active Directory Group Policy will also ensure the bank has access to making changes to Internet settings per workstation.

Wide area network (WAN) configurations are requested to have 10 GB per second links with high-speed access for users using redundant routers. The installation of redundant routers for Internet and WAN can support the needs of the bank and prove cost effective with the introduction of new technologies. The branches of the bank will be linked together through a metropolitan area network provided by a recommended service provider. This type of network can span across a bank campus or city, and has the benefit of the integration of high capacity fiber optical links that service the Internet and WAN. These can connect with the use of a device that operates at the third layer of OSI (Network layer) that allow for a 10 GB speed and building connectivity. An enterprise router from Cisco is an example of the type of router that will serve as a key element of the wireless network being requested by the bank. 

The wireless network solution will help function in the implementation of security measures to ensure that illegal access will not be granted to the wireless network utilized by customers. The installation of a single wireless access point will assist those with mobile devices with Internet connectivity that can be authenticated using specified credentials. A proxy server, where the active directory is placed, can be used for additional security and give strength to the security of the WAP to ward off hackers. Permissions will also be managed by the AD to grant access privileges. Changing passwords regularly will be requested of the bank as an extra security measure. 

Limited access to the Internet will be granted by the guest network. Customers will access wireless provided by an ISP. The bank will be granted access to the Microsoft Active Directory that will also authenticate employees on the wireless network prior to them gaining access. A remote authentication dial will give employees authentication accessibility for additional security. A pre-shared key will be shared on the devices of users who will be given access. Access points will run on the PoE to help with the bank’s issues pertaining to a power outlet supply shortage. 

The remote authentication dial will have the benefit of the use of directory domain controllers. When employees input designated usernames and passwords, and are granted access to connect with the network, they can also access their work and information on mobile devices. As requested a guest wireless network will be utilized for security purposes, as well as to help with limiting unplanned outages. 

This plan will aid in monitoring the network for reliability, security, and needed updates, and takes into account all of the requirements of Western County Bank for the implementation of new network infrastructure.

Reference

Simoneau, P. (2006) The OSI model: understanding the seven layers of computer networks. Retrieved from http://faculty.spokanefalls.edu/Rudlock/files/WP_Simoneau_OSIModel.pdf.