Course Code: ICT50415 Course Name: Diploma of Information Technology Networking Unit Code: ICTNWK531 Unit Name: Configure an Internet Gateway. Assessment: Tasks 1,2 & 3. Student Name: Juan Marquez, Tianxing Gong, Sujit Baral Student ID: 3214 Trainer Name: Ashutosh Patel 1Table of Contents Task 1 3 1.1 Introduction 3 1.2 Types of connection 3 1.3 The proposed network diagram 4 1.4 Selected Plans 4 1.5 Installation 5 Task 2 6 2. Security features 6 2.1 Firewall Intrusion Detection Settings 6 2.1.1 Introduction 6 2.1.2 Predefined security levels 7 2.2 Parental Control 7 2.2.1 Introduction 8 2.2.2 Access Denied page 8 2.2.3 Address-based filtering 8 2.2.4 Content-based filtering 8 2.2.5 Combining the two filters 9 2.2.6 Activating content-based filtering 9 Task 3 11 3.1 Identify and select installation and configuration options. 11 3.2 Install and configure gateway products and equipment as required by technical guidelines. 13 3.3 Plan and execute tests with reference to client requirements and network impact. 14 3.4 Analyse report error and make changes as required. 14 Task 4 14 4.1 Assign node to specific gateway as required by network architecture and client requirements. 14 4.2 Determine the connection type and configure with reference to network architecture and client requirements. 15 4.3 Ensure node software and/or hardware is configured as required according to vendor specifications and client requirements. 16 References 16 Name: Juan Marquez Student Id:3214 Diploma of Information Technology Networking ICTNWK531 2Task 1 1.1 Introduction The aim of this report is planning to set up a internet service for Keepkool. Firstly, an Internet Service Provider(ISP) will be selected for the client, Keepkool. Secondly, the security features will be showed and a user guideline will be provided. Thirdly, a router will be configured and tested. Finally, the wireless point will be configured with the router. 1.2 Types of connection Asymmetric digital subscriber line (ADSL) is a type of digital subscriber line (DSL) technology, a data communications technology that enables faster data transmission over copper telephone lines rather than a conventional voiceband modem can provide. ADSL differs from the less common symmetric digital subscriber line (SDSL). In ADSL, Bandwidth and bit rate are said to be asymmetric, meaning greater toward the customer premises (downstream) than the reverse (upstream). Providers usually market ADSL as a service for consumers for Internet access for primarily downloading content from the Internet, but not serving content accessed by others. Cable/ Hybrid fiber-coaxial (HFC) is a telecommunications industry term for a broadband network that combines optical fiber and coaxial cable. It has been commonly employed globally by cable television operators since the early 1990s. In a hybrid fiber-coaxial cable system, the television channels are sent from the cable system's distribution facility, the headend, to local communities through optical fiber trunk lines. At the local community, a box called an optical node translates the signal from a light beam to electrical signal, and sends it over coaxial cable lines for distribution to subscriber residences. The fiber optic trunk lines provide adequate bandwidth to allow future expansion and new bandwidth-intensive services. The National Broadband Network (NBN) is an Australian national wholesale-only, open-access data network. It is based on the premise that access to fixed line, wireless and satellite broadband connections are sold to retail service providers (RSPs), who then sell internet access and other services to consumers. Name: Juan Marquez Student Id:3214 Diploma of Information Technology Networking ICTNWK531 31.3 The proposed network diagram As the diagram shown, a router will be set up to connect to the Internet. Then, a switch will be connected to the router, and the whole LAN will be linked to the switch as well including the server of Keepkool.com. People can access Keepkool.com via the Internet, going through the router, and request information from the server via the switch. 1.4 Selected Plans Plan A ISP: Belong Data: Unlimited Contract period: 12 months Speed of traffic: 100/40 Mbps Connection type: ADSL/ NBN Price: $65 per month Comment: The most significant advantage is the cheapest price with relatively high speed of traffic. The contract period is short, which means the client can change the ISP in a year if they are satisfied to the service. Name: Juan Marquez Student Id:3214 Diploma of Information Technology Networking ICTNWK531 4Plan B ISP: Telstra Data: 1000 GB/Month Contract period: 24 months Speed of traffic: depends on location Connection type: ADSL/ CABLE/ NBN Price: $99 per month Comment: Telstra's offer is more expensive and limited, but it is the biggest ISP in Australia. It provides stable and reliable network. It has the best customer service for 24-7. The widest range of service area covers most place in Australia. To balance pros and cons, we would suggest that the client may choose Plan A with the ISP Belong, if they cover the address of the client. Because the data they offer is unlimited and price is cheaper. At the moment we have not known about how much data the client will use in a month. If we choose Telstra, the speed will be very slow if the usage exceed the limit, or additional costs will occur. 1.5 Installation As required, the configuration of the Internet service should only have a little effect on the existing LAN. To minimise the effect, Dynamic Host Configuration Protocol (DHCP) will be employed. It is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway. In addition, we will ask the best time to setting up the Internet service. The proper time would be at night, when the employees go home. Name: Juan Marquez Student Id:3214 Diploma of Information Technology Networking ICTNWK531 5Task 2 2. Security features 2.1 Firewall Intrusion Detection Settings 2.1.1 Introduction The Technicolor Gateway comes with an integrated firewall that helps you protect your network from attacks from the Internet. This firewall has a number of predefined levels to allow you to adjust the firewall to your needs. The Firewall is disabled by default. This means that ​all traffic passing through the Technicolor Gateway (from and to the Internet) is allowed. Name: Juan Marquez Student Id:3214 Diploma of Information Technology Networking ICTNWK531 6​2.1.2 Predefined security levels The Technicolor Gateway has a number of predefined security levels. The following levels are available: < ​BlockAll ​: All traffic from and to the Internet is blocked. Game and Application Sharing is not allowed by the firewall. < ​Standard ​: All outgoing connections are allowed. All incoming connections are blocked, except for inbound connections assigned to a local host via Game and Application Sharing. < ​Disabled ​: All in- and outgoing traffic is allowed to pass through your Technicolor Gateway, including Game and Application Sharing. This is the default firewall level. 2.2 Parental Control Name: Juan Marquez Student Id:3214 Diploma of Information Technology Networking ICTNWK531 72.2.1 Introduction The Technicolor Gateway allows you to deny access to specific web sites. 2.2.2 Access Denied page When a user tries to access a page that is being blocked, the following page is displayed: 2.2.3 Address-based filtering With address-based filtering (or URL-filtering) you can ​block websites based on their address (for example www.porn.com). 2.2.4 Content-based filtering As you know, the Internet consists of a large number of web sites, and that number still increases every day. This makes it almost impossible to keep the list of addresses up-to-date. To solve this problem Technicolor Gateway introduced content-based filtering. With content-based filtering you can ​block web sites based on their content category (for example pornography) instead of their URL. This way, you only need to select the appropriate categories and the content category server takes care of the rest. This content category server is updated at regular intervals. Name: Juan Marquez Student Id:3214 Diploma of Information Technology Networking ICTNWK531 82.2.5 Combining the two filters Address-based filtering has priority over content-based filtering. This means that when you are blocking a specific category, you can still access a specific address provided you create a rule to allow access to that URL. For example, if you are blocking content from the ​Finance / Investment ​category, you can create a rule to make an exception for netbanking.mybank.com. 2.2.6 Activating content-based filtering Before you can use content-based filtering you must first activate it by purchasing a license key at your service provider or by activating the 30-day trial. Proceed as follows: ● Browse to the ​Technicolor Gateway GUI. ● On the ​Toolbox ​menu, click ​Parental Control ​. ● In the ​Pick a task ​list, click ​Activate Web Filtering ​License. ● The ​Web Filtering Activation ​page appears. Under ​License Type ​, select: a. ​30-days evaluation ​if you first want evaluate this feature. b. ​Standard ​if you have already purchased a license key. The License key box appears as soon as you select this option. Type the license key that you received from your service provider in this box. ● 5. ​Click ​Apply ​. Option 1: content-based filter (combined with the address-based filter) If you want to use the content-based filtering: 1. ​Browse to the ​Technicolor Gateway GUI. 2. ​On the ​Toolbox ​menu, click ​Parental Control ​. 3. ​On the ​Navigation bar, click ​Configure ​. 4. ​Make sure that the ​Use Content-Based Filter ​check box is selected. 5. ​Configure the content-based filter. 6. ​If you want to make exceptions for specific web sites, add the necessary rules in the address-based filter. Name: Juan Marquez Student Id:3214 Diploma of Information Technology Networking ICTNWK531 9Option 2: address-based filter only Take this option if content filtering is not available on your Technicolor Gateway or you don't want to use it. To configure address-based filtering: ● Browse to the ​Technicolor Gateway GUI. ● On the ​Toolbox ​menu, click ​Parental Control ​. ● On the ​Navigation bar, click ​Configure ​. ● Make sure that the ​Use Address-Based Filter ​check box is selected. ● In the ​Action for Unknown Sites ​, select: ● Allow ​as the default rule if you want to allow access to ​all web sites and manually specify which web sites may not be ● accessed. ● Block ​as the default rule if you want to deny access to ​all web sites and manually specify a number of web sites that ● may be accessed. ● Click ​Apply ​. ● If you want to make exceptions for specific web sites, add the necessary rules in the address-based filter. Briefly , about the security plan it denies the specific websites , address -based filtering can be done where the web sites can be blocked. (eg. ​www.pornhub.com ​) .For eg we can block porn adrress from home to make away from children. The posibility hazard is unable to use Dynamic DNS. Name: Juan Marquez Student Id:3214 Diploma of Information Technology Networking ICTNWK531 10Task 3 3.1 Identify and select installation and configuration options. Connection Information: In this field, the account information (customer information) is displayed to verify that this fields match with the client. This information is necessary to establish the connection with the internet. TCP/IPv4 Settings : ​The DNS and WAN address are provided by the ISP. Local Network: Network address and VoIp are preconfigured by the ISP. The IP of the gateway is 10.0.0.138 and the DCHP pool start from 10.0.0.1 to 10.0.0.137. Name: Juan Marquez Student Id:3214 Diploma of Information Technology Networking ICTNWK531 11Name: Juan Marquez Student Id:3214 Diploma of Information Technology Networking ICTNWK531 123.2 Install and configure gateway products and equipment as required by technical guidelines. Belong will provide a brand new pre-configured router with its respective installation guide. However, according to the customer's requirements, the router can be accessed by connecting a PC and typing in any internet browser the following URL: https://10.0.0.138/ to change the default parameters. In order to perform the physical installation of the router, it is necessary to connect the device to the wall socket which is normally used to connect the phone, sometimes is necessary to use a splitter to reduce any noise. The correct way to connect this is by connecting one end of the grey phone cable into the filter socket labelled ADSL, and plug the other end into the grey socket labelled DSL on the back of the modem. Any VoIP system should be connected by simply plugging the telephone cable from the base station/handset into the filter port labelled 'Local Phone'. Change default password Name: Juan Marquez Student Id:3214 Diploma of Information Technology Networking ICTNWK531 133.3 Plan and execute tests with reference to client requirements and network impact. In order to minimise any network impact and prevent from disruptions the following tests should be performed as following. ● Connectivity test ​: It can be performed by connecting a PC in any of the ethernet ports to verify the basic internet connection. Additionally in this test, the DHCP protocol can be verified by checking the ip address assigned to the PC. the ip assigned must be in the range from 10.0.0.1 to 10.0.0.137. ● Firewall Content Filtering: The forbidden sites or services can be verified by accessing any web site and checking which one of those have been dropped or by verifying the message in the web browser. ● Internal Services Allowed ​: Services such as ftp and smtp can be tested by configuring one PC as a server and the other one as a client, and verify whether the client computer has access to these services. ● Penetration Test ​: This test can be performed by using any free tool to scan ports such as nmap. In this test, the logs of the router can be verified to check whether the firewall is denying and reporting the attack. Once the test is completed, the IT staff will perform the installation activity. All changes or implementation tasks must be carried on out of business hours. 3.4 Analyse report error and make changes as required. All the tests and logs from the router will be analysed to determine any fault or undesired outputs. After that, having identified any security breach, if is the case, the staff from the company and the IT members will agree about the new activities to correct any security issue. Task 4 4.1 Assign node to specific gateway as required by network architecture and client requirements. The default gateway for all the network devices will be the modem provided by Belong. The IP address for the default gateway is 10.0.0.138. As the default gateway of the network will be the provided by the ISP, all the traffic will be routed by using the default gateway (inbound - outbound). However, the public addresses and the DNS will be assigned automatically by the ISP (outbound - inbound). Name: Juan Marquez Student Id:3214 Diploma of Information Technology Networking ICTNWK531 144.2 Determine the connection type and configure with reference to network architecture and client requirements. DSL Connection Link Information Uptime: 14 days, 22:41:07 DSL Type: ITU-T G.992.5 Bandwidth (Up/Down) [kbps/kbps]: 391 / 7,926 Data Transferred (Sent/Received) [GB/GB]: 1.07 / 18.99 Wireless Access Point - Technicolor Configuration WLAN Enable: Yes Interface Enabled: Yes Power Reduction Enabled: No Physical Address: 30:91:8f:18:3c:bb Network Name (SSID): Technicolor Interface Type: 802.11b/g/n Actual Speed [Mbps]: 65 Band: 2.4GHz WPS Enabled: Yes Allow New Devices: New stations are allowed (automatically) Security Mode: WPA-PSK Name: Juan Marquez Student Id:3214 Diploma of Information Technology Networking ICTNWK531 15Wireless Configuration 4.3 Ensure node software and/or hardware is configured as required according to vendor specifications and client requirements. During all the implementation activities, checklists will support all the aspects of the installation and works performed. These documents must be signed and previously agreed between the parts. References ● https://www.belong.com.au/ ● https://www.telstra.com.au/ Name: Juan Marquez Student Id:3214 Diploma of Information Technology Networking ICTNWK531 16