Need For Connectivity To The Company Network example essay topic

6,508 words
Acme Company is a worldwide company with offices in Los Angeles, Chicago, New York City, Miami, London, Frankfurt, Tokyo and Rio de Janeiro. Acme Company develops audio and video special effects for the entertainment and advertising industries. In Los Angeles, the corporate office, there are twenty-five people: six in accounting, two in sales, five executives, and eight in administration. The Chicago office has four people: two inside sales and two outside sales. The New York office has five people: three inside sales and two outside sales.

The Miami office has four people: two inside sales and two outside sales. The London office has five people: three inside sales and two outside sales. The Frankfurt office has three people: one inside sales and two outside sales. The Tokyo office has five people: three inside sales and two outside sales. The Rio de Janeiro office has five people as well: one in marketing, two in sales and two designers. We are updating on designs and implementations of our networks for the new millennium, which include telephony, computers to handle our constant stream of multimedia between our offices.

ACME has servers in the Los Angeles, New York, London and Tokyo offices, and all locations have Internet access and full telephone services, such as voice with conferencing and speed dialing. Business Problems Companies are constantly growing and moving forward with changes in the entertainment and advertising industries. Companies expand with increase in customer base, increase in personnel, increase in sales and demands, and increase of operating hours. The network structures are constantly changing to reflect and to accommodate company growth.

Either more storage space has to ease the increase in customer database, or more help provided to give the customers what they want. Research has shown customers' demands and designs relates to increased sales. Businesses have been changing from standard 'eight to five' to 'always-open', 24/7 to serve customers worldwide. Higher number of transactions, higher volumes of data transmitting back and forth between offices placed companies at risks for virus attacks as well as hackers unauthorized entrance into a company's network making it vulnerable. Adding Virtual Private Networks and firewalls to the paths between the Internet and its Intranet helps to protect important company information. By issuing more back-ups to smaller offices will lower downtime if disaster hits.

Transferring data simultaneously to hot-sites, or a third party site such as Iron Mountain, will lower down time as well. Finally, setting up mirror image sites for disaster recovery in areas like Los Angeles and Japan would counter their natural disaster pattern. ACME took some measures to make its network secure, such as adding symbols, numbers and letters into the equation as passwords for employees. Overview Voice Network No matter what line of business you are in and no matter how big or small your business may be, the telephone system is vital to a company's success. It has to be simple and reliable, so that the business doesn't have to spend unnecessary time and money taking care of it. And it has to be flexible so it can adapt to the needs as each business grows and changes.

A PBX and a Centrex are the proposed solutions for this company. In choosing a PBX, the company had to make one of the most important business decisions that a company would have ever had to make, one that would directly impact employee productivity and the business overall. Centrex is a powerful, flexible communications system which can be tailored to fit the calling needs of each office and then change as your business grows. It's like having all the benefits of an advanced flexible phone system, minus all the investment, maintenance and headaches that go along with owning and managing your own system. ACME has eight different offices that span across the globe. Each of the offices must be able to communicate via dialing a four digit extension or by direct dial.

The Los Angeles office has been setup to use a PBX which will be the central host for all internal inbound calls. The PBX is connected to the Public Switched Network which has a direct connection to the outside world. Each of the other offices is either connected via a Point to Point ATM or a T 3 connection. The type of connection is a dedicated line for each of the offices.

London, Frankfurt, New York, Miami, Chicago, and Tokyo have been setup to use a Centrex in every individual office that is directly connected to each internal LAN in which all internal calls are routed via VoIP and routers. Data Network Overview Throughout each of the offices, depending on its needs, have certain requirements in order to function as a well oiled machine. Each office has a different setup because of the amount of people and its role that it plays for the company. Each of the eight will be discussed in further detail as to show how each is setup. The overall WAN for the company has been interconnected by high speed data lines that are capable of transmitting 25 MB of information in just a short amount of time. Each of the following offices; Tokyo, Los Angeles, New York, and Frankfurt have been interconnected via the use of ATM.

Every office has been setup for a 24 hour/7 days a week setup. In order to provide this type of service, dual ATM lines have been installed; one on a different MPO E to provide such redundancy. One of the two ATM lines that connect each office is the primary line and the other is a backup line that can be utilized in the event of an emergency outage. Each of the lines has a different service provider to ensure constant connection and reliability. Four of the eight offices that service the company, Chicago, Miami, Rio, and London are sales offices that are setup via a high speed T 3 connection to a major hub of the WAN. The sales offices have a similar setup that can almost be mirrored to the larger offices.

Each has a smaller scaled version of the larger offices. The four sales offices have been setup to be nearly maintenance free by providing dual T 3 lines from two different carriers to each of the offices. With each of the offices now interconnected, they can show in detail how to justify and show cause for why each of the offices is connected in this fashion. The Los Angeles office is the headquarters for the company where all traffic and all major transactions for the company take place. The Los Angeles office consists of fifty seven people. There are five people in accounting, two in HR, two in IT, ten Executives, one in legal, two in marketing, ten in sales, and twenty five in Graphic Arts.

In order to meet the needs of this amount of people, the network for the office has been arranged and configured in such a way as to provide the highest possible speed and with redundancy. Each of the workstations has been configured to utilize a gigabit Ethernet card and each is connected to a gigabit switch. Each of the servers in this facility has also been configured with a gigabit also in order to prove the highest possible transfer rate between server and workstation to allow large files to be transferred. Because of the amount of people and the size of the building, two server rooms were setup to provide service for both parts of the building. In order minimize the amount of bottlenecks between server rooms, a fiber line was run to connect each part to keep the network from slowing down at any given time. With the amount of critical information floating around the company via the network, a firewall has been setup to secure and block unnecessary traffic from the other offices and from the Internet also.

The servers that are located at these sites handle data storage, email, the Intranet, accounting information, and basic network functions such as DNS, WINS, and DHCP for the clients. The data is backed up and off-sited by another company for safe keeping. The on-site intranet is managed and maintained here on this site. The data from this server is replicated to other intranet servers in Tokyo and in London to provide a redundancy and backup in the event that systems were to go down.

Because each office has sales people with laptops the office has been setup with a VPN router to allow sales people to dial up and communicate with the other offices via email. Tokyo, London, New York City, and Frankfurt are setup quite similar but are a reduced version of the corporate office because of the amount of people. Each of the offices internally are connected using gigabit equipment, have high speed internet connections with a firewall protecting each office. London because of available IT staff can backup and off-site backup data at their facility. The other sales offices such as Rio, Chicago, Miami, and Frankfurt do not have such a high speed and redundant setup. Because of the amount of people, this did not justify the reasoning for setting up such a network but could be considered, but only if the company were to grow in the future.

The types of protocols used within this company vary depending on what equipment and software utilized. All network workstations, servers, and routers use TCP / IP to communicate with each other internally. Because of how each of the offices is setup across the WAN, each router must be configured to use Routing Interface Protocol (RIP) to propagate table changes and IP over ATM to communicate over this type of medium to send data back and forth to the various offices. In order to use email each client must use the SMTP and TCP / IP protocol to receive email from the email sever.

The internet and intranet servers host internal and external websites that must use HTTP, FTP, HTTPS to communicate to each of these clients. When each of the client workstations logs into the network Dynamic Host Configuration Protocol (DHCP) is used to issue IP address and other information to each of the clients. Simple Network Management Protocol (SNMP) is installed and utilized on each server and router to monitor the current status of each piece of equipment. Network Security Transit security and traffic regulation are two basic methods for network security.

The Virtual Private Networks and Packet Level Encryption are options for transit security. Firewalls are widely used for traffic regulation. When the offices send company information across networks, the information is of high value to their destinations, and if it were intercepted by an unauthorized recipient it would raise flags for the company to prevent these problems from occurring. Unfortunately, connecting systems to networks could open the system itself up to attacks.

If a system is compromised, the risk of data loss is high. Therefore, ACME needs to find options to make networks secure. It can be useful to break network security into two general classes: one method used to secure data as it transits between networks, and another to regulate what packets are allowed into the network. While both significantly affect the traffic going to and from a site, their objectives are quite different. Several methods are available to encrypt traffic between a few coordinated sites. For transit security, two popular options are Virtual Private Networks (VPN) and Packet Level Encryption.

Given the considerable expense in private leased lines, many organizations have been building VPNs. These provide the ability for two or more offices to communicate with each other in such a way that it looks like they are directly connected over a private leased line. The session between them over the Internet is private, and the link is encrypted and convenient for offices receive each other's internal resources without showing company information to the rest of the world. A virtual private network is implemented at the lowest levels of the TCP / IP protocol that are using an existing TCP / IP connection. The advantages of VPNs are to allow private address space for more machines on networks as well as to allow the packet encryption or translation overhead to decrease the load placed on production machines with dedicated systems.

The other option would be Packet Level Encryption, which encrypt traffic at a higher layer in the TCP / IP stack. The advantages are that the processor overhead dealing with a VPN is eliminated, inter-operability with current applications is not affected, and it is much easier to compile a client program that supports application layer encryption than to build a VPN. It encrypts traffic at essentially any of the layers in the IP stack. It provides fairly transparent encryption to most network applications particularly at the TCP level.

It is important to note that both of these options could have performance impacts on the hosts that implement the protocols, and connect those hosts on the networks. The relatively simple act of encapsulating or converting a packet into a new form requires CPU-time and uses additional network capacity. Encryption can be a CPU-intensive process, and encrypted packets need to be padded to uniform length to guarantee the robustness with some algorithms. Lastly, both options impact on security are related, such as address allocation, fault tolerance and load balancing that needs to be considered before decision-making.

For traffic regulation, it is the most common form of network security on the Internet today. It regulates closely to which types of packets could move between networks. If a packet has malicious intention to a remote host, it would never reach to its destination, so the remote host will be unaffected. Traffic regulation provides screening between hosts and remote sites commonly with routers, firewalls and hosts. In order to provide some level of separation between the organization's Intranet and the Internet, firewalls have been employed. A firewall is simply a group of components that collectively form a barrier between two networks.

They are often a combination of routers, network segments, and host computers. A number of terms specific to firewalls and networking are going to be used throughout this section, so let's introduce them all together. Bastion host: A general-purpose computer used to control access between the internal (private) network (Intranet) and the Internet (or any other untrusted network). Many of the general-purpose features have been turned off, and in many cases, completely removed, in order to improve the security of the machine.

Router: A special purpose computer for connecting networks together. Routers also handle certain functions, such as routing, or managing the traffic on the networks they connect. Access Control List (ACL): Many routers now have the ability to selectively perform their duties, based on a number of facts about a packet that comes to it. This includes things like origination address, destination address, destination service port, and so on. These can be employed to limit the sorts of packets that are allowed to come in and go out of a given network.

Proxy: This is the process of having one host act in behalf of another. A host that has the ability to fetch documents from the Internet might be configured as a proxy server, and host on the Intranet might be configured to be proxy clients. In this situation, when a host on the Intranet wishes to fetch the web page, for example, the browser will make a connection to the proxy server, and request the given URL. The proxy server will fetch the document, and return the result to the client. In this way, all hosts on the Intranet are able to access resources on the Internet without having the ability to direct talk to the Internet.

There are three basic types of firewalls, and I will consider each of them. Application Gateways: The first firewalls were application gateways, and are sometimes known as proxy gateways. These are made up of bastion hosts that run special software to act as a proxy server. This software runs at the Application Layer of the ISO / OSI Reference Model. Clients behind the firewall must be proxitized (that is, must know how to use the proxy, and be configured to do so) in order to use Internet services. Traditionally, these have been the most secure, because they don't allow anything to pass by default, but need to have the programs written and turned on in order to begin passing traffic.

These are also typically the slowest, because more processes need to be started in order to have a request serviced. Packet Filtering: Packet filtering is a technique whereby routers have ACLs (Access Control Lists) turned on. By default, a router will pass all traffic sent it, and will do so without any sort of restrictions. Employing ACLs is a method for enforcing your security policy with regard to what sorts of access you allow the outside world to have to your internal network, and vice versa. There is less overhead in packet filtering than with an application gateway, because the feature of access control is performed at a lower ISO / OSI layer (typically, the transport or session layer). Due to the lower overhead and the fact that packet filtering is done with routers, a packet filtering gateway is often much faster than its application layer cousins.

There are problems with this method since TCP / IP has absolutely no means of guaranteeing that the source address is really what it claims to be. As a result, we have to use layers of packet filters in order to localize the traffic. We can't get all the way down to the actual host, but with two layers of packet filters, we can differentiate between a packet that came from the Internet and one that came from the internal network. Hybrid Systems: In an attempt to marry the security of the application layer gateways with the flexibility and speed of packet filtering, systems that use the principles of both have been created. In some of these systems, new connections must be authenticated and approved at the application layer.

Once this has been done, the remainder of the connection is passed down to the session layer, where packet filters watch the connection to ensure that only packets that are part of an ongoing (already authenticated and approved) conversation are being passed. Security is a very difficult topic. Everyone has a different idea of what 'security' is, and what levels of risk are acceptable. The key for building a secure network is to define what security means to you or your organization. Once that has been defined, everything that goes on with the network can be evaluated with respect to that policy. Projects and systems can then be broken down into their components, and it becomes much simpler to decide whether what is proposed will conflict with your security policies and practices.

The need for connectivity to the company network outside of the office has increased dramatically in the past several years. Instead of simply dealing with local or regional concerns, many businesses now have to think about global markets and logistics. Many companies have facilities spread out across the country or around the world, and there is one thing that they all need. They need a way to maintain fast, secure and reliable communications wherever their offices are. Until just recently, this has meant the use of leased lines to maintain a wide area network. Leased lines, ranging from ISDN (integrated services digital network, 128 Kbps) to OC 3 (Optical Carrier-3,155 Mbps) fiber, provided a company with a way to expand its private network beyond its immediate geographic area.

A WAN had obvious advantages over a public network like the Internet when it came to reliability, performance, and security (About, Inc. ). But maintaining a WAN, particularly when using leased lines, can become quite expensive and often rises in cost as the distance between the offices increases. As the popularity of the Internet grew, businesses turned to it as a means of extending their own networks. First came intranets, which are password-protected sites designed for use only by company employees. Now, many companies are creating their own VPN to accommodate the needs of remote employees and distant offices.

There are two common VPN types; remote-access and site-to-site. A remote-access VPN may also be known as a virtual private dial-up network (VPDN), this is a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations. Typically, a corporation that wishes to set up a large remote-access VPN will outsource to an enterprise service provider (ESP). The ESP sets up a network access server (NAS) and provides the remote users with desktop client software for their computers. The telecommuters can then dial a number to reach the NAS and use their VPN client software to access the corporate network.

A site-to-site VPN is accomplished by the use of dedicated equipment and large-scale encryption, a company can connect multiple fixed sites over a public network such as the Internet. Site-to-site VPNs can be either intranet-based or extranet based. An intranet-based VPN would be used if a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect LAN to LAN (McDysan). An extranet-based VPN would be used when a company has a close relationship with another company they can build an extranet VPN that connects LAN to LAN, and that allows all of the various companies to work in a shared environment. A well-designed VPN uses several methods for keeping a company's connection and data secure.

A firewall provides a strong barrier between a private network and the Internet. Firewalls can be set to restrict the number of open ports, what type of packets are passed through, and which protocols are allowed through. Secondly, an encryption method should be used when sending data over a public network. Encryption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Most computer encryption systems belong in one of two categories either symmetric-key encryption or public-key encryption.

In symmetric-key encryption, each computer has a secret key or code that it can use to encrypt a packet of information before it is sent over the network to another computer. Symmetric-key requires that each computer that will be talking to each other have a copy of the key. Symmetric-key encryption is essentially the same as a secret code that each of the two computers must know in order to decode the information. The code provides the key to decoding the message (Cisco). In public-key encryption uses a combination of a private key and a public key. The private key is known only to your computer, while the public key is given by your computer to any computer that wants to communicate securely with it.

To decode an encrypted message, a computer must use the public key, provided by the originating computer, and its own private key. A very popular public-key encryption utility is called Pretty Good Privacy (PGP), which allows you to encrypt almost anything. Another means of security comes by the way of IPSec (Internet Protocol Security). IPSec provides enhanced security features such as better encryption algorithms and more comprehensive authentication. IPSec has two encryption modes, tunnel and transport. Tunnel encrypts the header and the payload of each packet while transport only encrypts the payload.

Only systems that are IPSec compliant can take advantage of this protocol. Also, all devices must use a common key and the firewalls of each network must have very similar security policies set up. (authentication, authorization and accounting) severs are used for more secure access in a remote-access VPN environment. When a request to establish a session comes in from a dial-up client, the request is proxied to the server. then checks the following: Who you are (authentication), what you are doing (authorization) and what you actually do (accounting). The accounting information is especially useful for tracking client use for security auditing, billing, or report purposes (About Inc). Depending on the VPN type (remote-access or site-to-site), that is used there needs to be a certain components to build the VPN. Such as: desktop software for each remote user, dedicated hardware such as a VPN concentrator or secure PIX firewall, dedicated VPN server for dial-up services, NAS (network access server) used by service provider for remote-user VPN access, and VPN network and policy-management center.

Because there is no widely accepted standard for implementing a VPN, many companies have developed solutions on their own. A VPN concentrator incorporates the most advanced encryption and authentication techniques available, Cisco VPN concentrators are built specifically for creating a remote-access VPN. They provide high availability, high performance and scalability. They also include components, called scalable encryption processing modules, which enable users to easily increase capacity and throughput. A VPN-optimized router provides scalability, routing, security and QoS (quality of service). Based on the Cisco IOS (Internet Operating System) software, there is a router suitable for every situation.

A PIX (private Internet exchange) firewall combines dynamic NAT (network address translation), proxy server, packet filtration, firewall, and VPN capabilities in a single piece of hardware Most VPNs rely on tunneling to create a private network that reaches across the Internet. Essentially, tunneling is the process of placing an entire packet within another packet and sending it over a network. The protocol of the outer packet is understood by the network and both points, called tunnel interfaces, where the packet enters and exits the network. Tunneling requires three different protocols: Carrier protocol, encapsulating protocol, and passenger protocol. Carrier protocol is the used by the network that the information is traveling over (About, Inc. ).

Encapsulating protocol is the protocol (GRE, IPSec, L 2 F, PPTP, L 2 TP) that is wrapped around the original data. The Passenger protocol (IPX, NetBeui, IP) is the original data being carried. Tunneling has amazing implications for VPNs. For example, a packet that uses a protocol not supported on the Internet (such as NetBeui) inside an IP packet and sends it safely over the Internet. A packet could be used that uses a private (non-rou table) IP address inside a packet that uses a globally unique IP address to extend a private network over the Internet. In a site-to-site VPN, GRE (generic routing encapsulation) is normally the encapsulation protocol that provides the framework for how to package the passenger protocol for transport over the carrier protocol, which is typically IP-based.

This includes information on what type of packet is going to be encapsulated and information about the connection between the client and server. Instead of GRE, IPSec in tunnel mode is sometimes used as the encapsulating protocol. IPSec works well on both remote-access and site-to-site VPNs. IPSec must be supported at both tunnel interfaces be able to use.

In a remote-access VPN, tunneling normally takes place using. Part of the TCP / IP stack, is the carrier for other IP protocols when communicating over the network between the host computer and a remote system. Remote-access VPN tunneling relies on. Each of the protocols listed were built using the basic structure of and are used by remote-access VPNs: L 2 F (Layer 2 Forwarding), PPTP (Point-To-Point Tunneling Protocol), and L 2 TP (Layer Tunneling Protocol). The future with VPNs as in any technology is more, better, and faster, and that is what Cisco released this past May. Voice and video enabled VPN (V 3 PN) provides cost effective, secure connectivity provided by site-to-site IPSec VPNs for delivering voice, video, and data IP networks.

Integrating this solution provides a network infrastructure that enables the latest converged network applications like IP Telephony and Video. The key benefit to this new technology is to offer a decentralized office, such as home connectivity. Being able to offer off-site video-based training and other such affairs will accomplish the most important thing to the company saving the all mighty dollar. With the corporate culture what it is today where E-Commerce, telecommuting, increase in travel, and the decentralization of operations, the need for remote access in now more than ever. VPNs offer a way to keep costs in check. Using the relatively inexpensive bandwidth of the Internet or a service provider's network to connect a user to a corporate network or carry traffic between sites can reduce recurring communications charges.

Virus Protection for a Company Wide Network Viruses are a security problem that should be addressed with normal security solutions. These include, but are not limited to, establishing written policies to address common security issues, defining appropriate behavior and best practices and publishing them, devising both detection and defense in depth strategies, and clearly defining problem identification and cleanup methodologies (Convert, 2003). To combat viruses, a consistent plan must be devised for the entire network. The company must define anti-virus strategies and policies, including what anti-virus products to use, how to distribute them, how to manage them, and when and where to deploy them. The First Line of Defense The first line of defense in any anti-virus program is the computer desktop. Since viruses can be introduced through removable media, shared network drives, email, web pages, web mail, ICQ and any other means of transferring files, protection at the desktop is critical to a successful virus defense.

This means that all desktops must have anti-virus software installed and running and it must be updated routinely and regularly. Typically, automated updates are controlled by the anti-virus protection software. Scripts can be written to automate the installation and updating of anti-virus software on the desktop (Sch mehl, 2003). By doing so the scripts run anytime a user logs onto the domain servers. Virus protection updates can also be made available through a company web site that allows file transfers, particularly useful for those running on a Mac or UNIX / Linux.

The Second Line of Defense The second line of defense is to educate the users. Instructing users not to open suspect files, not to open suspect attachments, and not to implement a suspect virus infected machine is effectively communicating a standard practice that, believe it or not, most users will tend to follow. The one to do this instructional methodology should be the one that maintains the watchful eye on the network. This would be the network administrator or one of the network administrator staff. This watch dog should involve the users quickly in the fight against virus infection, but should not be the one to cry wolf every time a hoax winds its way inside. It is necessary for the users to establish a trust in this person so that in the true event of disaster, they will be responsive to his / her lead.

The Third Line of Defense Viruses frequently take advantage of security holes and weaknesses in software, as well as insecure default configurations and "features" that haven't been created with security in mind. According to SANS (Sans. org, 2001), the same weaknesses are repeatedly exploited simply because they are seldom repaired, despite the fact that the fix is readily available. (Code Red is proof of this.) To tackle this problem, the Windows Critical Update Notification Service can be installed so the users can be made aware of the need for updates. To cover critical cases, the install can be made to run during login.

In addition, registry changes can be made to prevent especially dangerous programs from running by default. For example, the default behavior of Visual Basic Scripts can be changed so that they open Notepad rather than running a script. Summary of Virus Protection Fighting viruses requires diligence and planning, but it is possible to keep the company relatively virus free. The cornerstone to a successful virus defense is company-wide policies and procedures that establish a unified approach to solving the virus problem. Then it takes a combination of desktop protection, user education, constant OS patching, defense in depth and innovative approaches to implement those policies and make them effective. Red Cross for the Company: Disaster Planning and Continuity Disaster planning involves establishing hot sites, equipment, and material to support the backup of vital company data.

Recovery and continuity in the event of a disaster involves more than these material things in that the resources need to have a method in order to continue the flow of the business process. The ability to bring the company back up on line within (hours / days ) is vital to the continued success of the day to day business dealings. The important thing to consider is how well the company organizes its infrastructure to bend and shape into a new direction that even a sudden loss of a key player in the business may require. Disasters take on many shapes and disguises: natural disasters, man-made failures, business events, legal handcuffs, governmental red tape, riots, strikes, or market forces. These events are not the focus here. The focus should be on the repercussions felt by the company's infrastructure as a result of these events.

At the instant of disaster, different events create different secondary infrastructure effects (Nemzow, 1997). How the company handles the continued operation is the goal. Business Continuity Planning Tools First of all, a planned method for restoration order must be in place at all levels of the company; at each site. This planned method will disclose the order of procedure for restoring the system, as a whole and in part, with regards to the company's resources and agreed upon method. This helps to alleviate any convoluted discussion in the event of an emergency such that no misunderstandings occur as to what action is performed first. Private firms offer insurance plans for business disasters, but that option tends to be expensive and when companies are on the tighter side of an economy, insurance payments tend to be the first cutback that occurs.

Outsourced services are more commonly turned to in the recovery or replacement of damaged equipment. Key players may become incapacitated or even killed by the same disaster that damages the equipment. Planning for outsourcing agencies in the human capital must be realized too. Advanced planning takes several forms. The simplest form up backup structuring is the use of hardware tools for media backup in the form of SANS off the main centers for doing business. Next to be considered is power protection provided by surge protectors and backup battery packs, and alternative communication lines in and out of the various business centers.

Magnetic or optical media are becoming less and less expensive making day to day backup solutions easily attainable. Media backup should be handled by all sites locally as well as remotely through hot-site mirroring. In both cases, backup should be readily accessible in the event of disaster, and that the network devices are available and compatible for recovery efforts. In addition, backup media should be tested for robustness of quality to handle a situation of rolling out for deployment in emergency events. The next level of backup-tool justification includes communications line filters and emergency backup power supplies. First, batteries fail over time and surge protectors silently do their job without indicating that each surge literally wears them out (by burning away some of the metal oxide used to absorb the power spike).

These items should be regularly checked and replaced. It is also imperative to create a backup communications plan. This includes the redirection of routers to alternative paths in the LANs and WANs, secondary phone or data lines, and perhaps wireless service. This plan is necessary to include a know how for these secondary devices to come into play. New router tables may take hours to implement. Dial-up phone lines replacing a dedicated T-3 may not provide the necessary bandwidth that some of the offices need.

Furthermore, people at the remote offices must know how to switch over in order to connect to affected office. By incorporating all of these methods at each site and on the company as a whole, at the very least it can bring some sense of stability in that the course of recovery is already in place. Moreover, the losses can be measured by how soon the profits can start coming back in. Conclusion: Network Solution In today's economy, companies always must consider the cost of doing business. Certainly there could be more stringent plans, and most certainly more flexible ones. The primary focus here is to meet a goal as required by the company.

It is to provide the necessary structure in meeting the speed requirements while not being a suggestion of overkill. Security and monitoring of the system is met; backup and recovery is met; company wide policies regarding each of these areas are suggested. The necessary resources regarding this system are readily available and, within a reasonable timeline, readily deployable. This solution represents a company-wide installation that involves all players abroad and at the home office. It provides a method where all are involved yet when implemented, will run smoothly without disrupting the primary purposes of the company: its uninterruptible business.