Mr. Khoza runs a small business in Midrand, Gauteng. His business has been steadily growing since
its inception in February 2019 in spite of the ill-effects of the COVID-19 lockdowns as well as the
ripple effects of the economic issues and financial markets such as rising fuel prices and inflation.
He, Mr. Khoza, has asked you to design a secure network for his small business. Additionally, he
would like you to design and build a cost-effective network for his business.
The current setup is such that every PC and laptop user uses a 3G dongle to connect to the Internet.
When users need to print, they either copy the work that needs to be printed to USB flash drives
or email their work to any one of the five users whose PCs are attached to a printer – all printers
connect via USB cables.
The new network, according to Mr. Khoza, should cater to at least thirty devices, fifteen desktops
(PCs), seven laptops including Mr. Khoza’s laptop, two servers and four BYOD devices. Additionally,
Mr. Khoza wants to allow visitors such as customers and suppliers to connect mobile devices to get
Internet connectivity. All users with PCs and laptops should still be able to print.
The premises where Mr. Khoza runs his business has six offices (rooms). All the rooms are located
on the same floor. Mr. Khoza has an office and does not share office space. There are two open-
plan offices, the first open-plan office houses seven desktops and the remainder of the PCs are
housed in the second open-plan office. Two laptop users share an office while the other three
laptop users share a separate office. A small storeroom has been selected for use as a server room.
Given the details in the scenario as well as making your own assumptions, provide a
fully labelled WAN diagram for Mr. Khoza’s network. Your diagram must show the
inclusion of the wireless WAN network infrastructure. Accompany your diagram with
a detailed explanation of how the LAN network will work and how it will support and
solve Mr. Khoza’s problems.
In order to design a secure and cost-effective network for Mr. Khoza's small business, the following components and configurations can be implemented:
1. Internet Connection: Instead of using 3G dongles, it is recommended to establish a dedicated broadband connection such as fiber-optic or cable connection. This will provide faster and more stable internet connectivity for all devices.
2. Wireless Infrastructure: To cater to the needs of at least thirty devices, a wireless infrastructure can be implemented. This includes installing wireless access points (WAPs) strategically throughout the premises to ensure adequate coverage. The WAPs should support the latest Wi-Fi standards (e.g., Wi-Fi 6) for optimal performance.
3. LAN Network Configuration:
- DHCP Server: Implement a DHCP (Dynamic Host Configuration Protocol) server to automatically assign IP addresses to all devices on the network. This will simplify network management and ensure proper IP allocation.
- VLANs: Create separate VLANs (Virtual Local Area Networks) for different user groups and network resources. This will provide better security and isolation between different departments and devices. The VLANs can be configured as follows:
a. Office VLAN: This VLAN should be dedicated to Mr. Khoza's office. It will contain his PC, laptop, and any other devices used exclusively by him. This VLAN will have restricted access to other VLANs and network resources.
b. Open-Plan VLANs: Two separate VLANs should be created for the two open-plan offices. Each VLAN will contain desktop PCs and provide secure connectivity among users in the same office.
c. Laptop VLAN: A VLAN dedicated to laptop users can be created. This VLAN will enable laptop users to access the necessary network resources and printers while maintaining security and isolation.
d. Server VLAN: The server room should have a dedicated VLAN for the servers. This VLAN will provide secure connectivity and access control to the servers.
e. BYOD VLAN: A separate VLAN can be created for the four BYOD (Bring Your Own Device) devices. This VLAN will allow visitors to connect their mobile devices to the network without compromising the security or access to other network resources.
- Printers: To enable printing from all PCs and laptops, the printers should be connected to the network using Ethernet cables. Network-enabled printers can be used, or USB printers can be connected to print servers.
4. Security Measures:
- Firewall: Install a firewall to protect the network from external threats and unauthorized access. The firewall should be configured to filter traffic and enforce security policies.
- VPN (Virtual Private Network): Implement a VPN to provide secure remote access to the network for Mr. Khoza and other authorized users. This will ensure that sensitive data transmitted over the internet remains encrypted and secure.
- Antivirus and Malware Protection: Install and regularly update antivirus software on all devices to protect against malware and other malicious threats.
5. Visitor Access: Set up a separate guest network for visitors to connect their mobile devices. This network should be isolated from the internal network to prevent unauthorized access to company resources.
Overall, this network design will provide a secure and cost-effective solution for Mr. Khoza's small business. It will eliminate the need for individual dongles, enable centralized printing, ensure secure access for different user groups, and provide reliable internet connectivity for all devices.