Network Infrastructure and Cybersecurity Project
Project Overview
This project was developed to design and implement a modern network infrastructure and virtualization solution for Dublin Pharmaceutical Limited (DPL). As the company expanded to a new greenfield site, the focus was on ensuring secure communication, high availability, and optimized operations using advanced networking and virtualization technologies.
As this project is complex, I have not posted all the technical details here. If you are interested, please get in touch.
Objective
The primary objective was to design and deploy an infrastructure capable of supporting high availability, fault tolerance, and secure inter-office and internet communication. This included network design, IP management, VoIP solutions, and implementation of security best practices such as firewall rules and VLAN segregation.
Key Technologies Used
- Networking Models: TCP/IP and OSI layers, applied to ensure compatibility and communication across devices.
- Routing Protocols: OSPF (Open Shortest Path First) for WAN communication between the main office and partners.
- Hot Standby Router Protocol (HSRP): Used to provide redundancy and failover capability for critical paths in the network.
- VLANs: Virtual LANs were implemented to segregate network traffic for different departments and enhance security.
- VoIP: Voice over IP was implemented for efficient and cost-effective communication using Cisco devices.
- Virtualization: VirtualBox was used to virtualize CentOS servers, providing services such as DHCP, DNS, and SFTP.
- Google Cloud Platform (GCP): Cloud-based VM instances were set up to enhance disaster recovery and business continuity.
Network Infrastructure Design
The network followed a hierarchical design model based on Cisco's best practices. The key components include:
- Core switches providing high availability and routing for internal and external communications.
- Access switches configured with VLANs for departmental segmentation (Manufacturing, R&D, Sales/Marketing).
- Firewall rules for external communication filtering and internal network security.
VLAN Configuration
To segment the network, VLANs were created for each department, ensuring secure communication within their broadcast domains. Trunk ports were used to allow multiple VLANs to pass through a single link.
vlan 10
name Manufacturing
vlan 20
name R&D
vlan 30
name Sales
VoIP Implementation
The VoIP system was deployed using a Cisco 2811 router, configured to handle IP telephony services. A dedicated voice VLAN (VLAN 50) was used for efficient communication between IP phones.
Virtualization
Virtualized services such as DHCP, DNS, and web services were deployed on CentOS virtual machines, both locally via VirtualBox and remotely via Google Cloud Platform (GCP).
Key services included:
- DHCP: Automates IP allocation for internal devices.
- SFTP: Secure File Transfer Protocol service set up for secure file transfers.
- DNS: Domain Name Service providing name resolution for internal networks.
Security Best Practices
Security was a major focus of this project. Key practices implemented include:
- RADIUS for centralized authentication and access control.
- Password encryption on Cisco devices using
service password-encryption. - Firewall rules to restrict traffic based on whitelist policies.
- Regular security patch updates for both network devices and virtual machines.
Testing and Evaluation
Network and system tests were conducted in phases to ensure all components functioned as expected. This included:
- Ping and traceroute tests to validate network connectivity.
- VoIP call tests to confirm successful IP telephony deployment.
- DHCP and DNS tests to verify IP address allocation and name resolution.
Conclusion
This project successfully delivered a robust, secure, and scalable network infrastructure for DPL. The combination of advanced routing protocols, VLAN segmentation, VoIP services, and virtualization created a future-proof solution capable of supporting the company's growth.