Proposal of centralized telephone system

Proposal of centralized telephone system for BIGCo plc

The company needs a centralized telephone system helps in solving the work remotely, this helps in interacting with customers and colleagues. This helps in accessing the same information and communication services remotely even though they are away. It is mainly used in Conferencing and Collaboration, tools multiple time media. A true conversation of business needs audio conferencing, video chat, presentation, document management these features are present in this system.

Requirements

  • CISCO AS5300
  • VPN4VOIP Router

Configuration of Centralized telephone system from scratch

All the computers are connected to the LAN and configured in a way in which it connects to the VPN4VOIP Router. In one end of the router is connected to CISCO AS5300 which is a VOIP gateway and in the other end connect the LAN and (Normally LAN has email server, web server, DHCP server).Which are protected from Firewall, Intrusion Detection System and Honey pot. Honey Pot, Intrusion Detection System, Firewall are used for network security. The whole network is connected to the internet. In the other end message in and out is controlled by internet with the help of VPN Server, VOIP DID provider, VOIP A-Z termination and VOIP traffic exchange.

NETWORK SECURITY

When the VPN server is in front of the firewall and attached to the Internet, you need to add packet filters to the Internet interface that allow only VPN traffic to and from the IP address of the VPN server's Internet interface.

For inbound traffic, when the tunneled data is decrypted by the VPN server, it is forwarded to the firewall. Through the use of its filters, the firewall allows the traffic to be forwarded to intranet resources. Because the only traffic that crosses the VPN server is generated by authenticated VPN clients, in this scenario, firewall filtering can be used to prevent VPN users from accessing specific intranet resources. Because the only Internet traffic allowed on the intranet must pass through the VPN server, this approach also prevents the sharing of File Transfer Protocol (FTP) or Web intranet resources with non-VPN Internet users.

Firewall

Firewall is a tool/device used to protect a particular network or a group of networks by preventing outsiders from accessing the internal network. This security is depending on rules applied on the level of configuring the firewall, even though its not a bullet proof it can resist many malicious programs, hackers and sniffers. The firewall is configured in a way it is connected to the internet and the web server. Packet filtering must be configured for both perimeter network interface and internet interface. Before Email, FTP or WWW enters into the network they are scanned and ensured that they are safe.

In IP suite of all protocols, protocol uses numerical identifier for the packet of the endpoint for point-to-point communications. Such endpoint is called as ports and for every port it has a unique identifier, its port number. These are assigned by IANA (Internet Assigned Numbers Authority)

Packet Filters for PPTP (Point-to-point tunneling protocol)

In Input Filters action drop all packets

Destination IP address /subnet mask of 255.255.255.255

IP protocol ID of 47:- Filters PPTP data from PPTP client to the PPTP server

TCP destination port of 1723:- Maintenance traffic from the PPTP client to the PPTP server

IN Output Filters action drop all packets:

Source IP address/subnet mask of 255.255.255.255

IP protocol ID of 47:- filters data from VPN server to VPN client

TCP source port of 1723:-Maintenance traffic from the VPN server to the VPN client.

Packet filters for L2tp/IPSec (Layer two tunneling protocol over internet protocol security)

In Input Filters action drop all packets

Destination IP address /subnet mask of 255.255.255.255

UDP port of 500:-Filters Internet Key Exchange (IKE) to VPN server

UDP port of 4500:-Filters traffic of IPSec NAT-T(network address translator traversal)

UDP port of 1701:-Filters L2TP packet traffic from the VPN client to the server.

IN Output Filters action drop all packets:

Source IP address/subnet mask of 255.255.255.255

UDP port of 500:-Filters Internet Key Exchange (IKE) from the VPN server

UDP port of 4500:-Filters traffic of IPSec NAT-T(network address translator traversal)

UDP port of 1701:-Filters L2TP packet traffic from the VPN server to the server.

Honey Pot

Honey Pot is a security to distract the intruder from hacking the system. Two or more honey pots on a network form a honey net and as well as combining honey net forms honey form. This helps in monitoring, recording the events of intrusion from outsiders and report to the management. It is designed in a way that it attracts the intruder by faking this system is the server.

Reference :- computer security (Willam Stalings)

Intrusion Detection System

This system is used for the security of networks and management. Network based IDS are used to detect outside attackers this detects network attacks, network misuse and anomalies. Host based IDS are used to detect inside attacks this system includes suspicious application activity.

Monitoring system activities, tracking user privileges, understanding the method of attacks being tried to penetrate the system.

http://www.intrusion-detection-system-group.co.uk/

Anti-Virus

Anti-Virus is mainly used to prevent, detect, delete and neutralize computer viruses, including trojan horses and worms from a computer. There are two type identifying virus, detection signature based and heuristic based. In signature based it compares the file with the dictionary of virus signature and heuristic based like activity detection used to find unknown viruses. Intrusion detection software can also be installed in the system to monitor the events in computer and report to the management. The good anti-virus now is Bit Defender which has some interesting features.

Features of Anti-Virus (Bit Defender):-

  • This defender can protect from threat detection like virus, worms, trojan, spyware, malware and rootkit
  • Additional protections are browser exploits, OS exploits, Keyloggers, Inbound Email Protection, Outbound Email Protection, Instant Messaging Protection, P2P/File Sharing Protection, Registry Startup Protection, Dialers, Backdoor, Hackers, Phishing
  • They have all scanning capabilities

Phone Security

For security on the peers of network, all phone lines should pass through symmetric NATs and firewalls. Secure Real time Transport protocol is existing security and ZRTP protocol on soft phones. Mobile VOIP turns into SIP mobile to send/receive.

Opportunistic encryption

Normally In every windows there is default tool for encrypting called opportunistic encryption we can enable it in the settings, this encryption is to counterattack the passive wiretapping.

Secure Access web mail

It is better to access business e-mail through the organization exchange like microsoft exchange server. Recently lotus notes users can receive secured e-mail through lotus inotes ultralite. For sending and receiving web mail like normal gmail/yahoo mail using SSL is necessary or it is like a post card.

Browsing the Web using safari

The iPhone safari security settings are used for disabling pop-ups by blocking them, this leads in preventing malicious expose pop-up and prevent from infection. Disabling cookies completely and stopping third party applications being installed using the safari settings.

http://www.pcworld.com/businesscenter/article/152128/six_essential_apple_iphone_security_tips.html

GPS Phone Tracking

This tracking system is useful when the phone is misplaced or been stolen. With this Tracking system we can identify the phone using base station from where the transmission is being held. Usually apart from WIFI to communicate Phones, mobile base station is needed to access the mobile through which the phone can be identified.

Auto Erase

If the iPhone is lost we can erase all data remotely not letting them to get view the information and get back up information located in the desktop by avoiding people to get information.

Data encryption

It can store encrypted information to protect data and it can be accessed with a password.

http://hubpages.com/tag/iphone+sensors/hot

Remote lock

This remote lock is activated when incase of battery low, SIM card replacement, attempts to login x number of times

CISCO AS5300

Cisco plays a vital role of inter-networking computers and people with this access server. It is configured in a way it which can link 2 device and transmit packets across that path. This Router is capable of supporting different protocols like ethernet, token ring and others. They connect LAN to WAN which makes us much simple to build a centralized planning .

Cisco AS5300 has interesting features like Access VPN, Call center solutions, Long distance, Voice over broadband termination, ASP hosting and termination, Hosted IP telephony, Pre paid calling card.

The access servers can be used as Captive portal, VOIP.

  • An ISP is capable to access network via modem and can have NAS devices which connects PPP/PPTP.
  • Captive portal used to connect remote workers through WIFI, when the handshake is done, it can access the internet like a normal WIFI. Basically for VOIP, to access it needs username and password, this tool identifies if the IP Phone is valid then the call connects.

VPN (Virtual Private Network):-

This is a technology in which private networks connects to public networks to connect users and remote sites. Usually data which is passing on VPN is not generally visible and even data are encrypted.

The VPN connects Intranet, Extranet and Remote Access

Intranet:- Encryption and reliable throughput

Extranet:-Safe L3 security, Extends WANS to Partners

Remote Access:-Encrypted tunnels across a public network and client

VOIP DID Provider

DID (Direct Inward Dialing) is a virtual phone number, using it we can dial from remote places and this provider will forward the call to specific VOIP phone. Every DID provider will give DID numbers to particular relevance for VOIP communications to get connected to PSTN(Public switch telelphone network) to get connected to VOIP networks. All DID numbers are assigned by the administrators of the VOIP network.

VOIP A-Z Termination

This helps in improving the quality of the routes. When a call is set in a route, it it is not serviced, it automatically routes to another until it is serviced. It provides us VOIP solutions like hardware, billing and traffic termination.

VOIP Traffic Exchange

This exchange helps to communicate between phones with H.323 and SIP protocol. By this exchange it creates a bridge between PSTN and VOIP.

IP Telephony

IP Telephony enables VOIP in networks, it combines the remote phones, mobile phones and PC phones into single network. It converts voice communication into data packets and sends the packets through IP network. For international standard IP telephony systems Sip is used, SIP (session initiation protocol) is flexible for business communication. With the help of PBX these can be routed and in some cases PBX are inbuilt in routers.

VPN4VOIP Router :-

It allows users for a secure remote access through internet. It functions between Application Layer and Transmission Control Protocol. SSL VPN has inbuilt client software to receive calls and forward calls through SSL VPN gateway. SSL VPN uses Port 443, which will open when the end users want to communicate and this port has self firewall configured and it does not need any special configuration. It also checks to make sure that no malicious programs penetrate the client side through anti - virus. We can share/access to network file remotely.

Since the data and applications running through packets are secured, no one can find what the packets are.

  • Transaction of Packets in SSL VPN
  • Every SSL VPN has name of the trusted authority which verifies and server's public encryption key. The client creates a number with server's public key and it sends to the end user, the end user decrypts with a secret key.

  • SSL VPN has three levels of application access
  • Tier 1: Allows to access web and file based resources direct through the SSL VPN gateway.

    Tier 2: Secure application manager

    Tier 3: Full network connectivity

Please be aware that the free essay that you were just reading was not written by us. This essay, and all of the others available to view on the website, were provided to us by students in exchange for services that we offer. This relationship helps our students to get an even better deal while also contributing to the biggest free essay resource in the UK!