GENERIC MODEL OF NETWORK SECURITY LABORATORY FOR HIGHER LEARNING EDUCATION

Transcription

1 GENERIC MODEL OF NETWORK SECURITY LABORATORY FOR HIGHER LEARNING EDUCATION NOR MAZLINAWATY BT ABDOL MALLIQUE This report is submitted in partial filfillment of the requirements for the Bachelor of Information Technology and Communication (Computer Networking) FACULTY OF INFORMATION AND COMMUNICATION TECHNOLOGY UNIVERSITI TEKNIKAL MALAYSIA MELAKA 2007

2 ABSTRACT Security laboratory becomes necessary for a higher learning center which provides computer science with security components. Hands-on experiences and practical skills obtained fiom working on lab assignments are an organic part in the teaching of the Network Security class for students to understand the underneath theoretic parts. Without hands-on, real-world projects, it is difficult for the learners to integrate the acquired security theories and knowledge with up-to-date security technologies and practices. Computer science educators who are interested in teaching computer security in a "realistic" context are thus faced with a unique challenge: Setting up 'real-world' computer security laboratories and assignments, without negatively impacting the rest of the campus network. It has been recognized for some time now that education in information security is better served by a laboratory component that reinforces principle and theoretical analysis learnt in the class room with a follow up hands-on component performed in an appropriate laboratory.

3 ABSTRAK Makmal Keselematan kini merupakan keperluan bagi pusat pengajian tinggi yang menawarkan kursus Komputer Sains beserta dengan komponen keselamatan. Pengalaman kerja-kerja amali yang diperolehi dengan melaksanakan latihan makmal merupakan kaedah paling penting dalam mengajaran dan pembelajaran Keselamatan Rangkaian, bagi para pelajar memahami dengan lebih mendalam apa yang dipelajari selama ini melalui teori. Tanpa latihan amali dengan suasana keadaan sebenar, agak rurnit bagi tenaga pengajar untuk menggabungkan ha1 berkaitan keselamatan yang diperolehi ketika teori clan pengetahuan mengenai teknologi terkini serta mempraktikkanya secara amali. Tenaga pengajar Komputer Sains yang begitu berminat untuk mengajar Keselamatan Komputer di dalam konteks "dunia sebenar" menghadapi cabaran yang unik: Menyediakan 'dunia sebenar' makmal keselamatan komputer dan latihan yang bersesuaian, tanpa menggangu sebarang aktiviti rangkaian kampus. Kini telah diakui bahawa pembelajaran di dalam Keselamatan Maklurnat seharusnya dilengkapi dengan komponen maklmal dan diperkuatkan dengan prinsipal dan analisis teori yang dipelajari di dalam bilik kuliah dan adanya latihan amali susulan yang dijalankan di dalam makmal yang bersesuaian.

4 CHAPTER I INTRODUCTION 1.1 Project Background It seems every day there is a story about computer network being compromised by hackers. Hackers were able to penetrate computers during certain amount of period before they were detected. It would be fortunate if the computers contained only nonclassified personnel information rather than having national security threatened. Across the rest of the world security has become important issue ever since and because of that education programs under university has offered courses related with security. It goal is to put awareness among Computer Science (CS) and Information Technology (IT) graduates to prepare themselves to any kind of threat to network environment. With the world without boundaries we open with many possibilities lead to uncertain damages. Although many universities add a security component to their CS and engineering curriculum but there exists a lack of computer security components implementation in many of their syllabuses. Meaning, numbers of programs continue to teach information security in old traditional structure which focus only on theoretical principles and analysis. Even though acknowledge theoretical concepts are important and need to be taught but nevertheless it is also important to let students have hands-on

5 experiences and practical skills obtained from working on lab assignments. This is the part in the teaching network security class for students to understand the underneath theoretic parts. In programming course it is irrational to expect a student to learn it only by reading about the subject, therefore it is also irrational to expect student to learn computer security through discussion in class and from reading only. Hence for good information security course which focus on application and operational concerns a supporting laboratory becomes necessary. In order to come out with the best security laboratory model it requires combination of good design and engineering. A laboratory for information security education can be designed in a different manner depending on the nature of the program and the course being serviced. However, there are certain general principles that guide the design of such a laboratory. Specifically, a well designed laboratory should possess characteristics like reconfigurable, heterogeneous, scalable, cost effective and robust. This project is to provide general model for security laboratory in university. It covers from analysis done with other universities which have been implement this method, design the model that go well with university based on cumculum and simulate the model. Hoping this study can a benchmark for higher learning institute to consider more efficient way to setup the best security laboratory. 1.2 Problem Statement(s) The motivation of this project comes from problems which are caused by implementing hands-on security components course in university level respectively. This project will overcome the problems and weaknesses that could be solve which are:

6 1.2.1 Needs to protect Campus Network Recent years have seen an increased awareness on the importance of a laboratory component in information security education. Security engineering components are best taught by reinforcing concepts taught in the class by hands-on experiences in the laboratory. Since there were almost no available lab manuals can be used to explain details about security for undergraduate level sometimes lecturer may have come with own lab exercises to accommodate curriculum on acquiring practical. For programs like this that do have such components in computer security, a common difficulty is to integrate real-world labs into the courses, in order to provide hands-on experiences to the learners Potential Illegal Activities against University Policy Due to concerns for security breaches and network hacking, system administrators are reluctant to allow computer security labs to be deployed in the campus network. Unless deployed in a isolated computer lab, projects involving hacking techniques, such as network sniffing and virus scripting, are generally prohibited in the campus network. Without hands-on, real-world projects, it is difficult for the learners to integrate the theories and knowledge acquired in the classroom with up-to-date security technologies and practices.

7 1.3 Objective Essentially, the main objective of this project is to develop a generic model for security laboratory in higher learning institutes To Analysis Current Design Implement by Other Higher Learning Education Learn current network security laboratory in local higher learning education and information technology training center. The analysis also includes other universities in the region. All these information such as network design and courses offered is useful to precisely generate the general model for security laboratory that should be use by higher learning center To Design Security Laboratory Generic Model The highest challenge is to design a highly reconfigurable laboratory for information security education it also describe the rationale for the design and give examples of a few typical assignments that the laboratory facilitates. This is the one that mirrors an actual enterprise and allows machines to be "attacked" while protecting the campus and external networks To Simulate the Generic Model A simulation is done in designing assignments that model real-world situations like finding vulnerabilities in a system and using them to gain access to the system. The final step is designing larger exercises or projects that can be' undertaken at the capstone level or at the graduate level.

8 1.4 Scopes This study case will focus on how to implement secure laboratory in order to cater computer science curriculum in university. There exist many challenges in designing setup for realistic computer security laboratories and assignments. The generic model design is based under circumstances listed below: Case Study from selected Education Center Information is collected from varies different university in the region. Most data gets from local universities and network security training center in Malaysia and includes the rest of case study are fiom three different universities in United States which have information security in their courses syllabus. By studying higher learning institute from both regions it also possible to review their syllabus and make comparison for security engineering fields. University has policy in letting access from external user into their design or curriculum source. Most information is fiom journals and published papers fiom the university. It is hard to go in depth about actual design from the university because such information is confidential. Sources from ACM (Association for Computing Machinery), IEEE (Institute of Electrical and Electronics Engineers) and Science Direct really helpful Laboratory Accommodation According to book Guidelines for Laboratory Design Health and Safety Considerations 3rd Edition "In many high schools classes, the number of students may not exceeded 30, whereas in some undergraduate college and university laboratories, the number is sometimes larger". The design should able to accommodate minimum of

9 30 students per session. It also may have ability to support multiple platforms on order to imitate real world environment. The lab should not interfere or open to campus or training center atmosphere this is to make sure activities done in the lab doesn't involves smoothness of daily activity Simulation using OPNET Simulation is where loss of packets and node, bit error in each packets, request from application with probability density function are allowed to simulate. Animations of network behaviour is possible to run after simulation, the smallest step time is pic0 seconds. Later to simulate the design OPNET Modeler will be use. OPNET Modeler is industry solution for modelling and simulation of communications networks, devices, and protocols. It is object-oriented modeling approach and graphical editors mirror the structure of actual networks and network components. OPNET Modeler supports many network types and technologies. It is based on a series of hierarchically related editors that directly parallel the structure of actual networks. The first editor is Network Editor, which graphically represents the topology of a communication.network. Networks consist of node (switch/router, server etc.) and links model (Ethernet, ATM, FDDI etc.). It is possible manage complex network with unlimited subnetwork nesting such as country, city, building, floor etc. Network editor provides geographical context, with physical characteristic of the networks. 1.5 Project Significance As in the "Generic Model for Network Security Laboratory Implement in University", the significance of the project is to be use as'reference model for other university in designing a laboratory better serve as security lab that support theoretical

10 learn in class room with hands-on component. This model design is highly reconfigurable for security education. It also may minimize old traditional framework use to teach information security course that focus on theoretical principles and analysis. Besides that, the project significant is mainly to come out with good general model design so university may compare either to have a lab that integrate with campus network without cause disruption and support courses and assignments requirement or have an isolated laboratory. A fill analysis will support this decision making by university. 1.6 Expected Output The expected output fiom this project is to generate one general network security laboratory design that may support university curriculum. This model should be use as a benchmark for other university in order to implement dedicated practical laboratory for their students. The design should support and look in every angle of network design and suggest better design for higher learning institute especially in network security field. Furthermore this project is also to analysis on current universities that already implement such design, understand how the design integrated with their network environment, analyze and compare security courses assignments between universities. By doing research on published papers and journals roughly design on how the university implements it design. This project may include the collected design from varies universities and general model design to support courses requirement.

11 1.7 Conclusion In designing the model many issues need to be taken into account. By end of the day the design should serve as prototype for university that offered network security course and haven't yet have particular laboratory to support the courses need. Having theory and practical concurrently helps student understand more about their and course and advantage fro university to enroll new potential students. Research will make acquainted with the basic concepts and technologies used in the literature review and project methodology (Chapter 2). The analysis phase (Chapter 3) the environment or context in which the problem occurs will be analyzed. The following phases are design (Chapter 4) and implementation (Chapter 5). Then is the testing process (Chapter 6), which will describe the activity and testing strategy to be adopted and whether it finally hlfill the specification of project or otherwise. Finally, observation and conclusion will be making towards the project.

12 CHAPTER I1 LITERATURE REVIEW AND PROJECT METHODOLOGY 2.1 Introduction In continuing the report for project "Generic Model for Network Security Laboratory Implement in University", literature review is important in order to study the basic about the subject of the project. Literature review is a process to search, collect, analyse and concluded all debates and issues raised in the work that been done previously. This chapter has four important parts. There are facts and finding, project methodology, project requirements and project schedule and milestone. The fact and finding will cover three related issues t be discussed. The first issue is to identify all terms and definition of this project. The second issue is explanation on the development for the model. Last but not least a review or a case study of software and tools available in the market to support the project phase for simulation of the model. The project methodology part will state the selected approach methodology used in this project. The project requirements are focus on the analysis, logical and physical design. It also emphasize on technique, software and hardware with other requirements to develop this project. This chapter also will be attached'with project schedule and milestone as to ensure a good project planning.

13 2.2 Fact and Finding (Based on Topic) There is lot of techniques used to gather information that related to the project through Internet, book etc. These initial documents will provide some valuable information to determine the basic view for the project. The theory and concept from the passed research, references, case study and other can be applied in order to understand the thesis Terms and Definition Network Security According to [I], network security is usually discarded when it contends with performance. The reason is simple, and at one time it may have even been valid: performance directly contributes to the bottom line while security provides only indirect benefits. But as the world becomes more tightly interconnected, organizations are feeling a greater need to rediscover network security. A thread that spans most definitions of network security is the intent to consider the security of the network as a whole, rather than as an endpoint issue. According to [Z], computer and network security has come to the forefront as denial of service attacks and malware challenge the confidentiality, integrity, and availability of distributed computing environments. Look no further than recent headlines to understand the prominence of identity theft and phishing, evidence that protecting information assets is not only good security but good business. strengthening our nation's defense against malicious IT attacks on computer systems has taken on an important role in the last few years. In this time period the Internet has grown from a static web "homepage" distribution system to a flourishing society that is engaged in transacting business all over the world. Our society and

14 economy today are dependent on information technology and information infrastructure PI Network Security Course The recent focus on security education, kindled by the NSA Center of Excellence in Education program [3] has seen a variety of universities add a security component to their computer science and engineering curriculum. As a result, now have 36 universities that have been designated as Centers of Excellence in education. This has been supported by [4], increasing awareness of the vulnerabilities of computer systems has led to the introduction of several programs in computer security. Most of these programs are meant to attract graduate students. This was supported the earlier idea of [7] Network Security Laboratory In [6], Irvine points out that securing a system requires a "marriage" of good science and engineering. And that engineering components are best taught by reinforcing concepts taught in the class by hands-on experiences in the laboratory. She further points out that just as it is unreasonable to expect a student to learn programming only by reading about it, it is also unreasonable to expect students to learn "security engineering" solely from discussions in the class room. Similarly, [7] also make the case for laboratory based instruction in information security and in fact provide detailed examples of specific courses and lab projects that accomplish this goal. Teaching computer security in a "realistic" context is thus faced with a unique challenge: Setting up 'real-world' computer security laboratories and assignments, without negatively impacting the rest of the campus network.

15 An undergraduate internetwork, security-teaching laboratory, which includes both defensive and offensive security laboratory experimentation, is described. This laboratory is oriented toward an introductory internetworking security class and is intended to complement more theoretical network security classes while sparking student interest. The laboratory is unique in that it uses an isolated laboratory network that provides a simple model of the Internet, including an enterprise network component, a university component, a "good" Internet service provider, and a "bad" Internet service provider. This setup is in contrast to typical educational laboratories, which use only a few physical computers with virtual machines Case study on similar projects There are other universities have already implement own network security design. Computer security and computer security education are areas of increasing importance as computer systems become more interconnected. When offered, undergraduate and graduate computer security courses are routinely taught using a traditional lecture format. The integration of computer security into existing Computer Science undergraduate education is an urgent and complicated task. With the increasing risk of computer intrusion, computer crimes and information wars, Computer Science educators bear the responsibility of cultivating a new generation of graduates who are aware of computer security related issues and are equipped with proper knowledge and skills to solve the problems. The task of integrating computer security into existing Computer Science programs, however, is complicated due to the fact that most faculty members lack the specialty knowledge in this field.

16 The Information Systems and Internet Security Laboratory at Polytechnic University (ISIS). Brooklyn, NY. ISIS was initially started as the result of an NSF CCLI grant to develop a sequence of undergraduate courses in computer and network security and an accompanying laboratory. Initial lab and course design was done with the assistance of ISSL at Iowa State University which has long been an NSA designated Center of Academic Excellence in information assurance education and research. ISIS has been running for more than two years now and the lab and the courses it supports have proved to be immensely success~l. In fact the role of ISIS has been significantly expanded beyond its original scope and design and it now serves as a center of education and research in information assurance at Polytechnic University. a. The Design Features ISIS consists of heterogeneous platforms and multiple interconnected networks to facilitate hands-on experimentation and project work in issues related to information security. ISIS lab is divided physically and logically into three areas, namely The Student Workstation Network, The Server Cluster, A Secure Systems Experimentation Testbed (ASSET).

17 Pob Nehvork Backbone Master Router~Firewall Only wgpin HlTP SSk telnei SMTP IMAP and ft$ balk is allowed * Only outgoin H IT SSk Ielnel and ftp baffic is a lhc Figure 2.1. ISIS Lab Architecture Showing Three Main Components Figure 2-1 shows how these three components are interconnected with each other and also with the external campus network. The student workstation network and the testbed ASSET are inside a class A private network so that they are isolated fiom traffic on the campus network and the internet. The private network is created using a router with NAT capabilities. This router is shown in Figure 2-1 labeled as theumaster Router". Usually a private network is created to hide internal network topology and expand the range of IP address availability. b. Useful Design Features It is critical to separate their network traffic from the external network in order to stop internal traffic, malicious and otherwise, from reaching the external network. The router will prevent packets fiom internal traffic to escape out into the external network. The second advantage that a Class A private network provides is the large number of subnets that can be created within it. We could potentially have 216 subnets with 250 hosts in each subnet in the network.

18 In addition to performing NAT, the master router also is configured to act as a firewall in order to impose restriction on traffic flowing to and from the internal network. Furthermore, traffic from and to the testbed network from the workstation network and the server network is restricted by a second firewall labelled as the TestbedIRouter Firewall in Figure 1. This ensures that any attack traffic in the testbed network does not enter the workstation network or the server network DCSL - Distributed Computer Security Lab of University of Houstan, Clear Lake, Boulevard Houston. Computer science educators are interested in teaching computer security in a "realistic" context are thus faced with a unique challenge: Setting up 'real-world' computer security laboratories and assignments, without negatively impacting the rest of the campus network. The primary goal of the project is to develop a Distributed Computer Security Lab (DCSL) to answer the challenge. The challenge basically is to set up 'real-world' computer security laboratories and assignments without negatively impacting the rest of the campus network. To mitigate the above-mentioned problems, project focuses on designing a distributed computer security lab across multiple sites, to simulate how a real-world corporate network would be configured. The distributed lab can be used as a test bed for projects related to security in distributed systems, such as those related to network and Internet security. One of the benefits provided by such a distributed lab model is its potential to enable a computer security lab to share its computing and networking resources with a smaller university or college. Such remote sharing capability is desirable especially for smaller colleges where resources tend to be limited.

19 a. The Design Features The high-level configuration of the cross-campus Distributed Computer Security Lab (DCSL) is depicted in Figure 2. The distributed lab currently consists of two sites communicating over the Internet via DSL connections, although each site is insulated from its respective campus network. In a sense, the two labs are external to its respective campus network Figure 2.2. A Model of Cross-campus Distributed Computer Security Lab (DCSL) The model is expandable in the sense that more sites may be added to the distributed lab. Resources across the various sites may be shared when secure remote access mechanisms (such as VPN) are implemented. b. Useful Design Features In order to design a distributed computer security lab for testing system vulnerabilities and control measures, started by identifying the vulnerability points that may exist in a typical enterprise network. Different sites in the DCSL may have different set of equipments and network configurations. A typical site in the DCSL may consist of four test beds: (a) a local area network (LAN) to simulate a corporate or campus network with integrated firewall, VPN server, and authentication servers; (b) a wireless LAN,

20 which is composed of several access points and wireless clients; (c) a second LAN to simulate a remote site; and (d) remote connections through the Internet, which simulate a home office, a small office, or access over a wide-area mobile network. A unique feature of the DCSL is its independent Internet connection, which enables the lab to be insulated from the campus backbone, while remaining connected to the Internet. The prototype network at UHCL and UHD each has a dedicated DSL connection to the Internet, allowing them to form a distributed computer security test bed, while remaining insulated from the respective campus network. When designing the DCSL, an early decision was made that, before making major purchase of the instrumentations, investigate the hardware and software components that would like to include when deploying the DCSL Related Features for Expected Generic Model Design Laboratory for information security education can be designed in a different manner depending on the nature of the program and the course being serviced. However, there are certain general principles that guide the design of such a laboratory. Specifically, a well designed laboratory should possess the following characteristics: Reconfigurable: The lab should be highly flexible and re-configurable. Different topics and assignments require different operating systems and/or network topologies and it should be possible to change the configuration of hosts and networks easily and efficiently. Heterogeneous: The lab should comprise of multiple platforms from multiple vendors. A lab with homogeneous environment does not effectively train students to cope with real world situations.

21 Scalable: The lab should be scalable and should be able to sustain many students, and still have enough duties for each student to handle. Student groups should not get large due to lack of resources. Cost Effective: The cost of setup and maintenance of the lab must be far less them what is being simulated by the lab. For example, the lab should effectively simulate a small to medium enterprise network but the cost for building and maintaining the lab should be far less then the cost of a moderate enterprise network. Robust: The lab should be able to sustain and handle inadvertent damage by the students. For example, it should be possible to quickly recover the set-up and configuration of a host node even after a student accidentally causes a malicious program to erase the hard disk. Maintainable: The lab should be easy to maintain. Routine tasks like back-up and application of software patches should be easy to perform and automated to whatever degree possible. Realistic: The lab should provide practical and first hand experience to students in a network environment that is close, in terms of complexity, to a network that they might encounter in a real world enterprise. Insulated: Activities in the lab should not effect traffic on the campus network. There should be sufficient amount of separation and isolation enforced between the lab network and the external network. The presence of the lab should not be a cause of concern to campus network authorities.

22 Below are the challenges they identified in the design issue, which need to be achieving when designing the model. i. An insulated but connected lab: In response to challenges (need to protect campus networks, need to access the Internet, difficulty to simulate enterpriseldepartmental level network environment), has Internet connectivity via DSL connections without going through the campus backbone. Although each site is completely separated from the respective campus network, the DSL connections allow the distributed sites to communicate with each other. This separation facilitates enterprise-level distributed experiments without the danger of intruding the campus networks. ii. An easily configurable lab for various experimentations (in response to challenge difficulty in allocating various resources for different assignments): DCSL consists of a dedicated test bed of computers, which are equipped with swappable hard drives and are connected via switches that support VLAN. The test bed can be easily reconfigured to satisfy the requirements of different projects. The test bed can be configured to simulate a real-world environment, such as a virtual corporate network with a set of virtual LANs connected via routers. Assignments that involve virus attacks, for example, can be deployed in such a virtual network. iii. A dedicated computer security lab with VPN support for remote access (in response to challenges e, resource needs for students to develop their solutions, and easy and secure access to the resources): In the DCSL lab, a test bed of workstations is provided for students' use. With swappable hard disk units in each of the workstations, different projects can use different set of swappable disk units, thus allowing multiple projects to be conducted simultaneously in a given semester. In addition, the DCSL supports VPN (Virtual Private Networks), which is the most commonly adopted security technology by corporations to assure secure remote access to the corporate networks and back-end servers. A student working at home may use VPN to open a secure channel between his home computer and the DCSL test bed. For those who like to

23 work in the campus, DCSL is configured as a dedicated laboratory, and thus is separated from the general laboratories. iv. A sharable and secure lab: In addition to be used by the students and faculty locally, an interesting feature of the DCSL design is its potential to support remote sharing of the resources in the lab. Currently the DCSL comprises two local labs respectively in two campuses. The DSL connectivity allows the two labs to be remotely connected to form a distributed platform. With site-to-site VPN implemented, users at a site can securely access resources available at the other site, or run security projects across the distributed platform. More local sites may be added in the future into the DCSL. v. Incorporation of emerging technologies: Wireless networks are part of the DCSL. Wireless local area networks (WLAN) and mobile networks are needed to study wireless security. The wireless LANs in DCSL are compliant to the newer IEEE g standard, which is backward compatible with la and b. It is well known that the WEP (Wired Equivalent Privacy) protocol, which comes as the default security feature of protocols, is not sufficient to enable secure wireless communication. Thus, we are in the process of adding other security features, such as LEAP, VPN, SSL, and the forthcoming i to address the security issues in protocols. In addition, the lab incorporates other enterprise-level security technologies such as VPN, which not only supports secure remote access, but also enables projects experimenting with secure remote access to the back-end servers Simulation Software: OPNET Organizations rely on software applications to successfully execute their strategies. The increasing use of networked applications to conduct business has resulted in significant growth and complexity of their associated infrastructures. Commercial and government enterprises, service providers, and defense organizations confront significant challenges related to the cost, risk, and performance of networks and IT infrastructure.

24 OPNET's Capacity Planning and Design solutions leverage OPNET's unique virtual network environment, which provides an ideal venue for infrastructure planning. The virtual OPNET model accurately captures the behavior of networks, applications, and servers, allowing organizations to pro-actively provision the infrastructure to meet performance and availability requirements of new and existing applications and services. OPNET products embed expert knowledge about how network devices, network protocols, applications, and servers operate. This intelligence enables users in network operations, engineering, planning, and application development to be far more effective in optimizing performance and availability of their networks and applications. Service providers rely on OPNET software to optimize the use of existing network resources, maintain service levels, plan new strategic offerings, and manage operational risks associated with growth, consolidation, and outages. 2.3 Project Methodology - Requirement Driven Methodology There are two scenarios in which this method is best applied: for an existing network with problems or a new network. When an existing network has a clearly defined problem, a requirement in this scenario is generally defined as either a new or repairlfix of an existing network. In this case, the client determines specific cost parameters, business processes, and applications to be supported and adhered to. The second scenario is more focused. A specific problem needs to be solved and a new business process, application, or network delivers the solution. Here the client provides the business case, direction, cost parameters, and processes to be used in implementation or design. In either case, the requirements are clearly delineated and specified, and are documented as part of the initial planning. This method uses some of the same steps as those illustrated in the previous two methods. These include defining the problem, spelling out the requirement, documenting and analyzing existing resources and assets,

25 performing replacements and applying updates, and adding minimum new equipment and applications. Because the problem is clearly defmed, designers can use surveys and inventories of the existing equipment and services to focus the design. This focus can prioritize the solution based on replacing obsolete equipment and assets. Upgrading the applications and equipment is another aspect of this design method. Preserving the client's equipment investments and operational processes is paramount to the solution design. The rule of thumb in using this methodology is to add new equipment only when necessary. Designing a new network further reduces these steps to defining the requirements, developing a point-by-point solution for each requirement component, solution costing, and acceptance and implementation. These steps focus exclusively on client requirements and restrictions, and there may not be any equipment or applications to draw from. Business processes may be in place as manual or standalone services. In the case of a requirement-driven design, the requirement becomes the baseline that drives the design. This process is best implemented by breaking the requirement into component parts, developing and testing individual solutions before they are amalgamated into a network. In this scenario, the process flow is nearly the same as that of the scientific method, but because the requirement is clearly defined and can be directly resolved, multiple reviews and feedbacks are unnecessary.

26 h ; Pmb$mr b ' J Rsquiit t' * Suggested Solution Model C Figure 2-3. The Design Flow Process 2.4 Project Requirements The three major requirements like hardware, software and other requirements play an important role in developing or completing the project. The types of requirements are as list at below.

27 2.4.1 Hardware Requirement(s) i. Desktop computer Software Requirements i. Microsoft Windows XP ii. Microsoft Visio: Designing Laboratory Logical and Physical layout. iii. OPNET - Simulation on design layout Other Requirements i. Internet Access ii. Full access to published paperfthesis on internet (research) The other requirements or facilities are needed to make the project going smoothly. Project facilities such as printer to print the supportive articles and documents related to the project, handy drive to save the data in a more large storage other then diskettes and discussion room to meet supervisor in order to obtain advice along with discussion of matter that related to the project. The projector is also needed in order to help explaining the project to the lecturers during the final presentation. 2.5 Project Schedule and Milestones Work Breakdown Structure (WBS) is a deliverable-oriented grouping of the work involved in a project that defined the total scope of the project. The WBS is a foundation document in project management because it provides the basic for planning and managing project schedules, costs, resources and changes. Each descending level