Constraints to be Followed for Building a Network

It's not a big deal to build a network. But it is a deal to build. The network administrators and managers always make a vivid documentation of their network. This documentation is done before, during,  and after building the network. Consult either a Chartered Accountant or a Network Administrator to get the importance of Documentation. This post is a theory on the application, but we network guys should make it as an application of theory. So, let's not waste time and know some basic constraints to be followed for building a network. 1) Budget : The formulation of the overall budget is important.Not even a billionaire builds his network on all public IP addresses. Every thing we buy must satisfy the budget considered. 2) Topology : The topology of our network is the arrangement of nodes in our network.We must make sure that our network has some redundancy in it.Every topology has its own limitations.For example in a pure bus topology, if there is a failure at some link, then the left half can't communicate with the right half. In star topology, there is a single point of failure. In pure mesh topology, there is cost constraint which smashes our head. So, we must carefully select the hybrid topology by analyzing the best that suits our network.  3) Connection type : Wired+Wireless(Hybrid) 4) Cables,Connectors and Media converters : Choose appropriate cables based on the network speed , type and compatibility.Make sure that you use appropriate connectors for corresponding cables. Optical fiber has different connectors and co-axial has different and Ethernet has different.Also make sure the connection standard employed - T568A or T568B. Use appropriate media converters to convert from one media to other; say Multi-mode fiber to Single mode and vice-versa,and fiber to co-axial etc... 5) Patch panels : Use patch panels to simplify the network maintenance. 6) Network Devices : Try buying your network stuff of same company. Same company devices communicate better when compared to inter-company device communication. The proprietary protocols of one company may not be used by other.  7) Demarcation point : It is the point at which transfer of authority takes place.Your ISP has authority till the demarc point and from there it is the company's or building's authority. If anything goes wrong inside your end of demarc point and you call the ISP to solve that issue,then get ready to pay all his travelling and other expenses.  Sometimes your demarc point might be somewhere in your street and you can extend it till your location at a cost.Hmm!! Nothing comes free of cost. This is called Demarc Extension.    8) Main Distribution Frame(MDF) and Intermediary Distribution Frame(IDF) : MDF is the main network from which the backbone cabling or vertical cabling is done to connect to the IDF. For example, MDF can be the core switch from which cabling called the backbone/vertical cabling is done to connect other IDF switches on different floors in a building. The cabling from IDF switches to the nodes is called Horizontal Cross connect.   9) Load balancers : If you are building an enterprise network with multiple servers serving,then you can use load balancer to distribute the load to prevent a single server from bottlenecked with traffic. 10) Content Filters : If you are serious about your work,then you can use content filters which filter the content based on urls or other rules specified. These filters can be Software installed on client machines or can be a Hardware such as gateway route doing the filtering or can be a cloud service. 11) VPN concentrator: If you wanna connect to your network from any point on the globe, then you have to install a Virtual Private Network(VPN) concentrator at the start point of your network. This allows you to connect to your network remotely through a  secured tunnel which encrypts the traffic.To do so you need just a VPN software installed on your device and set a password to connect to the concentrator.  12) Uptime : The total time your network will be up and high. It is represented in percentage.If a company has uptime of three 9's,it means that the company has 99.9% uptime                         (Down time for 99.9% uptime is 8.76 hours per year). Higher uptime is preferable.Many companies, educational institutions use secondary internet from another ISP, power back up and other back up sites to elevate their uptime.    13) Service Level Agreements(SLAs) : These are the agreements signed by an ISP promising the content in the agreement. For example your broadband internet has a speed of                                     70Mbps but you are just getting 10 Mbps, then you can sign an SLA with your ISP in which he guarantees the speed upto 50Mbps.  14) Monitoring System logs : Your enterprise network must maintain servers which monitor Event logs,Audit logs, Security logs and Access logs.  15) De-Militarized Zone : The zone between the firewall at the gateway level connecting to the ISP and your private firewall in which other nodes are connected is called a Demilitarized zone. This zone has some servers which have to be connected to the  internet as they need to be accessed publicly. 16) Intrusion Detection System(IDS) : Make sure that your network has a combination of Host-based,Network-based, Behaviour-based and Signature-based IDS installed. Make sure you also have an Intrusion Prevention System(IPS). 17) Firewall : The first protection layer at connection with your ISP. Any traffic coming into your network has to pass through this Network-based firewall. Make sure that your clients also have firewalls at the host level. 18) SNMP and Traffic Analyzing : Use Simple Network Management Protocol(SNMP version 3) to manage your network. Use Traffic analyzing softwares and protocol analyzers to keep an eye on the traffic flowing in your network. To monitor internal traffic, you can employ Port-Mirroring technique in which all ports are mirrored to one port in which traffic can be analyzed.  19) Network Access Control(NAC) : This includes Posture Assessment in which your client machines are checked for certain requirements and if they fail to meet them you don't provide access to the network but instead connect them to a network which has a Remediation Server which helps get the machine meet the requirements specified. For example, making sure that all clients have updated version of anti-virus running on them and if not get it updated through Remediation Server and then connect.The other way is using 802.1x protocol which is an IEEE standard which provides port based authentication mechanism.  20) AAA Server : Authentication, Autherization and Accounting Server which does the jobs as the name suggests. We make sure that we have this in our network. 21) Compatibility : Compatibility is one of the main reasons for creating issues in your network. Make sure that your access points,cables and other stuff are all compatible with the corresponding devices you use. Speed mismatch and Duplex mismatch also cause problems in your network. Make sure that the standards used by access points and frequency supported matches to your device. So, we need to be aware of all these things. 22) Awareness : We conclude with this important topic.We need to be aware of troubleshooting methodologies, techniques, and commands.We need to be aware of malware, adware,  spyware, botnets, rootkits, logicbombs etc...We need to be aware of attacks like Man In The Middle(MITM), Denial Of  Service(DOS), Distributed DOS(DDOS), Spoofing, Session Hijacking, Injection attacks, Cookie stealing etc...We need to be aware of Social engineering attacks like Phishing, Vishing, Tail Gating, Shoulder Surfing, Hoax, Whaling, Dumpster Diving etc...If you have wireless connectivity make sure that you watch out for threats like War Driving, War Chalking, Rogue Access Points, Evil Twins etc....We should maintain solid security mechanisms to protect our traffic and deploy honeypots and honey-nets if you want to trap the attackers. The CIA triad - Confidentiality, Integrity and Availability has to be checked for its perfection for the network you build.