Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

NETWORK DESIGN FOR BANK

No description
by

Soon Kit Tan

on 28 August 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of NETWORK DESIGN FOR BANK

NETWORK DESIGN PROPOSAL
FOR BANK

Online Banking Application Server
TM hosts the online banking application and network components which include:
the institution's website
Internet banking server
firewall
Intrusion detection System
Management & board remain in control of the content, performance, and security of the online banking system.
Types of Firewalls
in our Banking Networks Design

Static Packet Filter Firewall
Filter network traffic
Stateful Inspection Firewall (SIF)
Allow only traveling of packets that are matching a known active connection
Proxy Firewall
Store and filter the network traffic on the proxy

Intrusion detection system (IDS)/ Intrusion prevention system (IPS)
analyze network traffic and match patterns to identify malicious activity.
monitor both the traffic that is allowed in through the firewall and the traffic leaving the network

Requirement Analysis &TCP/IP Network Planning Of the Bank
INTERFACE OF HEAD OFFICE

How do we improve performance of banking network through WAN design ?
Lease communications circuits from main communications carrier, TELEKOM MALAYSIA
A hybrid of P2P networking and client-server computing model (Increase Data transfer efficiencies among users)
WAN OPTIMIZATION
Overcome the weakness of no visibility or control of banking network
Overcome bandwidth issues
reshape employees' recreational traffics
set maximum thresholds
give priority to business or banking applications
How do We connect main office with branch offices?
Connected through
Branch Office layout

All the data received will be transferred to main office's database
Only one powerful machine is required
Rest machines are thin clients, Linux Desktops, other browser based machines
Minimum requirements
-High speed internet connection
-Estimated Traffic Volume (100users)
Core network Components:
router, firewall, and switch
First gateway to control access to the servers
Network gateway cannot be replaced/reconfigured by imposters
They act as the front-line gateway that protect network devices and data to be forwarded/received
Switch
Router
Firewall
Hosted by Telekom Malaysia Berhad
Reasons of a combination of internal and outsourced solutions in delivering online banking services
Cost-effective
Technical support from reliable IT company
Trustworthy technology service providers
Easy to manage daily administration of the system
Third-Party Provider
Hosted Online Banking Diagram
Customer
Phone
Wireless
Broadband
Customer ISP
Internet
Vendor ISP

Firewall / Router
Website Server
(Host-based IDS)
Network
Network
Firewall
Firewall
Internet Banking
Server
(Host-based IDS)
Provider's
Network
Transactions & Account balance Updates
Core banking System
First Phase - Designing the Network
No. of machines the bank's network can support:
100 users (each branch office), 200 users (main office)
Type of network media used:
Ethernet/FDDI (LAN)
Copper Media/Fiber Optic Media/Wireless (WANs)
Network Topology:
Star/Mesh Topology configured in Wireless Networks
Hardware plan:
cable & DSL modems
Wireless - satellite modem / Wireless modem
cable connections-coaxial lines
Fiber optics cables
Gateway router
2nd Phase - Setting up an IP Addressing Scheme
Network class applied: IPv4
Reasons why IPv4 is chosen:
IPv4 still carries more than 96% of Internet traffic worldwide as of May 2014
Take the potential transition from IPv4 into IPv6 in the future into consideration
IP Addressing Scheme Used for the Bank Network we design:
Phase 3 - Naming Entities on the Bank Network
Names assigned are used for initial set up in the network
For expanding the network through routers or PPP( Point-to-point protocols)
Easier for users to identify the machines and servers in the network
Name Service selected: DNS ( Domain Name System)
Anti-phishing and anti-spam mechanism
(at application server)
Privacy mechanism (helps hide internal network topology)
`
Network Topology
BANK CENTER NETWORK
SNA Server
TCP/IP
Router
PSTN/
ISDN
ATM
Terminals
Branches
Value added Services
The bank service center uses router to connect subordinate branches via main line DDN (Digital Data Network) and the backup line PSTN/ISDN
The bank branches use router to connect to the terminals and ATMs
Fast Ethernet interface of router is used for the connection with other PC hosts, hence to provide value-added services
Virtual Private Network (VPN)
provide a secure remote connection for a host outside a private network by using the Internet to connect.
Secure the remote connections for employees or vendors to protect bank's customer’s Information.

HTTP SECURE
(Hypertext Transfer Protocol Secure)

Layering the HTTP on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications.
HTTPs
SSL is encryption that creates a secure environment for the information being transferred between the client’s browser and the Bank .
SSL Protocol in Online Banking
*SSL -Secure Sockets Layer (SSL)
*TLS-Transport Layer Security (TLS)

Browser
Bank Server
send a message via SSL
responded by sending a certificate
The certificate contains the bank's
public key
authenticate the certificate &
generate a random session key
the random session key is used to encrypt data traveling between the browser and the bank’s server
This session key is encrypted using the bank’s public key and sent back to the bank server.
The bank decrypts this message
using its private key
Computer Network and Internet Computing
BCN 2314
TAN SOON KIT 1121117334
BENJAMIN KWAN WENG HEI 1112703169
CHIN JUN WEI 1112701101
TAN CHUNG MING 1102701387
Full transcript