MINISTRY OF EDUCATION AND TRAINING HO CHI MINH CITY UNIVERSITY OF TECHNOLOGY AND EDUCATION FACULTY FOR HIGH QUALITY TRAINING GRADUATION THESIS COMPUTER ENGINEERING TECHONOLOGY DESIGN OF A NETWORK FOR STANDARD AND SMALL-SIZED ENTERPRISES ADVISOR: ME LE MINH STUDENT: LE DUY BINH NGUYEN AN LONG AN SKL010584 Ho Chi Minh City, December, 2022 HO CHI MINH CITY UNIVERSITY OF TECHNOLOGY AND EDUCATION FACULTY FOR HIGH QUALITY TRAINING GRADUATION PROJECT DESIGN OF A NETWORK FOR STANDARD AND SMALL-SIZED ENTERPRISES LÊ DUY BÌNH Student ID: 18119006 NGUYỄN AN LONG ẨN Student ID: 18119004 Major: COMPUTER ENGINEERING TECHNOLOGY Ho Chi Minh City, December 2022 HO CHI MINH CITY UNIVERSITY OF TECHNOLOGY AND EDUCATION FACULTY FOR HIGH QUALITY TRAINING GRADUATION PROJECT DESIGN OF A NETWORK FOR STANDARD AND SMALL-SIZED ENTERPRISES LÊ DUY BÌNH Student ID: 18119006 NGUYỄN AN LONG ẨN Student ID: 18119004 Major: COMPUTER ENGINEERING TECHNOLOGY Advisor: M.E Le Minh Ho Chi Minh City, December 2022 THE SOCIALIST REPUBLIC OF VIETNAM Independence – Freedom– Happiness -Ho Chi Minh City, December 15, 2022 PROJECT ASSIGNMENT Student name: NGUYỄN AN LONG ẨN Student ID: 18119004 Student name: LÊ DUY BÌNH Student ID: 18119006 Major: Computer Engineering Technology Class: 18119CLA Advisor: LÊ MINH Phone number: _ Date of assignment: _ Date of submission: 25/12/2022 Project title: DESIGN OF A NETWORK FOR STANDARD AND SMALL-SIZED ENTERPRISES Initial materials provided by the advisor: Content of the project: Design and simulate a network for enterprises with departments of a maximum of 200 employees Main features of the proposed network are VLANs, an internal web and domain server, Firewalls, Internet connections, and site-to-site VPN connections Final product: Simulation of a network for standard and small-sized enterprises CHAIR OF THE PROGRAM (Sign with full name) ADVISOR HO CHI MINH CITY OF UNIVERSITY OF TECHNOLOGY AND EDUCATION FACULTY OF HIGH QUALITY TRAINING SOCIALIST REPUBLIC OF VIETNAM Independence – Freedom – Happiness Ho Chi Minh City, January 10, 2023 MODIFYING EXPLANATION OF THE GRADUATION PROJECT MAJOR: COMPUTER TECHNOLOGY ENGINEERING Project title: Design of a Network for Standard and Small-sized Enterprises Student name: Lê Duy Bình ID: 18119006 Student name: Nguyễn An Long Ẩn ID: 18119004 Advisor: M.E Lê Minh Defending Council: Council 2, Room: A3-404, 3rd January 2023 Modifying explanation of the graduation project: TT Council comments Editing results Note All citations have been updated Use appropriate citations to ‘Web Site’ and ‘Journal Article’ citations Head of Department (Sign with full name) d Advisor Students (Sign with full name) THE SOCIALIST REPUBLIC OF VIETNAM Independence – Freedom– Happiness -Ho Chi Minh City, December 3, 2021 PRE-DEFENSE EVALUATION SHEET Student name: Student ID: Student name: Student ID: Student name: Student ID: Major: Project title: Name of Reviewer: EVALUATION Content and workload of the project Strengths: Weaknesses: Approval for oral defense? (Approved or denied) Overall evaluation: (Excellent, Good, Fair, Poor) Mark:……………….(in words: ) Ho Chi Minh City, Dec 15, 2022 REVIEWER (Sign with full name) THE SOCIALIST REPUBLIC OF VIETNAM Independence – Freedom– Happiness EVALUATION SHEET OF DEFENSE COMMITTEE MEMBER Student name: Student ID: Student name: Student ID: Student name: Student ID: Major: Project title: Name of Defense Committee Member: EVALUATION Content and workload of the project Strengths: Weaknesses: Overall evaluation: (Excellent, Good, Fair, Poor) Mark:……………….(in words: ) Ho Chi Minh City, Dec 15, 2022 COMMITTEE MEMBER (Sign with full name) ACKNOWLEDGEMENTS To complete this report, we would like to express our sincere thanks to the advisor – Mr Le Minh for his dedicated and detailed guidance so that we had enough knowledge to apply to the report During the course project, although we have tried our best to complete it in the best way, it is difficult to avoid errors We look forward to our advisor's devoted help and guidance to help us gain more experience and complete this project in a better way Besides, we would also like to thank the classmates for their help and support to help the group complete this report well Finally, my team would like to wish Mr Le Minh and the classmates of the 18th class of Computer Engineering Technology good health, success, and happiness STUDENT COMMITMENT Our team hereby declares that this is our research work and is under the advisor Le Minh The research contents in the topic "Design of a network for standard and small-sized enterprises" of us are honest and the data in the tables for analysis is collected from different sources If we detect any fraud, we will take full responsibility for the content of our report Representative of the graduation project implementation group (Sign and write full name) Student Le Duy Binh Student Nguyen An Long An ● Destination: Destination address (do the same with VLAN10 and VLAN20) ● Gateway Address: Next hop address Figure 75: Static Route Configuration for PCs in the Branch Site 40 CHAPTER 4: RESULTS 4.1 LAN SERVICE RESULTS 4.1.1 Test the connection between PCs from departments and the internal server Beside the guarantee of the Internet connection inside the enterprise, it is also important to ensure the connection between PCs from departments and the server First, we use the PC from the Sales department to connect to the server which has the address 192.168.30.3 with the command ‘ping 192.168.30.3’ Below is the result: Figure 76: Sales’ PC Connected to the Server Next, we use the PC from the HR department to connect the server which has the address 192.168.30.3 with the command ‘ping 192.168.30.3’ Below is the result: Figure 77: HR’s PC Connected to the Server Finally, we use the server to ping back to PCs in departments 41 Figure 78: The Server Connected to PCs The network has been successful in ensuring that PCs connect to the server and vice versa 4.1.2 Test the domain of the enterprise and its policy After joining the enterprise domain, all the users’ accounts must follow the policies that the server has implemented Figure 79: User after Joining hcmute.local Domain According to the policies for password that we already set, the user will be locked out for 30 minutes if the user tries to log-on and fails three times Figure 80: Account Has Been Locked out As a result, we can see that the server has done a great job in managing users’ accounts 4.1.3 Test local website of the enterprise 42 The enterprise has a local website for every user in the HCMUTE domain to search for it Users can type http:/www./hcmute.local to reach the local website Figure 81: Local Website of the Enterprise In the image above, we can see that the server has hosted a local website successfully in the HCMUTE domain PCs from three departments are now able to reach the local website 4.1.4 Test the redundant plan of the firewalls To ensure that the network is still working normally when a firewall is under attack, we will test the high availability by turning off the primary firewall Figure 82: First Firewall Turned off Now, we can see that the back-up firewall has been still working as the primary firewall, all activities in the primary firewall such as firewall policies, are now sync to the back-up firewall Figure 83: All the Policies Have Been Synced 4.2 INTERNET SERVICE RESULTS 43 4.2.1 Test the Internet connection of the network To test computers from all departments are all able to connect to the Internet successfully, we will use PCs and the server of the enterprise to check We will first use the PC from the Sales department to connect the Internet by pinging ping 8.8.8.8 command Figure 84: Sales’ PC pinged 8.8.8.8 successfully Next, we will use the PC from the HR department to ping 8.8.8.8 command Figure 85: HR’s PC pinged 8.8.8.8 successfully Finally, to make sure that PCs can browse on the Internet We will try to browse Youtube.com 44 Figure 86: PCs used the Internet successfully 4.2.1 Test VPN site to site between PCs in SITE-A and PC SITEB We will start testing VPN site to site for the enterprise in case the director wants to expand more branches, PCs in the branch site will be able to reach PCs in the head office site including PCs in three departments, the server, and vice versa First, start testing the connection between the PC in the head office site and the PC in the brand site We use the PC from the Sales department with the IP address is 192.168.10.1 to connect the PC from the branch site with the IP address is 172.16.30.2 and vice versa Using the ping 172.16.30.2 command for the Sales’s PC and ping 192.168.10.2 for the PC in the branch site ● Test the connection between the PC in the head office site and the PC in the branch site Figure 87: The PC in the head office site reached to the PC in the branch site ● Test the connection between the PC in the branch site and the PC in the head office site 45 Figure 88: The PC in the branch site reached the PC in the head office site After testing PCs reached each other's site, it’s also essential to test the connection between the PCs in the branch site and the server in the head office site To ensure that PCs in the branch site can reach the server to exchange data, the PC from the branch site with the IP address is 172.16.30.2 connects to the server in the head office with the IP address is 192.168.30.3 by using ping 192.168.30.3 command for the PC in the branch site, and ping 172.16.30.2 command for the server ● Test the connection between the server and the PC in the branch site Figure 89: The server reached the PC in the branch site ● Test the connection between the PC in the branch site to the server Figure 90: The PC in the branch site reached the server 4.2.3 Manage and monitor users by ADAuditPlus After verifying the essential connections for the enterprise network, including the Internet connection, the connection between VLANs to the server, and the VPN siteto-site connection, the network will be operational Using the ADAuditPlus program, 46 execute user monitoring and administration on the Windows server When the program is accessed using the address localhost:8081, it will display information on the employees' activity Figure 91: Dashboard of Employee’s Activities Through the aforementioned findings, it can be shown that the server has successfully handled users from departments The server can determine which users have repeatedly failed to log in, resulting in their accounts being locked, as well as which accounts have been removed, modified, or created The ADAuditPlus software may also provide the administrator with a daily user activity report, such as the fact that just one account was locked on December 7, 2022, and the number of times the password was changed 47 Figure 92: Lockout and Change Password Activities The ADAuditPlus software will show exactly the name of the user, the time, the address of the department that the user failed to log on Figure 93: Logon Failures All the activities on the server will be also recorded, such as changing policies, creating new accounts or modifying accounts 48 Figure 94: Policies Change Record 49 CHAPTER 5: CONCLUSIONS AND FUTURE WORK 5.1 CONCLUSIONS After finishing the project of “Design of a network for standard and small-sized enterprises”, we can draw the conclusions as below: ● The network is monitored by ADAudit Plus which is able to track the log-on and log-off events of the employees, the policy changes on the server, and show the alerts ● PCs from three departments can reach the server and also the local website of the enterprise ● The redundant plan for firewalls works properly, when one of two firewalls is down ● Two internet connection lines work stably ● VPN service works properly ● The interface of EVE-NG, Fortigate Firewall, ADAudit Plus are easy to use 5.2 FUTURE WORK Beside configuring main and necessary functions such as static route and policies for PCs, we should configure some policies to block some harmful services from the outside of the Internet, and some services that employees can access due to the development policy of the enterprise on Fortigate Firewall On ADAudit Plus, we can implement more functions such as: track the actions impact on files, track the employees browse what website 50 REFERENCES [1] H Minh, "Hiện Thực Hóa Khát Vọng Chuyển Đổi SỐ Của Việt Nam," 27 June 2021 [Online] Available: https://baochinhphu.vn/hien-thuc-hoa-khat-vongchuyen-doi-so-cua-viet-nam-102284478.htm [2] "Local-Area-Network," 24 April 2021 [Online] Available: https://thietbikythuat.com.vn/wpcontent/uploads/2021/04/Local-AreaNetwork.jpg [3] "Mạng VLAN gì? Hướng dẫn cấu hình VLAN Switch?," August 2020 [Online] Available: Available: https://viettelco.net/mang-vlan-la-gihuong-dan-cau-hinh-mot-vlan-tren-switch [4] "Port-based VLAN configuration example," [Online] Available: https://techhub.hpe.com/eginfolib/networking/docs/switches/3100-48/59987639r_l2-lan_cg/content/442449802.htm [5] "Protocol-based VLAN configuration example," [Online] Available: https://techhub.hpe.com/eginfolib/networking/docs/switches/5120si/cg/59988489_l2-lan_cg/content/436042635.htm [6] "MAC-based VLAN configuration example," [Online] Available: https://techhub.hpe.com/eginfolib/networking/docs/switches/3100v2/59985991s_l2-lan_cg/content/450465764.htm [7] Williams, "What is VLAN? Types, Advantages, Example," February 2020 [Online] Available: https://www.guru99.com/vlan-definition-typesadvantages.html [8] N L., "Tự Học CCNA Bài 6: VLAN, Trunking, VTP - ITFORVN," 31 August 2017 [Online] Available: https://itforvn.com/bai-6-vlan-trunking-vtp.html/ [9] Lâm, "Giới thiệu High Availability," 14 August 2017 [Online] Available: https://vnpro.vn:443/thu-vien/gioi-thieu-ve-high-availability-2412.html 51 [10] "How to create GRE tunnel," 09 July 2021 [Online] Available: https://www.heficed.com/kb/cloud-hosting/create-gre-tunnel/ [11] Fortinet, "Benefits of VPNS: Advantages of Using a Virtual Private Network," [Online] Available: https://www.fortinet.com/resources/cyberglossary/benefitsof-vpn [12] H O A H B S A H A.-O N N Afnan Binduf, "Active Directory and Related Aspects of Security," IEEE, 2018 [13] G J, "Domain Name System (DNS)," 10 January 2022 [Online] Available: https://learn.microsoft.com/en-us/windows-server/networking/dns/dns-top [14] "What Is IIS (Internet Information Services) and How Does It Work?," [Online] Available: https://www.solarwinds.com/resources/it-glossary/iis 52 DESIGN A NETWORK FOR STANDARD AND SMALL-SIZED ENTERPRISES 53 S K L 0