Franske ITC-2900 SP14 Possible Projects: Difference between revisions

From ITCwiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 106: Line 106:
* OpenNAC
* OpenNAC
* FreeNAC
* FreeNAC
You may research and evaluate other programs/devices as well. Strong preference should be given to free and open source packages as we are a resource constrained department.
===Deliverables===
* Design and implement a test network environment
* Research a variety of options and select a minimum of three promising configurations for testing
* Develop criteria for evaluating the options
* Build and test a minimum of three solutions
* Develop a recommendation on the best choice based on department constraints
* Prepare a written whitepaper and oral presentation detailing the process, criteria, results, and recommendation
==Network Intrusion Prevention==
===Introduction===
The Inver Hills ITC department has an academic, demonstration, and research network ("ITCnet") which is currently protected by pfSense firewalls. Further protection might be possible by implementing a Network Intrusion Prevention System (NIPS) on the network. There are a number of free solutions available to us including Cisco ASA devices we already own and numerous open source IPS programs but not all may work for our network. In particular we are early adopters of IPv6 and not all IPS products are IPv6 ready. Your mission will be to evaluate IPS packages for suitability in our environment giving special attention to open source or free solutions which we can implement in our resource constrained environment and which can be easily managed through GUI/web tools and offer consolidated reporting and event monitoring capabilities.
===Resources===
Options you may want to evaluate in this space are:
* Snort
* Suricata
* Bro
* OSSEC
* Cisco ASA and IOS IPS
* Snorby GUI
You may research and evaluate other programs/devices as well. Strong preference should be given to free and open source packages as we are a resource constrained department.
You may research and evaluate other programs/devices as well. Strong preference should be given to free and open source packages as we are a resource constrained department.
===Deliverables===
===Deliverables===

Revision as of 21:43, 14 January 2014

Available Projects

Logfile Collection and Analysis

Introduction

The Inver Hills ITC department has an academic, demonstration, and research network ("ITCnet") which is comprised of a number of physical and virtual hosts running various operating systems including several versions of Windows server and desktop, several Linux distributions, vmWare host servers, and BSD along with network devices from Cisco and HP. In an effort to better understand and track what's happening on this network a number of monitoring tools have been implemented over the past year including Nagios and Cacti which can poll SNMP and service availability data from these various systems and devices. We'd like to take this to the next step by centralizing log file collection and analysis and allowing us to use a single program or web portal for viewing log events across all these devices.

Resources

Software programs you may want to evaluate in this space are:

  • Software 1
  • Software 2
  • Software 3

You may research and evaluate other programs as well. Programs should be able to collect logs from our wide variety of host OSs and devices for central monitoring. Strong preference should be given to free and open source packages as we are a resource constrained department.

Deliverables

  • Design and implement a test environment for logfile collection and analysis which includes the wide variety of hosts and network devices which may generate logging
  • Install and test a minimum of three logfile collection and analysis packages
  • Develop criteria for evaluating the packages
  • Develop a recommendation on the best choice based on department constraints
  • Prepare a written whitepaper and oral presentation detailing the process, criteria, results, and recommendation

SAN Benchmarking

Introduction

There are a number of different schemes for connecting remote storage to hosts over a network infrastructure. In this project you will setup and benchmark several popular methods of doing this and report on the results. The primary SAN technology you will be working with is iSCSI. The SAN servers, referred to as iSCSI "targets", may be Windows servers, basic Linux servers, or specialized SAN servers or devices. Furthermore these may be configured as direct block access to a physical device such as a hard drive or as a virtual hard drive file residing on top of a physical drive and filesystem. The clients, referred to as iSCSI "initiators", may be vmWare servers, Windows servers or desktops, or Linux servers or desktops. As you can see there are many variables which can exist in even a simple iSCSI system. Your job is to setup a number of different configurations and benchmark them for ease of setup, speed, and other factors which you determine and report on the results.

Resources

  • ITC Department FreeNAS SAN Server
  • Windows Storage Servers
  • Client Servers/PCs
  • ITCnet network backbone
  • Possible vendor SAN hardware

You may research and evaluate other programs as well.

Deliverables

  • Design and implement a test environment for iSCSI which includes a variety of initiators and targets
  • Develop criteria for evaluating iSCSI performance and define test environment, benchmarking software and settings, etc.
  • Prepare a written whitepaper and oral presentation detailing the process, criteria, and results

Virtualization Orchestration

Introduction

Infrastruture-as-a-Service (IaaS) virtualization is heavily used by the ITC department for offering academic courses. Our current primary solution is vmWare ESXi hypervisors with vCenter orchestration which provides a GUI for provisioning of VMs and administration of hypervisor servers. We would like to evaluate alternative virtualization environments, particularly the orchestration of hypervisors in case vmWare changes pricing in such a way that we can no longer afford to operate using ESXi and/or vCenter. There are a number of open source virtualization platforms which are potential alternatives.

Resources

Hypervisors:

  • vmWare ESXi
  • Hyper-V
  • Xen
  • KVM

Orchestration:

  • vCenter
  • CloudStack
  • OpenStack
  • OpenNebula
  • Eucalyptus
  • ProxMox
  • Convirture

You may research and evaluate other programs as well. You will need to evaluate differences between programs including working with different types of storage (e.g. iSCSI), advanced networking (e.g. VLAN support), backup capabilities, and live migration of VMs (e.g. vMotion). Strong preference should be given to free and open source packages as we are a resource constrained department.

Deliverables

  • Research a variety of options and select a minimum of three promising configurations for testing
  • Develop criteria for evaluating the packages
  • Design and implement a test environment
  • Install and test a minimum of three solutions
  • Develop a recommendation on the best choice based on department constraints
  • Prepare a written whitepaper and oral presentation detailing the process, criteria, results, and recommendation

Dual WAN Internet Access

Introduction

Cable and DSL connections have made "high-speed" broadband Internet access a reality for a growing number of people. Many small business and non-profits rely on cable and DSL for Internet service instead of expensive "business class" telecommunications circuits of the past such as T1 and T3 lines. Especially in rural Minnesota organizations like these can still have problems when distance and service limitations put restrictions on the type and bandwidth available over these "high-speed" connections. A few users uploading photos or streaming video can easily overwhelm a 512kb/s DSL line. In situations like these the obvious solution is to bring in a second line from the same provider, but how then do you divide the network traffic between these two Internet connections equally while still keeping your internal network united? This project will explore and test various methods, programs, and devices to determine if this is possible and what advantages and disadvantages exist (including cost) in achieving the maximum possible speed.

Resources

  • Cisco Routers
  • Linux Routing
  • OpenWRT
  • pfSense

You may research and evaluate other programs/devices as well. Many dual-WAN solutions require that the two WAN IP addresses be in different subnets (e.g. two different upstream default gateways) remember than you may not have this luxury if the only Internet connection available is from a single DSL provider. Your solution will need to test and evaluate how to work around this problem.

Deliverables

  • Design and implement a test network environment which mimics a dual DSL configuration
  • Research a variety of options and select a minimum of three promising configurations for testing
  • Develop criteria for evaluating the options
  • Build and test a minimum of three solutions
  • Develop a recommendation on the best choice based on constraints
  • Prepare a written whitepaper and oral presentation detailing the process, criteria, results, and recommendation

VoIP, Security Systems and Analog Devices

Introduction

Many businesses and individuals are transitioning to VoIP systems in an effort to reduce costs and increase flexibility. One area which is often forgotten about are the numerous devices around the home or business which rely on the voice bandwidth of traditional POTS lines for communications. These often include things such as credit card terminals, fax machines, computer modems, and security systems. This project will explore how to make these types of devices function over VoIP networks with varying amounts of available bandwidth. In addition you will explore using VoIP to extend existing POTS lines over an IP network to these types of devices.

Resources

  • Cisco Routers w/ FXS/FXO cards
  • Standalone ATA FXS/FXO devices
  • CUCME/CUCM Software
  • Asterisk VoIP PBX Software
  • Modems
  • POTS Lines

You may research and evaluate other programs/devices as well.

Deliverables

  • Design and implement a test network environment which mimics an analog modem based device communicating via VoIP
  • Research a variety of options and select a minimum of three promising configurations for testing
  • Develop criteria for evaluating the options
  • Build and test a minimum of three solutions
  • Develop a recommendation on the best choice based on constraints
  • Prepare a written whitepaper and oral presentation detailing the process, criteria, results, and recommendation

Network Access Control

Introduction

The Inver Hills ITC department has an academic, demonstration, and research network ("ITCnet") which uses network devices from Cisco and HP and supports a number of virtual machines, hosts, and devices including Windows, Linux, Android, iPhone, and more. Network ports are not physically securable but it may be possible to improve security on this network by implementing some type of Network Access Control (NAC) which restricts access to network resources until a user authenticates to the network. Users on our network are stored in an Active Directory system which is also accessible through LDAP and RADIUS methods. Your task will be to explore what options exist for network access control and to test and evaluate several of those options.

Resources

  • Cisco Switches
  • HP Switches
  • Wireless APs and Controllers
  • Windows Server / Active Directory
  • PacketFence Open Source NAC
  • Microsoft Network Policy and Access Services
  • OpenNAC
  • FreeNAC

You may research and evaluate other programs/devices as well. Strong preference should be given to free and open source packages as we are a resource constrained department.

Deliverables

  • Design and implement a test network environment
  • Research a variety of options and select a minimum of three promising configurations for testing
  • Develop criteria for evaluating the options
  • Build and test a minimum of three solutions
  • Develop a recommendation on the best choice based on department constraints
  • Prepare a written whitepaper and oral presentation detailing the process, criteria, results, and recommendation

Network Intrusion Prevention

Introduction

The Inver Hills ITC department has an academic, demonstration, and research network ("ITCnet") which is currently protected by pfSense firewalls. Further protection might be possible by implementing a Network Intrusion Prevention System (NIPS) on the network. There are a number of free solutions available to us including Cisco ASA devices we already own and numerous open source IPS programs but not all may work for our network. In particular we are early adopters of IPv6 and not all IPS products are IPv6 ready. Your mission will be to evaluate IPS packages for suitability in our environment giving special attention to open source or free solutions which we can implement in our resource constrained environment and which can be easily managed through GUI/web tools and offer consolidated reporting and event monitoring capabilities.

Resources

Options you may want to evaluate in this space are:

  • Snort
  • Suricata
  • Bro
  • OSSEC
  • Cisco ASA and IOS IPS
  • Snorby GUI

You may research and evaluate other programs/devices as well. Strong preference should be given to free and open source packages as we are a resource constrained department.

Deliverables

  • Design and implement a test network environment
  • Research a variety of options and select a minimum of three promising configurations for testing
  • Develop criteria for evaluating the options
  • Build and test a minimum of three solutions
  • Develop a recommendation on the best choice based on department constraints
  • Prepare a written whitepaper and oral presentation detailing the process, criteria, results, and recommendation

Taken Projects

All projects are currently available.