COIT20264: Networks and Information Security Project Final Report Network Security for Education Platform CQUniversity, Australia
COIT20264: Networks and Information Security Project
Network Security for Education Platform
Date: 12th October 2020. 11:45 PM
Table of Contents
Covid-19 pandemic developed some dire circumstances, which has restricted the roaming activities in the streets of people. Additionally, this pandemic is also affecting almost every sector of the country and causes a financial crisis for some countries as well. One such industry is education, which was severely affected, and students are not able to attend the classes. Additionally, the faculties are not able to deliver the levels, and students are not able to continue their studies. Therefore, some schools are launching a learning management system to facilitate students to study their current course. However, there are some schools, which are facing issues to establish a learning management system for students due to financial limitations. Thus, the government decided to facilitate the LMS platform to help all the students to continue their course study without getting much affected. Therefore, the foremost purpose of this report is to proffer a learning management system for the government in order to facilitate all the schools, which are not financially strong. With this one project, the government expected to cover almost all the rural and urban schools to promote education services with effective learning way for students.
In the report, a solution is proffered to the government to have a learning management system to support educational services. The main issue, which could be faced, is the configuration of the cloud platform to keep the learning management system and the maintenance protocols management to maintain the LMS availability. Additionally, the issues were faced in performing the penetrating testing as there are different tools that provide services to test the network based on crucial factors such as scalability, security, etc.
The main deliverables in this report are proof of concept, in which the practical implementation of a learning management system is done to facilitate the students to access their online resources. Another significant feature that will focus on deploying in the LMS is video conferencing, live streaming of 4k video, AR or VR, and an automated attendance system, which develops effective solutions for students to continue their educational course. I have learned lots of things in the project development as I had gained the information of cloud configuration and learned the essential modules, which will be beneficial for the development of LMS for the organization. Thus, this report is covering a deployment procedure for the learning management system, which will make educational resources available for students 24×7.
Covid-19 pandemic has been spreading at a rapid pace and affecting the different sectors of Australia. Almost all the people of Australia are affected due to the unpredicted event of the Covid-19 pandemic. One of the most affected sectors due to Covid-19 is an educational organization due to which the schooling process is interrupted, and students are not able to pursue their courses. Thus, to continue the education courses of all students, the schools have decided to deploy an effective learning management system, with which faculties are able to add their resources to help the students to pursue their studies further.
In Australia, there are many schools that are already running the mixture of appropriate platforms such as Moodle, video conferencing, Microsoft teams, etc. to provide the teachings to their students. However, there are some schools, which are not financially strong and have limited resources for deploying the practical solution for students to enable them to continue their curriculum. Additionally, some of the schools are struggled to develop learning management system because their infrastructure is mostly available in the region, which has low socio-economic status. As compared to this, LMS of some schools has forced transition demonstrated shows that delivering of resources to students via online medium is possible and dynamically opened effective solutions to deal with resources and activities. With the several advantages observed by the education department, the state government has decided to deploy effective LMS solution for all the schools, which has limited resources to provide online education. Thus, the government aimed to introduce LMS solution rapidly for schools present in rural and remote areas with no dedicated IT staff.
In the solution offered by IT staff, many components will be included in the project to deliver the effective solution. The solution will be upgraded with essential modules in order to increase the support to online services, which has been delivered to students at school. In the platform, video conferencing feature will be provided, which will allow 10’s or 100’s participants to interact simultaneously. Additionally, the platform will be enabled with AR and VR technology, which will allow faculties to create content and deliver to students. The system will be also integrated with an online attendance system through which students will be marked as present or absent by using technologies like NFC, Bluetooth etc. Moreover, this solution will help the schools to provide network facilities even after the scheduled hours i.e. 9.am to 3.00pm. Besides this, security and privacy are the major concerns in the network, so that effective strategies are required to deploy to prevent any attack on the system. Therefore, the main business requirement is to deploy the flexible learning management system to allow the schools to share resources among the students easily and providing the security to the portal is the technical requirement.
In terms of technology, the distributed systems will be utilized to distribute the traffic effectively to other networks to allow the individuals to access the platform simultaneously. The major advantage of using the distributed systems is that the network can be scaled easily and can connect multiple devices simultaneously to access the internet. Distributed systems is important for LMS because there are multiple systems, which will be going to access and a failure of network without distributed systems can halt all the services for users. Thus, it will be crucial to implement the learning management system based upon the distributed systems to avoid any failure or interruption in the network. Several characteristics of distributed systems are resource sharing, openness, concurrency, scalability, fault tolerance, and transparency. In the statement of work, a complete solution of learning management system will be configured, and will provide desired features such as video conferencing, 4k video content streaming, AR or VR creation and automated student management system configuration. Additionally, the network will be fully secured with appropriate security strategies to prevent any attack on the platform.
The final report is carving up the different parameters, which has been discovered useful for developing the learning management system. First section includes the discussion on the business analysis and further recommendation has been provided to brief suitable solution. Second section includes analysis of online network infrastructure and designed the logical network design to provide infrastructural setup of the organization with connected modules of cloud system to facilitate LMS for students. In the same section, addressing and naming scheme is created for the logical design, which is helpful for the designers to identify the location of devices within the network. Fourth section includes the vulnerability assessment and risk mitigation strategies. The section will elaborate the different vulnerabilities of cloud system that needs special focus in order to mitigate further to restrict any impactful activity on the network. Fifth section is elaborating the business continuity and disaster recovery plan in order to maintain the network workable, so that resources can be access effectively. Last section is proof of concept, in which LMS is demonstrated by configuring on Cloud platform and further performed the penetration testing to make system error-free.
Distributed system, also derived as distributed computing, is a collection of multiple components forming system, which are located at different locations and intends to communicate with other nodes in order to develop a single coherent system for all the end-users. The coordination mainly occurs with message passing technique and has characteristics such as non-dependency, no synchronization needed, and concurrency. The merit of distributed system is that it supports network to allow the connectivity for all the different users to access the network simultaneously and limits the impact of single node failure(van Steen & Tanenbaum, 2016). One of the most common examples of distributed system is web search as multiple keywords are entered on search bar and provides appropriate results according to text. It all happens due to presence of multiple nodes at different location and distributes traffic according to usage and maintains the network effectively. Enlisted all the characteristics of distributed system:
Resource Sharing: The distributed system is establishes effective resource sharing mechanism and helps to maintain the network availability. In distributed system, there are multiple nodes connected to single system and allows users to access single node without disturbing the existing functionality other nodes process. All the resources are effectively consumed as compared to traditional database due to which the performance of distributed system is improved.
Scalability: Another major characteristic of distributed system is scalability, which means multiple nodes can be connected to each other or single resource. It will made available the accessed resource to all the nodes, which currently accessing the platform(Cristea, Pop, Dobre&Costan, 2011). Thus, distributed system can be used to deploy the platform comprising of large number of nodes without impacting the functionality of other nodes.
Fault Tolerance:Distributed system is a collection of multiple nodes at various locations and accesses the available resources on the database. However, this system has a characteristic of fault tolerance, in which a failure of one node will does not affect the other nodes communication process(Sari &Akkaya, 2015).
Heterogeneity: Distributed system provides a single platform, in which various types of networks, hardware devices etc. can connect and communicate to each other. Thus, the users having different hardware devices and versions are able to connect with each other and can send information effectively.
Comparatively to distributed system, traditional database system is another platform to deploy the LMS network. But, it has many disadvantages which can cause an impact on the basic functionality of LMS network. As traditional database system provides a centralized database on which all the resources are stored and grants access further to different nodes(Paz, Veeramisti, Khanal, Baker & de la Fuente-Mella, 2015). However, the system does not have any capacities to handle large number of significant access to the server and can lead to the network failure. Thus, it can be concluded that traditional database system is not suitable in supporting the network functionality of LMS platform. In the further section, both the system’s comparison is made with each other to examine the best system for deploying the LMS network.
Comparison of the traditional system and distributed system:
In traditional system, client-server architecture will be followed to deploy LMS network, in which a centralized server is configured to store all the information. However, the major disadvantage of using the traditional system is that simultaneous access from different users to single resource can interrupt the network system because centralized platform lacks capability of handling large users at the same time(Sun, Zhang, Xiong& Zhu, 2014). Thus, it would be risky for designers to deploy the LMS network to configure the essential services for schools.
The primary requirement of the government was the development of learning management system for students to access the online resources. Thus, it can be examined that traditional and distributed system can be useful for deploying the network to support learning management system. There are assorted disadvantages of using traditional systems to deploy the platform as the centralized system will get affected badly when multiple users will access the server. Additionally, a single node failure in traditional system will impact the working of other nodes connected to system. Thus, the government could face problem when the network is developed with traditional system as number of schools are going to connect with platform. Example of centralized based platform is Wikipedia, which integrates search bar and displays appropriate results to users based upon entering the targeted keyword. Following are the benefits of using the traditional system for the LMS network:
· Less processes execution: Traditional system incorporates centralized platform to allow the users to access the database. Thus, all requests will be made to centralized system and requests will be proceed according to priority. However, the limited processes will take place to process the requests made by the different users because all the resources are stored at a single location and does not require fetching the data from the different location.
· Single Point of failure: All the communication of different nodes takes place via centralized node and provides resources according to requirement. But, failure of centralized system will remove the communication medium for other nodes to communicate with each other. Thus, LMS network will stop working due to failure of network if any unpredicted event occurs at centralized system.
Foremost purpose of the government is to deploy the LMS network to host necessary resources for all the students to continue their study. Additionally, the students are going to access the LMS network from different locations, which will significantly increase the traffic on the system. Thus, the LMS network with traditional system will restrict different user’s access to same resource simultaneously, which will not provide the desired platform(Januzaj, Ajdari&Selimi, 2015). Thereby, distributed system is considered as suitable system to incorporate features of LMS network to support the desired services for students. To understand working of distributed system, Google search engine model can be analyzed. In Google search engine, multiple servers are deployed at various locations such as India, USA, Canada etc. and provide search bar to research data according to requirement by entering the keyword. When the keyword, the appropriate resource is made available by Google to users and at same time, other location from another location is searching the content, which is also getting the results. Simultaneous access of two users will not affect the Google servers because many nodes are connected, which is creating a distributed system and made the network highly available for users. Therefore, it is recommended to deploy the LMS network on distributed system as it has following characteristics as well:
No Global Clock: in the distributed system, there is no integration of global clock, which means that users are able to access LMS network at any time with any device. The network will not be affected with simultaneous access and will help the government to make content available for students to pursue their course.
Controlling points:Distributed system is a huge network of nodes, which is providing the resources at different locations. In the network, multiple controlling points are configured through which modules can be controlled and can be configured appropriately without interrupting the other nodes working. This will be useful for LMS network because various schools are going to connect for online education service and require controls at different location in order to add content appropriately for different users.
In running the LMS network with distributed systems, many issues can be observed that will impact the overall process of development. Thus, appropriate strategies are required to limit the impact of issues on the LMS network. Following are the distributed system issues, which have the highest possibilities to occur on the network
· Transparency:One of the major issues is that distributed system comprises of multiple nodes stored at different locations and the users can’t be able to examine the source of data to get the results. Thus, the government needs transparency in the development process to examine all the existing locations, which are excessively used by the users across the world.
· Security:LMS network is going to access by multiple users, who have various devices and the management does not have knowledge regarding security strategies being deployed by users to secure their system. Thus, it can create vulnerabilities, which can be used by hackers to crack the platform to intrude the system. Therefore, appropriate security strategies should be recommended and utilized to ensure security along with privacy to LMS network.
· Failure Handling: Process to handle failures is difficult because the multiple nodes are connected to provide the services. But, a node failure does not impact other node functionalities. However, partial failures will occur and will be difficult for the government to handle and resolve in order to maintain the components working collectively to run the LMS network.
Theoretical Contrast of Distributed system to Cloud-based system:
One of the another systems available for configuring the LMS network is cloud system, which offers more services such as scalability, security, easy configure etc. In this section, the comparative analysis is made of distributed system to a cloud-based system to feature out benefits of cloud system. One of the finest advantages of using the distributed system is that data traffic is equally distributed across the nodes to maintain the network availability to the users(AlHakami, 2012). However, the major problem with distributed system is security because the management is not able examine the security strategies being deployed to protect the network against the attack. To resolve this limitation of distributed system, the cloud system was developed with advance modules to provide more features for developing LMS based network. Cloud system is considerable as the most preferred solution to configure LMS network as it proffers three different services such as SaaS, IaaS, and PaaS to add essential components according to the case study.For the purpose of achieving the higher output, the cloud system has appropriate strategies, which distributes traffic virtually to avoid any excessive traffic on single node. Thus, there are two systems i.e. cloud and distributed from which the LMS network can be developed with appropriate services. However, distributed system has an issue of security due to which the core feature of implementing privacy and security can’t be configured on platform. The difference of between cloud and distributed system is that the cloud offers infrastructural design, computing strategies etc. to configure the LMS network whereas distributed system is a conceptual system through which the network traffic can be directed to other nodes to maintain the network availability. The cloud system is considered as an advance version of any computing style, which further offers scalable and flexible solution to configure the desired platform. Additionally, the cloud system will be beneficial because it offers services based upon pay as go criteria, which means it is cost-effective and network can be developed according to resources are utilized by the network. Thus, it will be useful for LMS network because the processors required for computing system will be examined and will need to pay accordingly. In cloud system, there are various types of platforms are available, which can be used for deploying the platform for the government(Faisal, Ubaidullah&Alammari, 2017). Therefore, a proper analysis is required to initiate in order to evaluate appropriate platform for deploying the desired LMS network. As compared distributed system, the cloud system is more feasible because it has advance security strategies to prevent any attacks on the network and will provide CIA triad to ensure the privacy and security. Enlisted some of advantages of using cloud platform to develop LMS network:
|Security||The utmost requirement of the government is to ensure security and privacy for the students and schools. It is necessary to deploy appropriate security strategies to protect the network against unauthenticated access. In order to fulfill the security requirements, a cloud system comprises of advance security algorithms to implement on the network to prevent unauthenticated access. Additionally, customizable options are available to configure the network in order to filter the packets to block malicious content. Thus, the cloud system is beneficial for developing the LMS network.|
|Integrated modules||Cloud system is combination of various modules, which are coded with exceptionally with effective languages to support the services. The cloud system can be customized according to the requirement of the LMS network. Additionally, it allows few services of third party to integrate with its own services in order to enhance the overall functionality of the network. Thus, the network is fully functional to increase the capabilities of system to develop effective LMS network.|
|Scalability||Cloud system offers scalability, which means that many nodes can be connected with the system without disturbing the functionalities of other nodes. Thus, scalability feature will be suitable for this platform because many users are accessing the resources and will need to develop the network to make the data available for students to continue their course online.|
|Cost and Infrastructure free||Cloud system is a virtual space, which can be configured with setting up the infrastructure to run the services. Additionally, the cost of cloud system is very low and user needs to pay according to the resource utilization. Thus, cloud system for the government will be suitable to run the online learning management system for students.|
|No manual updates||In cloud system, the user does not require to monitor or update network manually as some of the services can be configured automatically to provide the access to different users. Additionally, the LMS network with be configured with essential service which requires regular updates. However, sometimes it is very difficult for the IT team to handle the network and configuring the essential services. Therefore, the configuration will be configured dynamically with the cloud system to run the services effectively in LMS network.|
Types of cloud computing platforms:
In cloud computing, there are assorted types such as Software as a service, infrastructure as a service, platform as service, which can be selected according to the network design to support LMS operations. In this section, all the three cloud computing platforms have been analyzed through which the network can be developed for an organization to support the services:
|Software as a service||SaaS stands for software as a service, in which the network design can be developed according to requirement and it costs as per the consumption of resources. This service is considered as suitable for the government’s LMS platform as it does not require any specific type of software on the hardware devices to run the services. To access the services, users all need to have internet connectivity and a web browser through which domain of cloud storage can be accessed to configure the essential services(Ahmed & Ashraf Hossain, 2014). The advantage of using this platform is that the users will not require installation of any infrastructure to support the services and will save the costs. However, there are several disadvantages also such as this platform lacks installation of other vendor’s modules to run the services and increases overhead due to which the network performance can be impacted badly.|
|Infrastructure as a service||In this platform, it is necessary to install the physical devices such as servers, PCs, laptops etc. to setup the infrastructure of cloud to run the services(R. &Borse, 2018). By deploying the infrastructure, the basic requirement of LMS can be configured by adding services simply via selecting and starting installation. Due to infrastructural setup, the government will require to document procedures to monitor and control the cloud infrastructure as non-IT people can’t be able to troubleshoot the network. Thus, appropriate strategies are required for non-IT people, so that network can be controlled easily to avoid any disruptions in services.|
|Platform as a service||For the cloud setup, platform as a service can be also used as it has flexible UI design for users through which customization can be done of the cloud network to configure the essential services for LMS. Third-party is fully responsible for providing the essential hardware and software for the services. Therefore, integration of such tools is done with the developer’s tools in order to configure and monitor the network completely. The major advantage of using the PaaS cloud system is that it provides pre-build tools, which led to easy deployment of infrastructure for LMS network. Additionally, it provides a framework to connect multiple services together, which can be used effectively to deploy the desired features to fulfill the requirements of LMS network(R. &Borse, 2018). However, the need of data security should be scrutinized because all the information will be going to store at offsite, which will be difficult for the government to ensure the security and privacy to all the schools and students.|
In the analysis, it can be determined that infrastructure as a service cloud system will be feasible for deploying the LMS network design. The infrastructure as a service will provide customization option through which the configuration of security modules can be done easily. Another major advantage of using IaaS is that the network infrastructure can be configured accordingly and can integrate multiple modules according to the requirement of LMS.
Security and privacy is the major concern of the government, which is going to focus in the deployment procedure of LMS network. So, this section will discuss three architectures, which are offered by IaaS platform to perform the desired configuration. In infrastructure as a service platform, the network will be configured with essential hardware devices, end users’ devices and other essential equipments to run the learning management system(Sundarakani, Kamran, Maheshwari & Jain, 2019). In the IaaS platform, the following are the three architectures, which are compared to each other by analyzing the different parameters to select the appropriate one for the network design development for LMS:
- Compliance: This term used to define the rules and regulations of government, which are required to be followed in order to develop appropriate network design to support LMS.
- Private cloud: Mostly, the private cloud is developed are personnel, but it is necessary for the organizations to develop private cloud according to rules and regulation defined by the government. The major concern of the government is security and privacy due to which all private organizations are required to follow the rules to deploy cloud to ensure security to users.
- Hybrid cloud: In hybrid cloud, combination of private and public features is facilitated through which the network can be easily developed appropriately according to requirement due to which it is necessary to follow government implications.
- Public cloud:To access public cloud, only internet connectivity is required due to which the issues related to privacy and security can occur.
- Performance: LMS is storing necessary resources for students to continue their courses. Thus, the performance of network should be high and should fulfill the utmost requirement to run the learning management system.
- Private cloud: Private cloud has enough modules to develop an efficient network to LMS. However, it might be costly as it has price/performance ratio due users will required to pay amount more in order to obtain high performance network.
- Hybrid cloud: It incorporates features of private and public cloud, which will be beneficial for developing the LMS network according to utmost requirement of the Government. Additionally, the costs can be reduced because public cloud features can be integrated to run the machine appropriately to host LMS.
- Public cloud: Performance of public cloud totally depends upon simultaneous access of users because of limited resources utilization. However, the students can face problem in accessing the public cloud-based LMS because it inherits weak processor to handle large numbers of accesses.
- Privacy: This term is mainly used to brief the prevention mechanism that has deployed to prevent any unauthorized access to system. Additionally, privacy is one of the utmost requirements of the organization.
- Private cloud: Private cloud infrastructure allows the organization to deploy privacy mechanism according to requirement through which unauthorized access can be blocked successfully.
- Hybrid cloud: Hybrid cloud incorporates both the features of hybrid and public cloud which makes this platform more feasible for protecting the confidential information.
- Public cloud: Public cloud is generally used by all users, who do not have enough resources to setup own cloud. Thus, the information stored on this cloud is accessible to all users, which can create privacy issues for the government and students, who are associated with LMS.
- Cost: Infrastructural setup of any network requires investment amount, which can be considered as another major parameters for the cloud selection.
- Private cloud: This cloud solution is feasible for the government, but it costs more and will pay according to services deployed on LMS network.
- Hybrid cloud: This cloud infrastructure allows user to pay amount according to the services or resources are utilized.
- Public cloud: This cloud infrastructure is publicly available for other users, which belongs to free service. Thus, this cloud is freely available, but it is not considered as feasible solution because it limits the installation own mechanism on any network.
- Control: Core requirement is control, which will be distributed among the schools to make LMS feasible for their students. Thus, control parameter is another important criterion, which is used for identifying the suitable cloud for deployment of LMS.
- Private cloud: This cloud almost provides all controls to the organization to manage confidential information.
- Hybrid cloud: Some controls parts are restricted for the organization i.e. moderate access to network is provided.
- Public cloud: No control is provided to the organization as it is completely deployed by a third party. Thus, it could result in terms of data loss.
There are many options, which can be used for developing the learning management system for the government. However, IaaS hybrid cloud services (Sun, Ji, Yue &Xiong, 2011)are identified as feasible cloud solution to provide the learning management system. The selection of this cloud platform is based upon the five parameters such as control, cost, privacy, performance, and compliance. Learning management system for the government will accommodate the following features by deploying IaaS hybrid cloud platform:
· Remote Workforce: The major reason of the organizations for accommodating the IaaS hybrid cloud platform is that desktop virtualization can be done in order to allow the different employees to access the learning management system. Additionally, the information will be made available on-demand, which can be accessed remotely.
· Reduced Costs: Cost is a key factor for many organizations to select the appropriate cloud platform. However, the selection of IaaS hybrid cloud platform is less costly because it has mechanism pay as you go model, which users need to pay amount only for those resources, which has been consumed in the learning management system. Thus, this platform is cost-effective and can be used to deploy different services for schools and students.
· Improved scalability and control: IaaS hybrid cloud platform will provide greater control over the data, which is the utmost requirement of the government. Additionally, this cloud platform will automate the services, which will be helpful for adjusting the cloud services according to requirements. Additionally, the cloud will adjust itself according to the environment sensed and will maintain the working of LMS network.
· Increased agility and innovation: LMS deployed with IaaS hybrid cloud will help the government to increase the speed by providing optimized modules. It will help to expand the prototype of the service accordingly and will be suitable for adding newly launched products.
· Business continuity: The hybrid cloud platform will improve the business continuity and be useful further in reducing the potential downtime. With the help of hybrid cloud, business continuity plan can be implemented easily to make the backups of private servers.
In this section, business and technical requirements are examined to understand basic operation needs in LMS network to facilitate services for students and schools. Business requirements of the government for the LMS network are enlisted below:
|Business àDevelopment of learning management system to accommodate the resources of all schools, so that students can pursue their classes in online mode. àSecurity of learning management system should be highly advanced because the network is going to store the information of students and schools. àExisting network should be upgraded with latest tools and technologies to support the increased use in online access of different users. àThe development of the process should be done within the timeline frame decided by the government, so that services can be started earlier to provide the education resources to students. àAll the development of learning management system should be completed within the budget, so that the government can accommodate the network to provide the services.|
|Technical àThe network should be compatible with all the hardware devices and versions, so that the student can access the network without any interruption. àNetwork should have the feature to accommodate video conferencing call for more than 10 users at a same time and should have enough storage to provide on-demand streaming services. àThe learning management system should be equipped with AR and VR, so that content can be created effectively for the users. àAttendance system should be integrated with NFC, Bluetooth and other technologies in order to calculate attendance of users automatically. àAvailability of network beyond the traditional time of classes, so that students can be able to access resources anytime without facing any interruption. àEntire system should be developed with cloud services and advance security features should be added to restrict the unauthorized access to system.|
Overa1l outcome of the requirements is that the government requires a highly secure learning management system, so that resources can be added for students to continue their course. Additionally, a fixed bandwidth is required in order to access the internet to get the resources. Therefore, it is recommended to use NBN networks as this company is reputed and offers great deals on internet connectivity. In order to ensure the security for learning management system, some protocols like HTTPS, SSL etc. will be configured, so that unauthorized access to network can be restricted. In the end, the network should be developed by using four-tier architecture, which will provide a better approach to conceptualize the learning management system project.
For the development purposes, four-tier architecture will be utilized through which the network core functionalities can be divided into four layers to understand better about the desired activities(Azeez &Iliyas, 2016). Additionally, the four-tier architecture has enough capabilities through which the data can be transmitted to other devices efficiently. Layers of four-tier architecture are:
Ø Presentation Layer
Presentation is the uppermost layer for representing the data into readable form, so that appropriate action can be taken. Generally, this layer performs data conversion process and further provides effective management process to handle all the input data.
Ø Business Logic Layer
In the process of exchanging the information to another layer, the business logic layer acts as midway. Additionally, this layer performs other operational activities in order to maintain the data flow between the two layers to aid additional services for devices.
Ø Data Access Layer
This layer executes encoding process to add code i.e. persistent logic over the machine, so that required tasks can be performed efficiently. This layer is used to achieve high level translation by using stored XML files and can access the database.
Ø Database Layer
In layer is connected with the database of the system, and performs functions according to requests made by users. Additionally, this layer is responsible for providing data storage to store the information, so that processing speed can be avoided.
In this section, advantages of four-tier architecture are pinned point, which can enhance the learning management system efficiency:
|Security: The primary requirement of the government is to ensure the security of information stored over the database. Four-tier architecture can be useful because the configuration of additional security layer can be done in order to validate the requests to access the network.|
|Scalability: Four-tier architecture provides scalability feature to network and will be effective for learning management system because indefinite users are going to access the internet and platform for data resources. While connecting the new devices to learning management system, the platform’s other devices can be able to access the resources.|
|Reliability and No Interdependence: Four-tier architecture provides a reliable network, which means that the network performs consistently with good performance. Additionally, the modules are not inter-dependent on each other, which mean an issue in one module will not affect the working of another module.|
It can be concluded that four-tier architecture can be beneficial for the development of learning management system for the government. Another major benefit of using four-tier architecture for development is that it provides ability to update the technology dynamically without impacting the modules working for learning management system.
The below diagram depicts logical network infrastructure to demonstrate the addressing and naming scheme used for the different devices. Servers are isolated from the entire network in order to prevent any unauthorized access. Further, it can be observed that a firewall has been installed between the connections and will filter all incoming packets to restrict any unauthorized access. Additionally, VLANs are created and assigned with different workstation that facilitates employees to communicate with each other to provide customer support. Furthermore, MPLS connection has been provided to entire network that will initiate secondary link whenever primary link fails to communicate. For every department, separate VLANs have been created, so that access to confidential data could be restricted. Firewalls, almost are installed on every network architecture that would prevent any unauthorized access.
|AU||Australia||ASA||Adaptive Security Appliance|
|ECO||Economics Department||DB-SVR||Database Server|
|HEA||Health Sciences Department||HTTP-SVR||Web Server|
|LEA||Learning Technologies||WIN-SVR||Active Directory Server|
|CATSw||Catalyst Switch||STR-SVR||Streaming Server|
|ADM||Administration||HDD||Hard Disk Drive|
|WS||Azure Web Server||DBS||Azure Database Server|
|LAN||Local Area Network||MPLS||Multiprotocol Label Switching|
IP Addressing & Naming Strategy
The addressing scheme for the high school network must be in a manner to support all the devices. For this, VLSM (Variable Length Subnet Mask) is selected in order to provide efficient addressing arrangement to all the devices no matter its is router or switch, access points, etc. There are certain rules that must be considered while setting up IP addresses using the VLSM technique.
· The priority of the subnets is considered in the VLSM technique.
· Subnet with a greater number of hosts will be considered initial.
· Subnet with the least number of hosts will be provided the addressing in the last.
IP Addressing Table
|Name||Hosts Needed||Hosts Available||Unused Hosts||Network Address||Slash||Mask||Usable Range||Broadcast|
|Academics VLAN||5000||8190||3190||172.16.0.0||/19||255.255.224.0||172.16.0.1 – 172.16.31.254||172.16.31.255|
|Administration VLAN||2000||2046||46||172.16.32.0||/21||255.255.248.0||172.16.32.1 – 172.16.39.254||172.16.39.255|
|Arts Department VLAN||1000||1022||22||172.16.40.0||/22||255.255.252.0||172.16.40.1 – 172.16.43.254||172.16.43.255|
|Economics Department VLAN||1000||1022||22||172.16.44.0||/22||255.255.252.0||172.16.44.1 – 172.16.47.254||172.16.47.255|
|Health Science Department VLAN||1000||1022||22||172.16.48.0||/22||255.255.252.0||172.16.48.1 – 172.16.51.254||172.16.51.255|
|Learning Technologies Department VLAN||1000||1022||22||172.16.52.0||/22||255.255.252.0||172.16.52.1 – 172.16.55.254||172.16.55.255|
|Lab Facility VLAN||1000||1022||22||172.16.56.0||/22||255.255.252.0||172.16.56.1 – 172.16.59.254||172.16.59.255|
|Server VLAN||100||126||26||172.16.60.0||/25||255.255.255.128||172.16.60.1 – 172.16.60.126||172.16.60.127|
|Storage VLAN||100||126||26||172.16.60.128||/25||255.255.255.128||172.16.60.129 – 172.16.60.254||172.16.60.255|
The naming strategy for the high school network is considered in a way that all the devices are suggested a proper name in order to identify them easily. The naming scheme is very vital in any network as it removes the complexity of the network and differentiates the devices with the help of their unique names selected by the team. For high school, the naming scheme which is considered is defined as underneath;
Abbreviation of Entity Name@First 2 letters of Location# First 3 letters of Department$Abbreviation of Device Name
For instance, the catalyst switch of the art department is named HS@AU#ART$CATSw
As cloud infrastructure will be going to use for the development of learning management system due to which the government can face security challenges, which should be addressed properly. Security for the network has become one of the primary requirements for the organization to implement in order to ensure data privacy for students and schools. Cloud computing utilization is trending in between the organization firms as it provides a technology connection with grid computing, distributed computing etc. In this paper(Rao &Selvamani, 2015), the author has elaborated the challenges for data security in the cloud computing and further recommended different technologies as a solution to prevent side effects on the network. The parameter that has selected by the author to do his research is data security and privacy as the cloud storage is mainly used for storing the network configuration and data. Furthermore, the three models of cloud computing are discussed and the author elaborated firmly with small details about it. One of the great challenges for the cloud computing, which the author thinks that it can impact more on the network is data leak prevention. It is the great challenge for the organization to tackle the data leak activities because the cloud platform mainly configures with some open ports, which are widely used by the hackers to intrude the system. Thus, the open ports or other vulnerabilities of the cloud platform should be secured with appropriate security algorithms. In order to limit the impact of this challenge on the cloud platform, the author is recommending the encryption technology as information stored over the system will be encrypted with advance level algorithms, which will be difficult for the hackers to theft the stored data. In the another research paper(Kumar, 2019), author defined the cloud computing technology as provided by national institute of standards and technology, which is comprehensive and rising technology that mainly provides a web service like networks, storage, servers etc. for establishment. In the paper, the author has discussed the cloud computing security issues, which required special focus to maintain the overall functionality. One of the most common challenges, which has discussed by the author, is denial of service attack through which hacker intruder the services and can stop them from functioning without any legitimate authorization. Furthermore, the author is also elaborating some other attacks, which can create a security issue for the cloud platform. In the last section of the research paper, the author has discussed the security techniques through which the cloud platform can be secured with advance level security algorithms. Some of the possible solutions for resolving the security issues of the cloud platform are validation of OTP, access control, intrusion detection system, data encryption etc. However, the author is expecting that, in future the new security technologies will be developed, which can secure the cloud platform’s security challenges to help the users for the purpose of developing a secured and reliable network.
Once, all the data is gathered and the next step is to scope the risk assessment of the project to define the strategies to limit the risk impacts on the project. The risk assessment is very beneficial for the organization because it includes procedures to reduce the operational risks, improving safety performance, and helps to achieve project objectives(Eroğlu&Çakmak, 2018). The three core elements of risk assessment are risk identification, risk analysis, and risk evaluation. However, it is required to perform asset assessment, so that all the critical assets can be identified, which have the highest probability of the risk occurring. Thus, this section is pointing towards the assets, which are critical for the government and other associated schools:
1. Physical Devices: To support the infrastructure, an IaaS cloud platform is selected for which different physical devices such as servers, PCs, cables, etc. are required. Additionally, these devices have vulnerabilities, which might be used by hackers to intrude the network. Thus, the physical devices have great significance in terms of security and required a special focus on servers because all the data will be stored in this.
2. Software: On hardware devices, the software will be installed so that user interface design can be provided to users to interact with the operational activities. In software, a database will be a vital resource, which should be protected against attack. Thus, essential security mechanisms should be deployed to prevent any attack on the software.
3. Database: On any platform, the database is the critical asset because it provides storage to users to store their confidential data and allows the stored resources to utilize to complete their objectives. The database of the LMS network is considered important because it will also store information the confidential data of schools to provide an interface to control the operational activities. Following are the types of data, which will be stored over the database of the learning management system:
a. User Credentials: A login mechanism is integrated with the platform, which requires credentials and these credentials will be matched with stored one to validate the request to the server. Thus, the credentials should be stored with encrypted algorithms to prevent any hacker to access the system.
b. School Information: To the government’s learning management system, there are many schools, which will register themselves to permit access to students in order to access their resources. The registration details of schools are vital assets, which need protection because their information is further used at different organizations such as banks etc. to create their payment accounts.
c. Student Information: To access the resources, registration is required for students. Thus, the learning management system’s database will store the personnel information of students, which are critical and a data breach can lead to data or financial loss.
d. Configuration: The network configuration is also stored over the platform in order to maintain the overall functionality. Thus, it will necessary for the designers to implement strong security mechanisms, so that the network can be prevented against attacks.
e. Study Material: The network is providing educational resources to allow the students to pursue their courses. Thus, the network storage will have different education resources, which should be maintained regularly, so that students can’t face any issue in fetching the details.
f. Government Data:On the platform, the government has added different types of forms and other functions, which should be protected against any attacks and the system should be made highly available for students to access the learning management system.
4. Others:there are some other assets, which are unidentified, but play a vital role in managing and running the learning management platform.
There are different assets, which are connected together to form a learning management system for providing services to schools, and students. However, it is required to have the implementation of appropriate security mechanisms to protect the data against attacks. In the next section, the discussion is made on the possible risks, which can impact the overall functionality of assets to degrade the performance of the learning management system.
In the infrastructure setup, different assets are integrated to provide the services. However, all these infrastructure equipment have vulnerabilities, which should be addressed in order to tackle the issue. In this section, the risk assessment is made in order to examine possible risks on the network devices. In the following table, the possible risks are listed which should be addressed to prevent any attack:
– Cyber Attacks: Internet will be accessed by different users, which is considered as the most vulnerable technology for cyber attacks. The cyber attack mainly occurs implemented by hackers with a motive to theft the data to gain personnel benefits.One should have a major concern over the cyber attacks because it can impact overall process of devices to provide learning management system(Peddada, 2013). All the hardware devices and protocols used to setup for learning management system is vulnerable to this risk as they are connected with internet. Some of the common attacks that can impact the learning management system are described below:
o Denial of service attack: In a learning management system, lots of services are deployed to enhance the efficiency of online education. Some of the services can be important for the working of the platform as it has protocols like HTTPS, SSL, etc. which provides security. By this attack, such useful services can be stopped from working, which may result as a loss to students as they are not able to access the learning management system.
o Brute Force Attack: The login mechanism is integrated with online LMS so that every user can be authenticated in order to grant access to resources. However, simple passwords can be detected easily by running the brute force attack, which runs multiple guessing codes to fetch the password. Thus, all users are required to protect their platform with advanced algorithms.
o SQL Injection: On the database of the learning management system, all the data is stored in the form of tables, in which credentials of login will have a separate table. By running the SQL injection attack, the database can be fetched with the help of a simple “1”=”1” rule.
– Manufacturer’s incompatibility: In accessing the online platform, different devices will be used by the students. Additionally, the infrastructure has been set up to support the operations of the learning management system. Therefore, it will be necessary for the government to select appropriate devices, which are compatible with each other to develop efficient LMS.
– Internal Mishandling: Risks like mishandling, misconfiguration, etc. can occur and will make a great impact on the functionality of the LMS network. Thus, it is required to organize the specialist team in order to handle the technical operations of the learning management system to maintain the availability for students to access online resources.
For the purpose of analyzing the severity of the risks on the assets, a risk matrix is designed which is a visual conception of risks, which are affecting the project and further enable the users to develop appropriate strategies through which risks can be mitigated. The risk matrix to examine the impacts can be reviewed below:
|High||Cyber Attack Manufacturer incompatibility||Internal mishandling Cyber Attack|
|Medium||Internal mishandling||Manufacturer Incompatibility, Internal Mishandling||Internal mishandling|
|Low||Cyber Attack||Manufacturers incompatibility||Cyber Attack Manufacturer’s incompatibility|
Impact level is categorized into three parts i.e. high, medium, and low. High impact means that the entire network can be damaged with risk occurrence. Similarly, the level of intensity is reduced by moving from medium and low.
The utmost requirement of the government is to implement a secured and reliable learning management system for students. Thus, the security tools are implemented in order to prevent any unauthorized access to the network. Following are the controls, which are recommended to install on the learning management system to ensure security:
– Encryption algorithms: On the learning management system, lots of information like user credentials, personnel data, etc. required protection to prevent any unauthorized access. Therefore, encryption algorithms are recommended to use, which will encrypt the data and converts plain text into cipher text, which is difficult for hackers to crack. For the purpose of security, encryption algorithm like RSA, DES, etc. can be used.
– Firewall: As infrastructure has been set up to configure the LMS and will provide the services to customers. Therefore, the firewall will be also installed on the network in order to filter the data, and allow only authenticated sources to access the data.
– Intrusion detection system: Infrastructure is expanded worldwide in order to grant permission to different users to access the internet. Therefore, an intrusion detection system will be configured on the network to detect any malicious activity. With the help of an intrusion detection system, the availability of the network can be done for users to allow the resource access without facing any interruption(Gupta, Goswami, Ashok Kumar & Singh, 2004).
– Patches: The learning management system is supported by the infrastructure, which is configured by the government. However, there are several patches on the hardware network to upgrade automatically in order to maintain the network. Thus, the automatic installation of patches or drivers will be done in order to avail of the latest updates of services, which will be useful for running the platform efficiently.
– Data Backup: On alternative places, the data backups should be maintained, so that any unusual loss to the network can be avoided by adding the backup data to run the learning management system smoothly.
– Disaster Recovery Plan: A disaster recovery plan should be designed by the government to recover the data effectively to avoid the impact of the disaster on the network.
– Business Continuity Plan: A business continuity plan should be deployed on the network in order to maintain the infrastructural setup of the learning management system to provide the services to students.
The disaster recovery plan is important for the government to have a backup in order to tackle the disasters so that the network can be recovered properly to avoid any impact on the network communication. Following are the practices that should be adopted by the government to reduce the outages on a network:
– Checks and balances:the network should be properly reviewed after a fixed period of time to check the balance work between the different modules. It will help to review the dependency work of modules in providing the essential services.
– Monitoring: Entire network should be monitored every day, so that any modification alert can be provided to designers to focus in order to check the status of functions.
– Simplicity: Larger tasks should be divided into smaller tasks, so that designers are able to understand the network modification.
– Communication: Effective communication medium should be created between the team members to mitigate any issue to run the learning management system smoothly.
Following are the procedural steps that should be taken in response to the occurred incident:
– Preparation: In this phase, the technical team should have appropriate plans to tackle every situation. Some of the plans which are required to add to the disaster recovery plan are IR policies, communication guidelines, threat intelligence mitigation, cyber hunting exercises, etc.
– Detection and Reporting:Monitoring of the network should be done to detect any type of security events by using the security mechanisms such as firewalls, intrusion detection systems. In the next step, potential security incidents will be detected and will provide an alert to the team members. In the last step, the project manager will be responsible to provide a suitable mechanism to remove the security event to recover the data successfully.
– Containment and Neutralization: It is considered as the most vital stage of incident response. The entire stage is dependent upon the intelligence and indicators of compromised data. In this stage, critical servers will be set to shut down the stage and will re-build those functions, which have no chance of recovery. Threat mitigation requests will be made to take command or control over the data.
– Post-Incident Activity: In this stage, documentation should be made of all the resources, which have been used effectively to recover the data after the disaster.
Following is the structure of the incident response team and discussed the responsibilities:
|Project Manager||A project manager is responsible for guiding the team to take effective measures to recover the data.|
|Analyst||The analyst is responsible to gather the information of the assets, which are either damaged completely or can be re-used again for the project.|
|Network Engineer||On the basis of reports, effective measures will be taken to recover data.|
|Tester||Responsible for testing the network, which has successfully recovered after the disaster.|
Following are the elements that should be added to the response plan:
– Roles and responsibilities of incident response team members should be discussed.
– Business continuity plan to run the network effectively.
– Summary of all the tools and technologies, which have been used previously in building the network.
– Information regarding the critical network assets and data recovery mechanisms.
In case of disaster, it is recommended to the government recover data from the backup. In the learning management system network, a regular backup mechanism has been set up, which will store the information every at midnight. The learning management system can be recovered successfully with the previous backup to run the functions smoothly. Following are the phases of the business continuity plan, which can be used for the government’s learning management system:
Access Risks: All the risks should be accessed to examine the impact on the learning management system.
Testing: Every asset on which risks have occurred needs to be tested in order to evaluate whether it is working or not.
Redesign: The network should be redesigned appropriately if any of the assets can’t be recovered.
ImplementSolution: The solution should be implemented on the affected assets so that the business can be brought back to its original working.
The government intends to develop moodle LMS for schools for which the Microsoft Azure cloud platform has been selected. With the help of Microsoft Azure, all the requirements of business and network can be achieved successfully. In order to configure moodle, Microsoft Azure comprises moodle certified by Bitnami and could be selected according to the requirement. Public and private addresses have been used according to requirement, in which public address will be used to access publicly whereas private address could be used to access with virtual machine’s Ubuntu operating system. For the purpose of performing penetration testing on moodle application, the Kali Linux tool has been selected. This section also comprises penetration testing demonstrated that was executed to analyze the issues. Furthermore, the report comprises a discussion on hardening techniques that would help to prevent any attacks after analyzing the vulnerabilities.
Microsoft Azure logged in and moved to the application section and selected moodle certificate by bitnami as depicted below:
The virtual machine has been created and details for same could be viewed below:
Deployment progress of bitnami supported Moodle platform can be viewed:
When created moodle successfully, a Public IP address has been entered on web browser to view a web application as depicted below:
The general setting that has been performed on moodle is illustrated below:
The username and password for each team member has been created in this application:
— credentials entered in general settings can be viewed below:
—– details can be viewed below:
Sandesh details are depicted below:
Combined information of all users created on moodle can be viewed below:
By using the Visio tool, a physical network design is created that depicts inter-connectivity between the devices and will demonstrate the network topology also that has been used for the Government’s network architecture. Besides this, physical network design can be considered a birds eye view, which could help the administrator to check the location of the device. For the purpose of security, the firewall has been installed and will initiate a filtering process to block any unauthorized access. Additionally, the physical network design will display the physical connectivity used by end devices to connect with the cloud for providing moodle services:
Disaster Recovery Plan:
The major benefit of Microsoft Azure is that it can be used to create a backup plan to tackle any unplanned disasters. The following screenshot depicts the configuration of disaster recovery and selected the location:
Specification of disaster recovery plan can be viewed below:
Showing that deployment of the disaster recovery plan is successfully initiated:
Showing the different points to demonstrate data backup:
Displayed the backup jobs created on Microsoft Azure:
Showing information about the job that has been successfully initiated:
HTTPS Conversion Security:
HTTP conversion will play a vital role in providing secure access to moodle applications. Also, web solution with HTTP conversion shows that applications are able to communicate with each other. Below screenshot shows the configuration of HTTP for moodle application:
Account Lockout Security:
It is another widely used security measure, in which the user left the screen for 2 or more seconds, moodle platform will automatically log out and end-user require again to login in.
Password Policy Security:
In this security, every user is asked to create passwording to administrator demand and most passwords should be complex in order to avoid any easy guessing with brute force attack. With this configuration, end-user would be able to create easy passwords for login.
Session Handling Security:
It will log out the user if the system is kept idle for three minutes, but does not allow the administrator to perform any activity.
Every failed login by the user will be notified to the administrator by configuring this security control. It will help to prevent attacks on the platform and will provide secure connection:
SSh Port Change:
There is a default port number of protocols that are known to everyone. Therefore, the SSH port number is changed to 2222 in order to prevent any attack via SSH protocol:
Netstat command can be executed to check modified port number:
Moodle hardening – OWASP:
Opened OQASP ZAP 2.9.0 tool and public address of moodle added in the given field to initiate the attack. It will perform an SQL injection attack to match up the details to make login successfully:
Showing that attack has been initiated:
CaseName1: Session Logout Testing
CaseName2: HTTPs Testing
CaseName3: Open Port Scan testing
CaseName4: ICMP Flooding Reject
|Summary: It is used to check the load on network architecture and tested the capabilities of a single link to handle total requests. Prerequisites: Kali Linux and NMAP The procedure of Testing: On the virtual box, kali Linux installed and terminal utilized to generate traffic: Data Tested: Link handling Expected Outcome: No transmission would take place. Actual Result: Status: Pass|
CaseName5. Password Cracking Test
Ahmed, M, & Hossain, MA 2014, ‘Cloud Computing and Security Issues in the Cloud’, International Journal Of Network Security & Its Applications, vol. 6, no. 1, pp. 25-36, https://www.researchgate.net/publication/276199301_Cloud_Computing_and_Security_Issues_in_the_Cloud
Al-Hakim, H, Aldabbas, H &Alwada’n, T 2012, ‘Comparison Between Cloud and Grid Computing: Review Paper’, International Journal On Cloud Computing: Services And Architecture, vol. 2, no. 4, pp. 1-21.
Cristea, V, Pop, F, Dobre, C & Costan, A 2011, ‘Distributed Architectures for Event-Based Systems’, Reasoning In Event-Based Distributed Systems, pp. 11-45,
Aldheleai, HF, Bokhari, MU & Alammari, A 2017, ‘Overview of Cloud-based Learning Management System’, International Journal Of Computer Applications, vol. 162, no. 11, pp. 41-46
Januzaj, Y, Ajdari, J & Selimi, B 2015, ‘DBMS as a Cloud service: Advantages and Disadvantages’, Procedia – Social And Behavioral Sciences, vol. 195, pp. 1851-1859,
Paz, A, Veeramisti, N, Khanal, I, Baker, J & Fuente-Mella, HD 2015, ‘Development of a Comprehensive Database System for Safety Analyst’, The Scientific World Journal,
Sari, A & Akkaya, M 2015, ‘Fault Tolerance Mechanisms in Distributed Systems’, International Journal Of Communications, Network And System Sciences, vol. 08, no. 12, pp. 471-482,
Sun, Y, Zhang, J, Xiong, Y & Zhu, G 2014, ‘Data Security and Privacy in Cloud Computing’, International Journal Of Distributed Sensor Networks, vol. 10, no. 7, pp. 190-903,
Steen, MV & Tanenbaum, A 2016, ‘A brief introduction to distributed systems’ Computing, vol. 98, no. 10, pp. 967-1009,
Rao, R & Selvamani, K 2015, ‘Data Security Challenges and Its Solutions in Cloud Computing’, Procedia Computer Science, vol. 48, pp. 204-209.
Kumar, J, 2019, ‘Cloud Computing Security Issues and Its Challenges: A Comprehensive Research’, International Journal Of Recent Technology And Engineering (IJRTE), vol. 8, no. IS4.
Azeez, N & Iliyas, H 2016, ‘Implementation of a 4-tier cloud-based architecture for collaborative health care delivery’, Nigerian Journal Of Technological Development, vol. 13, no. 1, pp. 17.
Eroğlu, Ş &Çakmak, T 2018), ‘Information as an organizational asset: assessment of a public organization’s capabilities in Turkey’, Information Development, vol. 36, no. 1, pp. 58-77.
Gupta, V, Goswami, S, Ashok Kumar, A & Singh, M 2004, ‘Networking and Security Measures’, DESIDOC Bulletin Of Information Technology, vol. 24, no. 2, pp. 9-16.
Peddada, K 2013, ‘Risk assessment and control’, Journal Of Governance And Regulation, vol. 2, no. 2, pp. 51-59.
R, T, & Borse, Y 2018, ‘Implementation of Cloud computing Service Delivery Models (IAAS, PAAS) by AWS and Microsoft Azure: A Survey’, International Journal Of Computer Applications, vol. 179, no. 48, pp. 19-21.
Sun, A, Ji, T, Yue, Q, & Xiong, F 2011, ‘IaaS Public Cloud Computing Platform Scheduling Model and Optimization Analysis’, International Journal Of Communications, Network And System Sciences, vol. 04, no. 12, pp. 803-811.
Sundarakani, B, Kamran, R, Maheshwari, P & Jain, V 2019), ‘Designing a hybrid cloud for a supply chain network of Industry 4.0: a theoretical framework’, Benchmarking: An International Journal.