This post showcases a network diagram of an office space with the following arrangements: A reception area, 4 offices for management, 1 conference room, 10 work stations for the project team, a computer room with several servers and at least one printer. I assume that the reception area will have one computer and one printer to sign visitors in and to print out name badges for them. I also assume that the conference room will have an Ethernet cable to connect devices to the internet and that each workstation will have a computer. There are two servers on premise, a web server, and a mail server and lastly, that each management office will have a computer. For this diagram I have included an IP address scheme, and included subnetting and a subnet mask. In order to document my diagram, I will use the OSI Model to explain all configurations.
Network Diagram For Office Space
OSI Model
For starters, the OSI Model is helpful in understanding the abstract way that data travels throughout a network. The OSI model is composed of 7 Layers: Physical, DataLink, Network, Transport, Session, Presentation, and Application. As mentioned in the discussion post this week, my favorite way of remembering the OSI model is from top down using the phrase: “People Don’t Need Those Stupid Protocols Anyway!”. Each of the 7 layers are represented in this diagram and each play an important role in the transfer of data.
Physical Layer
To start, the physical wires I have drawn represent the physical layer of the OSI Model. These wires carry the information broken down into bytes to other networks. This includes broadband cables or fiber optics. When the data is received by its intended recipient, it can build its way up the OSI layer model to be interpreted.
Data Link Layer
Data link here is represented by the links that the hosts have on the same network. That link is represented with a switch. The Switch connects multiple computers together in the same network and identifies each computer using a MAC Address. I used a switch in this situation because it is much more useful than a Hub. A hub is not as efficient as it duplicates packets and sends them to all destinations on the network. A Hub has no concept of where a computer is on the network and thus is not an efficient way to use bandwidth. A switch seems like a logical choice because of its price. At one point the switch was priced higher than the hub but now that prices have gone down, there seems to be no good reason to buy an hub. The only logical one I can think of is if you are conducting a study on internet traffic.
Network Layer
The network layer is represented in this diagram by the IPv4 addresses. Each computer connected to a network is given an IP address. These IP addresses act as the “postal addresses” of these computers on the network. I chose IPv4 in this instance because it is much easier to document and diagram. IPv6 is about 128 bits where as IPv4 is 32 bits. Not only do the devices have IP addresses, so do the routers and servers in this diagram. The switch that connects all these computers together are also connected to the router. This router allows for these computers to communicate with other networks. As well, these routers which have DHCP and NAT capabilities are in charge of subnets masks and assign IP addresses to new hosts that enter the network. I have chosen to make the 10 workstations into its own subnet, as to better protect and isolate the servers. Isolating the networks can be strategic in preventing the spread of malware due to one device.
Transport Layer
Although not visible, the transport layer is represented by the TCP protocols that take the data from computer, break it down into packets and send it to another computer. For instance if one of the project computers made a request to visit a website, that computer will first search for the IP address of that website through its LAN. As I mentioned above, that LAN network is set up by the switch. After searching its internal network, it will send its request to the router, which will route the request to the correct IP address. The router also has DNS capabilities which allows for this to happen. Essentially this whole transport process is made possible by TCP which uses windowing to send data when it finds its correct destination.
Sessions Layer
The sessions layer as well are not visible, but assume every time a computer is in communication with another one, a session is live. That is why I like to think of sessions as an instant message conversation. Each conversation is considered to be a session and ends when data stops being sent through. For this example, imagine that the project work stations are all equipped with SQL, SQL queries the database and essentially uses sessions to complete these transactions.
Presentation Layer
In terms of Presentation, every device that is connected to the network should encounter Secure Socket Layer (SSL) at some point when accessing a website. SSL essentially encrypts all communications back and forth during sessions. It is represented in this layer because SSL has a direct effect on the presentation of the data. SSL is able to encrypt data using a public, private key system. Essentially both the client and the server create an aggregate key that encrypts/decrypts all data being sent over. For example, when a client browser connects to a website server, that website server sends over a certificate and its public key. The browser checks that certificate against a list of Certified Certificates and approves it. When approved the the client chooses an aggregate key, encrypts it with the public key provided by the server and sends it over to the server. The server is able to decrypt the message using its private key. Now the server is able to encrypt messages with the aggregate key and decrypt messages that are returned using that encryption
Application Layer
At the application level are all the functions we expect workstations to have in a corporation. This includes email (SMTP), internet (HTTP), file-system (FTP) and integration with apps such as Microsoft offices Office (API’s). Therefore, applications are represented by the computers labeled as workstations.
Conclusion
To conclude, there are many different ways you can configure an office space. Depending on who you ask, one person may configure it to be very secure, but not cost effective. Another may choose the cheapest way to configure the office space, but that may not be efficient. Ideally, I choose to be in the middle of those two. In terms of security, I believe isolating your important servers and devices into its own network is key to preventing attacks. As well, I believe it is efficient to group together departments in subnets, as they may have members of those departments working on the same projects and probably have a lot in common.