vpn

1 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)

TABLE OF CONTENT

CHAPTER 1:.......................................................................................................................4

INTRODUCTION...............................................................................................................4

COMPANY BACKGROUND............................................................................................5

Mission........................................................................................................................6

Vision...........................................................................................................................6

ORGANIZATIONAL CHART...........................................................................................6

CHAPTER SUMMARY.....................................................................................................7

CHAPTER 2:.......................................................................................................................8

GATHERING INFORMATION.........................................................................................8

ANALYSIS OF BUSINESS INFORMATION...................................................................9

INTERVIEW THE STAFF...............................................................................................10

CHAPTER SUMMARY...................................................................................................14

CHAPTER 3:.....................................................................................................................15

NETWORK ARCHITECHTURE.....................................................................................15

NETWORK ARCHITECTURE OVERVIEW..................................................................16

INTRODUCTION.............................................................................................................16

Remote Access VPN..................................................................................................17

VPN SECURITY...............................................................................................................19

VPN TECHNOLOGIES....................................................................................................21

VPN Components..............................................................................................................23

VPN ADVANTAGES AND DISADVANTAGES...........................................................25

Advantages of VPN.......................................................................................................25

Disadvantages of VPN...................................................................................................26

CHAPTER SUMMARY...................................................................................................27

Hazwani binti Ishak 01-200807-00311

Kuala Lumpur Metropolitan University


CHAPTER 4:.....................................................................................................................28

NETWORK COSTING.....................................................................................................28

VPN CONCENTRATOR..................................................................................................29

Technical Specification.............................................................................................30

Model and Price.........................................................................................................33

VPN OPTIMIZED ROUTER............................................................................................34

Advantages....................................................................................................................35

Security..........................................................................................................................37

4.1.1 Specification....................................................................................................38

4.1.2 Model and Price...............................................................................................38

PIX FIREWALL................................................................................................................39

Deploy Comprehensive Network Security....................................................................39

4.1.3 Technical Specification...................................................................................40

4.1.4 System Requirements......................................................................................42

Model and Price.............................................................................................................42

NETWORK COSTING.....................................................................................................43

CHAPTER SUMMARY...................................................................................................44

CHAPTER 5:.....................................................................................................................45

TESTING AND IMPLEMENTATION............................................................................45

EXISTING NETWORK....................................................................................................46

IMPLEMENTATION OF THE NETWORK....................................................................47

CHAPTER SUMMARY...................................................................................................53

CHAPTER 6:.....................................................................................................................54

NETWORKING GUIDELINES.......................................................................................54

HP PROLIANT DL120 G6 SERVER...............................................................................55

DEBUGGING THE PPPOE SERVER.............................................................................56

CONFIGURATION VPN 1750-RF ROUTER ON HP PROLIANT DL120 G6 SERVER

...........................................................................................................................................57

CHAPTER SUMMARY...................................................................................................59




CHAPTER 7:.....................................................................................................................60

MAINTENANCE..............................................................................................................60

PERFORMING MAINTENANCE...................................................................................61

Preventive......................................................................................................................61

Adaptive.........................................................................................................................61

Corrective......................................................................................................................61

Protective.......................................................................................................................62

CHAPTER SUMMARY...................................................................................................63

CHAPTER 8:.....................................................................................................................64

REVIEW AND EVALUATION.......................................................................................64

BACKUP AND RECOVERY...........................................................................................65

UNINTERRUPTABLE POWER SUPPLY......................................................................66

IMPLEMENTATION METHOD.....................................................................................67

CHAPTER SUMMARY...................................................................................................68

CHAPTER 9:.....................................................................................................................69

CONCLUSION..................................................................................................................69

CONCLUSION OF VPN PROPOSAL.............................................................................70

CHAPTER 10:...................................................................................................................72

FUTURE PLANNING......................................................................................................72

KAMDAR NETWORK SYSTEM IN FUTURE..............................................................73

APPENDIXES...................................................................................................................74

Kamdar main headquarter address and branches...............................................................75




CHAPTER 1:

INTRODUCTION




COMPANY BACKGROUND

Kamdar Group (M) Berhad (Kamdar) store opened in 1950 and in 1972, Kamdar

was incorporated as a private limited company. Kamdar is proud to be celebrating its

35th anniversary this year. A humble beginning trading in textile and haberdashery,

Kamdar has evolved into a specialized department store, focusing on textile and textile

based products for men, women children and apparels together with rugs, accessories and

luggage.

Textiles Furnishing Fabrics Ladies’s Fashion Men’s Wear Children’s Clothing Traditional & Modern Wear

The Kamdar brand stands for quality of service, history and value for money. The

company is perceived by the public as a trustworthy, value-for-money store with a

difference. The Kamdar logo, with its distinctive typeface and green and white corporate

colours – fostering an environmentally aware, clean, fresh and new image – is instantly

recognisable throughout Malaysia.

Despite the extremely intensive competition in the retail industry, Kamdar has

grown turnover and earning impressively at the year 5-year CAGR of 8% and 10%

respectively since 1996. compared to other listed retailers, Kamdar has the most superior

PBT margin and second highest PBT-level among retailers in Malaysia.

A family enterprise, Kamdar today spans 3 generations. With the support of

customers, advisers, business associates, employees, professionals and suppliers, Kamdar

has grown to twenty one outlets spanning the length and breadth of Peninsular Malaysia.

In future, Kamdar plans to open more outlets to explore new growth areas and strategies

to further grow the Kamdar brand.

Kamdar proceeded to list on the Main Board of Bursa Malaysia on 29 March 2005

and this is the first step to a new more vibrant, transparent and inclusive business

enterprise. After more than 50 years of growth, Kamdar has 21 outlets around Malaysia

and employs about 1,200 staff.




Mission

To be the leading departmental store in Malaysia by offering a wide range

of textiles, furnishings and related products through persistent quality, range of

products at competitive prices to exceed customers expectations.

Vision

To be a premier global fashion and retail enterprise, distinguished by the

creativity, variety and quality of our product offerings.

ORGANIZATIONAL CHART




CHAPTER SUMMARY

In this chapter 1, the background and information about Kamdar Sdn Bhd has

been interpret. The real business structure has been explained according to project

requirements.

The Kamdar Group (M) Berhad is committed to a corporate culture that

emphasises good corporate governance and practices throughout the company and its

subsidiaries.

As Kamdar started as a family business, it has been running through 3

generations. The succeed of the business goals determined by their strategic planning in

business.

Kamdar focused on textiles business in Malaysia and it is one of successful

textiles business which managed to open 21 chain stores all over Malaysia. Kamdar has

been supported Malaysian with varieties of fabrics and fashions that suits Malaysian

taste.




CHAPTER 2:

GATHERING INFORMATION




ANALYSIS OF BUSINESS INFORMATION

Location

KAMDAR GROUP (M) BERHADLocations: Jalan Tuanku Abdul RahmanAddress: 113,Jalan Tuanku Abdul Rahman,50100 Kuala Lumpur.

Phone: +603.2698.8488Fax: +603.2698.8400

Current network

Kamdar using internet which is basic ethernet topology and backbone

fiber. Traditional Ethernet employs a star topology, meaning that all devices or

hosts on the network use the same shared communication line. Each device

possesses an Ethernet address, also known as MAC address. Sending devices use

Ethernet addresses to specify the intended recipient of messages. Data sent over

the Ethernet exists in the forms of frames.



http://compnetworking.about.com/od/networkprotocolsip/g/bldef_mac.htm


The Ethernet header contains the addresses of both the intended recipient

and the sender. In traditional Ethernet, this protocol for broadcasting, listening,

and detecting collisions is known as CSMA/CD (Carrier Sense Multiple Access /

Collision Detection). Some newer forms of Ethernet do not use CSMA/CD.

Instead, they use the so-called full duplex Ethernet protocol, which supports

point-to-point simultaneous sends and receives with no listening required.

INTERVIEW THE STAFF

The interview had been held on Thursday,12th November 2009, 10.00 am at

Kamdar Jalan Tunku Abdul Rahman, Kuala Lumpur with Miss Jenice Lew.

WHAT ARE THE CURRENT NETWORK IMPLEMENTED IN KAMDAR?

Currently Kamdar is using basic Ethernet Star topology and backbone fiber and employs

star topology.

WHEN IT’S IMPLEMENTED

Kamdar implemented the network on 2004 with the basic infrastructure. The basic

infrastructure was implemented is star topology. A star network features a central

connection point called a hub. Devices typically connect to the hub with Unshielded

Twisted Pair (UTP) Ethernet.

Figure 1: Kamdar star topology network




Compared to the bus topology, a star network generally requires more cable, but a failure

in any star network cable will only take down one computer's network access and not the

entire LAN

WHAT ARE THE EQUIPMENTS ARE USING CURRENTLY?

* 3COM SWITHCES AND HP PROLIANT DL120 G6 SERVER

3Com supplied a chassis with six line cards, each with 48 gigabit Ethernet ports

that use SFP transceivers for copper or fiber. The company says it has less costly gigabit

Ethernet cards with integrated copper transceivers now under development. It already

ships larger (10-slot) and smaller (two- and three-slot) versions of the same switch. In

3Com's terminology, the slot counts refer to the number available for line cards each

chassis actually has two additional slots for redundant management modules.

The HP ProLiant DL120 G6 Server is a new low cost, entry level rack-optimized

server. Low on cost, but not short on performance. The DL120 G6 supports Intel®

Xeon®, Pentium®, and Core i-3 processors with all the performance advantages of 4

cores and 2 cores. An array of Intel Xeon® processors, provide the ability to choose the

appropriate processor based on application demands and cost. The single processor, 1U

server, is ideal for single-application IT infrastructure, web and edge-of-network

applications. The DL120 G6 provides three PCI-Express slots. Additional upgrades,

including HP SAS HBAs and Smart Array Controllers, provide support for SAS hard

disk drives. The remote management offered by the integrated LO100i, provides the

DL120 G6 a low-cost, effective solution for remotely managing servers anywhere,

anytime.




COST OF THE MAINTAINING THE CURRENT SYSTEM?

The total cost for the maintenance of the equipments is RM52,000.00 per year. The major

system that Kamdar spent for was the anti-spam and intrusion detection system and

intrusion prevent system.

Anti-spam: To prevent email spam, both end users and administration of e-mail

systems use various anti-spam techniques. Some of these techniques have been

embedded in products, services and software to ease the burden on users and

administrators. No one technique is a complete solution to the spam problem, and

each has trade-offs between incorrectly rejecting legitimate e-mail vs. not

rejecting all spam, and the associated costs in time and effort. Anti-spam

techniques can be broken into four broad categories: those that require actions by

individuals, those that can be automated by e-mail administrators, those that can

be automated by e-mail senders and those employed by researchers and law

enforcement officials.

WHAT TYPES OF OPERATING SYSTEM?

The operating system that this company is using is Windows Server 2003 and

Windows XP. Their feedback about the operating system was fine. Their never face any

problem with the Windows Server 2003 operating system.

WHAT ARE THE TYPES OF BANDWIDTH THAT IS BEING USED?

* INTERNET BROADBAND

STREAMYX : The technology which supports Streamyx service is DSL. It

stands for Digital Subscriber Line. DSL is the next generation of Internet access

technology. DSL is a direct connection to the Internet that is always on.

Technology has basically enhanced the copper pair to enable data communication

at rates of up to 4Mbps.




VDSL: VDSL (Very high bit-rate Digital Line Subscriber) is next generation

DSL at super-accelerated rates of 52 Mbps (megabytes per second) downstream

and 12 mbps upstream. Downstream data rates refer to download speeds, or the

speed at which data travels to computer, while upstream data rates refer to upload

speeds, or the speed at which data travels from computer to the Internet. VDSL

architecture is based one of two technologies: QAM (Quadrature amplitude

modulation) or DMT (Discrete multitone modulation).

These two technologies are not compatible with each other and according

to many manufacturers, DMT is more commonly used. VDSL is able to deliver

great bandwidth over standard telephone lines because voice communications

through the telephone require only a fraction of the wire's capability. For a rough

analogy, consider a multilane freeway where only the slow lane is being utilized

for traffic traveling at very slow speeds. By opening the other lanes to faster

hybrid traffic, the entire freeway can be utilized, or in this case, the entire wire

pair. A telephone or fax can also be used simultaneous to VDSL Internet access or

other VDSL services.




CHAPTER SUMMARY

According the interview and research, Kamdar networking system were totally

controlled by the HP ProLiant DL120 G6 Server system and using the star topology can

be of the advantages for the company’s management.




CHAPTER 3:

NETWORK ARCHITECHTURE




NETWORK ARCHITECTURE OVERVIEW

Network architecture is the design of a communications network. It is a

framework for the specification of a network's physical components and their functional

organization and configuration, its operational principles and procedures, as well as data

formats used in its operation. In computing, the network architecture is a characteristic of

a computer network. The most prominent architecture today is evident in the framework

of the Internet, which is based on the Internet Protocol Suite.

There are any numbers of specific classifications but all lie on a continuum between the

dumb network and the intelligent computer network. Other networks contain various

elements of these two classical types to make them suitable for various types of

applications. Recently the context aware network, which is a synthesis of the two, has

gained much interest with its ability to combine the best elements of both.

INTRODUCTION

Since there’s are need of expending business to global scale and logistic, the

company’s facilities needs to maintain a fast, secure and reliable communication

wherever their location is. Recently the most popular alternatives is by using leased lines

to maintain WAN (Wide Area Network) connections. Leased lines, ranging

from ISDN (integrated services digital network, 128 Kbps) to OC3 (Optical Carrier-3, 155

Mbps) fiber, provided a company with a way to expand its private network beyond its

immediate geographic area. A WAN had obvious advantages over a public network like

the Internet when it came to reliability, performance and security. But maintaining a

WAN, particularly when using leased lines, can become quite expensive and often rises

in cost as the distance between the offices increases.

Nowadays, company is considering VPN (Virtual Private Network) to

accommodate the needs of remote employees and distant offices. VPN is a private

network that uses a public network (usually the Internet) to connect remote sites or users

together. Instead of using a dedicated, such as leased line, a VPN uses "virtual"

connections routed through the Internet from the company's private network to the remote

site or employee also help distant colleagues work together, much like desktop sharing.



http://computer.howstuffworks.com/vpn.htm/question372.htm


http://en.wikipedia.org/wiki/Context_aware_network

http://en.wikipedia.org/wiki/Intelligent_computer_network

http://en.wikipedia.org/wiki/Dumb_network

http://en.wikipedia.org/wiki/Internet_Protocol_Suite

http://en.wikipedia.org/wiki/Internet

http://en.wikipedia.org/wiki/Computer_network

http://en.wikipedia.org/wiki/Data_format

http://en.wikipedia.org/wiki/Data_format

http://en.wikipedia.org/wiki/Communications_network


A well-designed VPN can greatly benefit a company. For example, it can:

Extend geographic connectivity

Improve security

Reduce operational costs versus traditional WAN

Reduce transit time and transportation costs for remote users

Improve productivity

Simplify network topology

Provide global networking opportunities

Provide telecommuter support

Provide broadband networking compatibility

Provide faster ROI (return on investment) than traditional WAN

Features are needed in a well-designed VPN :

Security

Reliability

Scalability

Network management

Policy management

Remote Access VPN

There are two common types of VPN, Remote-access that also known as

virtual private dial-up network (VPDN) is a user-to-LAN connection used by a

company that has employees who need to connect to the private network from

various remote locations. Typically, a corporation that wishes to set up a large

remote-access VPN will outsource to an enterprise service provider (ESP). The

ESP sets up a network access server (NAS) and provides the remote users with

desktop client software for their computers. The telecommuters can then dial a

toll-free number to reach the NAS and use their VPN client software to access the

corporate network.




A large firms wil need remote-access VPN with hundreds of sales

people in the field. Remote-access VPNs permit

secure, encrypted connections between a company's private network and

remote users through a third-party service provider.

Site-to-Site VPN

Through the use of dedicated equipment and large-scale encryption, a

company can connect multiple fixed sites over a public network such as the

Internet. Site-to-site VPNs can be one of two types:

Intranet-based - If a company has one or more remote locations that they wish to

join in a single private network, they can create an intranet VPN to connect LAN

to LAN.

Extranet-based - When a company has a close relationship with another

company (for example, a partner, supplier or customer), they can build an extranet

VPN that connects LAN to LAN, and that allows all of the various companies to

work in a shared environment.



http://computer.howstuffworks.com/vpn.htm/encryption.htm


VPN SECURITY

A well-designed VPN uses several methods for keeping company’s connection

and data secure:

Firewalls

A firewall provides a strong barrier between private network and the Internet.

Firewalls can be set to restrict the number of open ports, what type of packets are

passed through and which protocols are allowed through. Some VPN products, such

as Cisco's 1700 routers, can be upgraded to include firewall capabilities by running

the appropriate Cisco IOS on them. Its important to have a good firewall in place

before implementing a VPN, but a firewall can also be used to terminate the VPN

sessions.

Encryption

Encryption is the process of taking all the data that one computer is sending to

another and encoding it into a form that only the other computer will be able to

decode. Most computer encryption systems belong in one of two categories:

o Symmetric-key encryption

o Public-key encryption

In symmetric-key encryption, each computer has a secret key (code) that it

can use to encrypt a packet of information before it is sent over the network to

another computer. Symmetric-key requires knowledge of which computers will be

talking to each other so the key can be install on each one. It is essentially the same

as a secret code that each of the two computers must know in order to decode the

information. The code provides the key to decoding the message.

Public-key encryption uses a combination of a private key and a public key.

The private key is known only to network admin computer, while the public key is

given by network admin computer to any computer that wants to communicate

securely with it. To decode an encrypted message, a computer must use the public

key, provided by the originating computer, and its own private key. A very popular

public-key encryption utility is called Pretty Good Privacy (PGP), which allows

you to encrypt almost anything.



http://computer.howstuffworks.com/vpn.htm/encryption.htm

http://computer.howstuffworks.com/vpn.htm/framed.htm?parent=vpn.htm&url=http://www.cisco.com/warp/public/cc/pd/rt/1700/index.shtml

http://computer.howstuffworks.com/vpn.htm/firewall.htm


IPSec

Internet Protocol Security Protocol (IPSec) provides enhanced security

features such as better encryption algorithms and more comprehensive authentication.

IPSec has two encryption modes: tunnel and transport. Tunnel encrypts the

header and the payload of each packet while transport only encrypts the payload.

Only systems that are IPSec compliant can take advantage of this protocol. Also, all

devices must use a common key and the firewalls of each network must have very

similar security policies set up. IPSec can encrypt data between various devices, such

as:

o Router to router

o Firewall to router

o PC to router

o PC to server

AAA Server

AAA (authentication, authorization and accounting) servers are used for more

secure access in a remote-access VPN environment. When a request to establish a

session c omes in from a dial-up client, the request is proxied to the AAA server.

AAA then checks the following:

o Authentication

o Authorization

o Aaccounting

The accounting information is especially useful for tracking client use for

security auditing, billing or reporting purposes.




VPN TECHNOLOGIES

Depending on the type of VPN (remote-access or site-to-site), certain components

needed to build the network are:

Desktop software client for each remote user

Dedicated hardware such as a VPN concentrator or secure PIX firewall

Dedicated VPN server for dial-up services

NAS (network access server) used by service provider for remote-user VPN

access

VPN network and policy-management center

Because there is no widely accepted standard for implementing a VPN, many

companies have developed turn-key solutions on their own.

Tunneling

Most VPNs rely on tunneling to create a private network that reaches across the

Internet. It is the process of placing an entire packet within another packet and

sending it over a network. The protocol of the outer packet is understood by the

network and both points, called tunnel interfaces, where the packet enters and

exits the network. Tunneling requires three different protocols:

o Carrier protocol - The protocol used by the network that the information

is traveling over

o Encapsulating protocol - The protocol (GRE, IPSec, L2F, PPTP, L2TP)

that is wrapped around the original data

o Passenger protocol - The original data (IPX, NetBeui, IP) being carried

Tunneling has amazing implications for VPNs. For example, network admin can

place a packet that uses a protocol not supported on the Internet (such as NetBeui)

inside an IP packet and send it safely over the Internet or put a packet that uses a

private (non-routable) IP address inside a packet that uses aglobally unique IP

address to extend a private network over the Internet.



http://computer.howstuffworks.com/vpn.htm/web-server4.htm

http://computer.howstuffworks.com/vpn.htm/web-server4.htm


http://computer.howstuffworks.com/vpn.htm/modem.htm



Tunneling: Site-to-Site

In a site-to-site VPN, GRE (generic routing encapsulation) is normally the

encapsulating protocol that provides the framework for how to package the

passenger protocol for transport over the carrier protocol, which is typically IP-

based. This includes information on what type of packet that encapsulating and

information about the connection between the client and server. Instead of GRE,

IPSec in tunnel mode is sometimes used as the encapsulating protocol. IPSec

works well on both remote-access and site-to-site VPNs. IPSec must be supported

at both tunnel interfaces to use.

Tunneling: Remote-Access

In a remote-access VPN, tunneling normally takes place using PPP. Part of the

TCP/IP stack, PPP is the carrier for other IP protocols when communicating over

the network between the host computer and a remote system. Remote-access VPN

tunneling relies on PPP. Each of the protocols listed below were built using the

basic structure of PPP and are used by remote-access VPNs.

o L2F (Layer 2 Forwarding) - Developed by Cisco, L2F will use any

authentication scheme supported by PPP.

o PPTP (Point-to-Point Tunneling Protocol) - PPTP was created by the

PPTP Forum, a consortium which includes US Robotics, Microsoft,

3COM, Ascend and ECI Telematics. PPTP supports 40-bit and 128-bit

encryption and will use any authentication scheme supported by PPP.

o L2TP (Layer 2 Tunneling Protocol) - L2TP is the product of a partnership

between the members of the PPTP Forum, Cisco and the IETF (Internet

Engineering Task Force). Combining features of both PPTP and L2F,

L2TP also fully supports IPSec.

L2TP can be used as a tunneling protocol for site-to-site VPNs as well as remote-

access VPNs. In fact, L2TP can create a tunnel between:

o Client and router

o NAS and router



http://computer.howstuffworks.com/vpn.htm/framed.htm?parent=vpn.htm&url=http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci214311,00.html


o Router and router

VPN Components

VPN Concentrator

Incorporating the most advanced encryption and authentication techniques

available, Cisco VPN concentrators are built specifically for creating a remote-

access VPN. Its provide high availability, high performance and scalability and

include components, called scalable encryption processing (SEP) modules, that

enable users to easily increase capacity and throughput. The concentrators are

offered in models suitable for everything from small businesses with up to 100

remote-access users to large organizations with up to 10,000 simultaneous remote

users.

Figure 2: Cisco VPN 3000 Concentrator




VPN-Optimized Router

Cisco's VPN-optimized routers provide scalability, routing, security and

QoS (quality of se rvice). Based on the Cisco IOS (Internet Operating System)

software, there is a router suitable for every situation, from small-office/home-

office (SOHO) access through central-site VPN aggregation, to large-scale

enterprise needs.

Figure 3: Cisco 1750 Modular Access Router

Cisco Secure PIX Firewall

An amazing piece of technology, the PIX (private Internet exchange)

firewall combines dynamic network address translation, proxy server, packet

filtration, firewall and VPN capabilities in a single piece of hardware.

Figure 4: The Cisco PIX Firewall

Instead of using Cisco IOS, this device has a highly streamlined OS that

trades the ability to handle a variety of protocols for extreme robustness and

performance by focusing on IP.






http://computer.howstuffworks.com/vpn.htm/firewall4.htm

http://computer.howstuffworks.com/vpn.htm/nat.htm


VPN ADVANTAGES AND DISADVANTAGES

Advantages of VPN

LOW COST

One way a VPN lowers costs is by eliminating the need for expensive

long-distance leased lines. With VPNs, an organization needs only a relatively

short dedicated connection to the service provider. This connection could be a

local leased line or it could be a local broadband connection such as DSL

service.

A third, more subtle way that VPNs may lower costs is through

offloading of the support burden. With VPNs, the service provider rather than

the organization must support dial-up access for example. Service providers

can in theory charge much less for their support than it costs a company

internally because the public provider's cost is shared amongst potentially

thousands of customers.

SCALABILITY

The cost to an organization of traditional leased lines may be

reasonable at first but can increase exponentially as the organization grows. A

company with two branch offices, for example, can deploy just one dedicated

line to connect the two locations. If a third branch office needs to come online,

just two additional lines will be required to directly connect that location to

the other two.

However, as an organization grows and more companies must be

added to the network, the number of leased lines required increases

dramatically. Four branch offices require six lines for full connectivity, five

offices require ten lines, and so on.

Mathematicians call this phenomenon a combinatorial explosion, and

in a traditional WAN this explosion limits the flexibility for growth. VPNs




that utilize the Internet avoid this problem by simply tapping into the

geographically-distributed access already available.

Disadvantages of VPN

VPNs require an in-depth understanding of public network security issues

and proper deployment of precautions.

The availability and performance of an organization's wide-area VPN

(over the Internet in particular) depends on factors largely outside of their

control.

VPN technologies from different vendors may not work well together due

to immature standards.




CHAPTER SUMMARY

In chapter 3, the discussion tells about the technology that Kamdar is currently

having. Based on the interview session Kamdar says that they would like to try a new

implementation of VPN. And as a try out, a Site-to-site Internal VPN will be a great to

measure how it will be use by company and the effects of this technology to company

environment and profits.

Hereby, Kamdar will be using a few VPN devices such as Concentrator, Firewall

and most importantly VPN Router after considering the advantages and disadvantages of

the technology.




CHAPTER 4:

NETWORK COSTING




VPN CONCENTRATOR

Cisco VPN 3000 Series Concentrators can provide KAMDAR with unprecedented

cost savings through flexible, reliable, and high-performance remote-access solutions.

The Cisco VPN 3000 Series offers solutions for the most diverse remote-access

deployments by offering both IP Security (IPsec) and Secure Sockets Layer (SSL) VPN

connectivity on a single platform.

New features in Cisco VPN 3000 Series Concentrator Software v4.7 deliver

extensive application access, industry-leading endpoint security, data integrity protection,

infrastructure access, and network compliance validation controls. Benefits of the Cisco

VPN 3000 Series include:

Advanced endpoint security: Cisco Secure Desktop offers preconnection

security posture assessment and seeks to minimize the data left behind after an

SSL VPN session terminates.

Broad application support for SSL VPN: The Cisco VPN 3000 Series

Concentrator platform offers extensive application support through its

dynamically downloaded SSL VPN client for WebVPN, enabling network-layer

connectivity to virtually any application.

Posture assessment, policy enforcement, and remediation: IPsec-enabled

network admission control (NAC) uses the network infrastructure to enforce

security policy compliance on all devices seeking to access network computing

resources.

Ease of deployment with zero-touch remote endpoint

management: Integrated Web-based management on Cisco VPN 3000 Series

Concentrators provides a simple, easy-to-manage interface to configure and

monitor all remote-access users.

Cisco VPN Client software is provided with all the Cisco VPN 3000 Series

models and includes unlimited distribution licensing. Cisco WebVPN, also provided with

no additional licensing fees, enables full network access to virtually any application.




Cisco VPN 3000 Series Concentrators are available in both nonredundant and

redundant configurations, allowing users to build the most robust, reliable, and cost-

effective networks possible.

Technical Specification

Hardware

Processor Motorola PowerPC processor

Memory • Redundant system images (Flash)• Variable memory options (Figure 6)

Encryption • Cisco VPN 3005, 3015: Software• Cisco VPN 3020, 3030, 3060, and 3080: Hardware

Embedded LAN Interfaces

• Cisco VPN 3005: Two autosensing, full-duplex 10/100BASE-TX Fast Ethernet (public/untrusted, private/trusted)

• Cisco VPN 3015, 3020, 3030, 3060, and 3080: Three autosensing, full-duplex 10/100BASE-TX Fast Ethernet (public/untrusted, private/trusted, and DMZ)

Instrumentation • Cisco VPN 3005: Unit status indicator (front panel); status LEDs for Ethernet ports (rear panel)

• Cisco VPN 3015, 3020, 3030, 3060, and 3080: Status LEDs for system, expansion modules, power supplies, Ethernet modules, and fan (front panel); status LEDs for Ethernet modules, expansion modules, and power supplies (rear panel)

• Cisco VPN 3015, 3020, 3030, 3060, and 3080: Activity monitor displays the number of sessions, aggregate throughput, or CPU utilization, and is push-button selectable

Software

Client Software Compatibility

• Cisco SSL VPN Client for network-layer connectivity using an SSL-capable Web browser on remote system

• Cisco IPsec VPN Client for Windows 98, ME, NT




4.0, 2000, and XP; Linux (Intel); Solaris (UltraSparc 32- and 64-bit); and Mac OS X 10.2, 10.3, and 10.4, including centralized split-tunneling control and data compression

• Microsoft PPTP, Microsoft Point-to-Point Encryption (MPPE), and Microsoft Point-to-Point Compression (MPPC); Microsoft Challenge Handshake Authentication Protocol (MSCHAP) v1 and v2; and Extensible Authentication Protocol (EAP) and RADIUS passthrough for EAP-Transport Layer Security (EAP-TLS) and EAP-Generic Token Card (EAP-GTC) support

• Microsoft L2TP and IPsec for Windows 2000 and XP, including Windows XP Dynamic Host Control Protocol (DHCP) option for route population

• Microsoft L2TP and IPsec for Windows 98, ME, and NT Workstation 4.0

Tunneling Protocols • Cisco SSL VPN (HTTPS/SSL-based)• IPsec, PPTP, L2TP, L2TP/IPsec, NAT Transparent IPsec, Ratified IPsec/UDP (with autodetection and fragmentation avoidance), IPsec/TCP

• Support for Cisco EasyVPN (client and network extension mode)

Encryption/Authentication

• IPsec Encapsulating Security Payload (ESP) using DES/3DES (56/168-bit) or AES (128/192/256-bit) with Message Digest Algorithm 5 (MD5) or Secure Hashing Algorithm (SHA); or MPPE using 40/128-bit RC4

Key Management • Internet Key Exchange (IKE)• Diffie-Hellman (DH) groups 1, 2, 5, and 7 (ECDH)

• RSA certificates (SSL and IPsec)

Routing • Routing Initiation Protocol (RIP), RIPv2, Open Shortest Path First (OSPF), Reverse Route Injection (RRI), static routing, automatic endpoint discovery, NAT, and Classless Interdomain Routing (CIDR)

• IPsec fragmentation policy control, including support for Path Maximum Transmission Unit (MTU) Discovery (PMTUD)

• Interface MTU control




Third-Party Compatibility

iPass Ready, Funk Steel-Belted RADIUS, Microsoft Internet Explorer, Netscape Communicator, Entrust, Baltimore, and SA Keon

High Availability • Virtual Router Redundancy Protocol (VRRP) for multichassis redundancy and multichassis failover

• Remote-access load-balancing clusters supporting both SSL and IPsec connections

• Destination pooling for client-based failover, re-establishment, and connection re-establishment

• Redundant SEP modules (optional), power supplies, and fans (Cisco VPN 3015, 3020, 3030, 3060, and 3080 models)

Management

Configuration • Embedded management interface is accessible through console port, Telnet, SSHv1, and HTTPS

• Administrator access is configurable for five levels of authorization; authentication can be performed externally through TACACS+

• Role-based management policy separates functions for service provider and end-user management

• Monitoring• Event logging and notification through e-mail (SMTP)

• Automatic FTP backup of event logs• Simple Network Management Protocol (SNMP) MIB-II support

• Configurable SNMP traps• Syslog output• System status• Session data (including client assign IP, encryption type connection duration, client OS, and client version)

• General statistics

Security

Authentication and Accounting Servers

• Support for redundant external authentication servers, including:- RADIUS- Kerberos/Active Directory authentication




- Microsoft NT Domain authentication- Microsoft NT Domain authentication with password expiration (MSCHAPv2); IPsec only

RSA Security Dynamics (SecurID Ready), Including Native Support for RSA 5 (Load Balancing, Resiliency)

• User authorization through Lightweight Directory Access Protocol (LDAP) or RADIUS

• Internal authentication server for up to 100 users• X.509v3 digital certificates, including certificate revocation list (CRL)/LDAP and CRL/HTTP, CRL caching, and backup CRL distribution point support

• RADIUS accounting• TACACS+ administrative user authentication

Internet-Based Packet Filtering

• Source and destination IP address• Port and protocol type• Fragment protection• FTP session filtering• Site-to-site filters and NAT (for overlapping address space)

Policy Management • By individual user or group- Filter profiles (defined internally or externally)- Idle and maximum session timeouts- Time and day access control- Tunneling protocol and security authorization profiles- IP pool and servers- Authentication pool and servers

Certification Federal Information Processing Standards (FIPS) 140-2 Level 2 (3.6), FIPS 140-1 Level 2 (3.1), and VPNC

Model and Price

CISCO CVPN 3005-E/FE VPN 3000 Concentrator 64Mb v4.7

Key Features

Type: Concentrator

Data Transfer Rate: 100 Mbps

Connectivity: Cable

Platform: PC




Price: RM 291.60

Figure 5: CISCO CVPN 3005-E/FE VPN 3000 Concentrator 64Mb v4.7

VPN OPTIMIZED ROUTER

VPN Router that suggested to Kamdar will be Cisco 1750 Access Router. The

Cisco 1750 access router delivers these capabilities with the power of Cisco

IOS® software in a modular integrated access solution. The Cisco 1750 provides a cost-

effective solution to support applications, including:

Secure Internet, intranet, and extranet access with optional firewall

Multiservice voice/fax/data integration

VPN access

Broadband DSL and cable connectivity

The Cisco 1750 features a modular architecture that enables users to cost-

effectively upgrade or add WAN and voice interfaces to accommodate changing

requirements and growth. Integrated network services and functions, including an

optional firewall, CSU/DSU, and VPN features, reduce the complexity of deploying and

managing branch office solutions. Most important, the Cisco 1750 offers investment

protection with a RISC architecture and features to support new technologies and

applications, including voice/fax/data integration and VPNs, when users are ready to

deploy them.

The Cisco 1750 is available in three models that enable users to easily tailor an

access solution to suit their branch office requirements today and in the future:

Cisco 1750—The most basic model available, this unit provides everything a small

branch office needs for data networking now, with a simple upgrade path to support




integrated voice/fax/data applications when needed. A convenient voice upgrade kit is

available to provide voice/fax/data support as needed.

Cisco 1750-2V Multiservice model—This model includes all the features,

memory, and DSP needed for immediate support of integrated voice/fax/data

applications with up to two analog voice ports. Voice and WAN interface cards

are available separately.

Cisco 1750-4V Multiservice model—This model includes all the features,

memory, and DSPs needed to support integrated multiservice voice/fax/data

applications immediately with up to four analog voice ports. Voice and WAN

interface cards are available separately.

Since all Cisco 1750 models offer three modular slots for voice and data interface

cards, an autosensing 10/100BaseT Ethernet LAN port, a console port, and an auxiliary

port. The Cisco 1750 supports the same WAN interface cards as the Cisco 1600, 1720,

2600, and 3600 routers, and the same analog voice interface cards and voice-over-IP

technology as the Cisco 2600 and 3600 routers, simplifying spanning support

requirements. The WAN interface cards support a wide range of services, including

synchronous and asynchronous serial, Integrated Services Digital Network Basic Rate

Interface (ISDN BRI), and serial with DSU/CSU options for primary and backup WAN

connectivity. The voice interface cards include support for Foreign Exchange Office

(FXO), Foreign Exchange Station (FXS), and Ear & Mouth (E&M). Combined, these

interfaces support a comprehensive set of applications, including multiservice

voice/fax/data integration, Frame Relay, ISDN BRI, SMDS, X.25, broadband DSL and

cable services, VPNs, and more.

Advantages

The Cisco 1700 series supports the value of end-to-end Cisco network

solutions with the following benefits:




Flexibility—The modular Cisco 1750 adapts easily to fit the needs of

businesses. Interchangeable WAN interface cards enable easy additions or

changes in WAN technologies without requiring a forklift upgrade of the

entire platform. Modular data and voice slots enable users to tailor data and

voice services as needed. With the ability to use the same field-upgradable

WAN and voice interface cards across multiple Cisco access router platforms,

the Cisco 1750 reduces requirements for spare parts inventory and support

training. In addition, the autosensing 10/100BaseT Fast Ethernet port enables

easy migration to high-speed local networks.

Multiservice Access—For businesses that have data networking needs today

and want to integrate multiservice data/voice/video/fax capabilities now or in

the future, the Cisco 1750 offers a flexible, cost-effective answer. The Cisco

1750 enables network managers to save on long-distance interoffice

billing costs and interoperates with next-generation voice-enabled applications

such as integrated messaging and Web-based call centers. The Cisco 1750

works with the existing telephone infrastructure—phones, fax machines, key

telephone systems (KTS) units, and PBX—minimizing capital costs.

Lower Cost of Ownership—The Cisco 1750 router provides a complete

solution for integrated voice and data access in a single product, eliminating

the need to install and maintain a large number of separate devices. You can

combine optional functions, including a voice gateway, dynamic firewall,

VPN tunnel server, DSU/CSU, ISDN network termination-1 (NT1) device,

and more to reduce deployment and management costs. This solution can be

managed remotely using network management applications such as

CiscoWorks and CiscoView or any SNMP-based management tool.

Investment Protection—The Cisco 1750 RISC architecture, Cisco IOS

software, and modular slots provide solid investment protection to companies

that want a platform that offers data connectivity today and an easy migration

path to implement services such as multiservice data/voice/video integration,

VPNs, and broadband DSL and cable communications in the near future. A




slot on the 1700 series motherboard offers the ability to support future

hardware-assisted data encryption at T1/E1 speeds.




Security

Cisco IOS software supports an extensive set of basic and advanced

network security features, including access control lists (ACLs), user

authentication, authorization, and accounting (such as PAP/CHAP, TACACS+, and

RADIUS), and data encryption. To increase security, the integrated Cisco IOS

Firewall Feature Set protects internal LANs from attacks with context-based access

control (CBAC), while IPSec tunneling with data encryption standard (DES) and

triple DES encryption provide standards-based data privacy, integrity, and

authenticity as data travels through a public network.

For remote access VPNs, Layer 2 Forwarding (L2F) and Layer 2 Tunneling

Protocol (L2TP) combine with IPSec encryption to provide a secure multiprotocol

solution (for IP, IPX, and AppleTalk traffic, and more). Mobile users can dial in to

a service provider's local point of presence (POP) and data is "tunneled" (or

encapsulated inside a second protocol such as IPSec or L2TP) back to the Cisco

1750 router to securely access the corporate network via the Internet.




4.1.1 Specification

4.1.2 Model and Price

CISCO 1750-RF Router

Price: RM 179.80

Figure 6: CISCO 1750-RF Router




PIX FIREWALL

Cisco PIX Security Appliance customers are encouraged to migrate to Cisco ASA

5500 Series Adaptive Security Appliances. Built on the same software foundation as

Cisco PIX Security Appliances, the Cisco ASA 5500 Series offers more robust firewall

and IPsec VPN capabilities, as well as many additional benefits, including:

Significantly better performance and scalability

Secure Sockets Layer (SSL) VPN support (including clientless, portal-based

remote access)

Advanced Unified Communications (voice/video) security

A modular design that allows you to add features such as intrusion prevention

(IPS), anti-virus, anti-spam, anti-phishing, and URL filtering.

Migration to the Cisco ASA 5500 Series is straightforward. Customers can take

advantage of their knowledge and investment in Cisco PIX Security Appliances, because

there are essentially no changes in user interface, operations, or training.

Get additional information about the Cisco PIX Security Appliances end-of-sale

announcement.

Deploy Comprehensive Network Security

Cisco adaptive security appliances integrate industry-leading

firewalls, unified communications security , VPN technology,intrusion prevention,

and content security in a unified platform to:

Stop attacks before they penetrate the network perimeter

Protect resources and data, as well as voice, video, and multimedia traffic

Control network and application activity

Reduce deployment and operational costs

Cisco ASA 5500 Series Adaptive Security Appliances also provide:

Adaptable architecture for rapid and customized security services

deployment



http://www.cisco.com/en/US/prod/vpndevc/ps6032/ps6094/ps6120/asa_css.html

http://www.cisco.com/en/US/netsol/ns785/networking_solutions_package.html

http://www.cisco.com/en/US/prod/vpndevc/ps6032/ps6094/ps6120/asa_ssl.html

http://www.cisco.com/en/US/prod/vpndevc/ps6032/ps6094/ps6120/asa_uc.html

http://www.cisco.com/en/US/prod/vpndevc/ps6032/ps6094/ps6120/asa_firewall.html

http://www.cisco.com/go/pixeos

http://www.cisco.com/go/pixeos

http://www.cisco.com/go/asa

http://www.cisco.com/go/asa


Advanced intrusion prevention services that defend against a broad range

of threats

Highly secure remote access and unified communications to enhance

mobility, collaboration, and productivity

4.1.3 Technical Specification

VPN Client Compatibility

Cisco PIX Firewalls support a wide variety of software- and hardware-

based VPN clients, which include the following:

Software IPSec VPN clients Cisco Secure VPN Client, Version 1.1

Cisco VPN 3000 Concentrator Client,

Version 2.5 and later

Cisco VPN Client for Windows, Version

3.0 and later

Cisco VPN Client for Linux, Version 3.5

and later

Cisco VPN Client for Solaris, Version

3.5 and later

Cisco VPN Client for Mac OS X,

Version 3.5 and later

Hardware IPSec VPN

clients

Cisco VPN 3002 Hardware Client,

Version 3.0 and higher

Cisco IOS Software Easy VPN Remote,

Release 12.2(8)YJ

Cisco PIX Firewall, Version 6.2 and

higher




Layer 2 Tunneling Protocol (L2TP)/IPSecVPN clients

Microsoft Windows 2000

Point-to-Point Tunneling Protocol (PPTP)VPN clients

Microsoft Windows 95Microsoft Windows 98Microsoft Windows NT 4.0

Microsoft Windows 2000

Easy VPN Server Compatibility

Cisco PIX Firewalls can now act as hardware-based VPN clients, taking

advantage of the new Cisco Easy VPN Remote capabilities in Cisco PIX Firewall

Software. The following Cisco Easy VPN Server platforms are supported for this

deployment scenario:

Cisco Site-to-Site VPN Compatibility

In addition to providing interoperability for many third-party VPN products,

Cisco PIX Firewalls interoperate with the following Cisco VPN products for site-

to-site VPN connectivity:




4.1.4 System Requirements

Model and Price

CISCO PIX 506E (PIX-506E) Firewall

Key Features

Connectivity: Wired

Firewall Features: Stateful Packet Inspection (SPI) DoS Prevention

Intrusion Prevention Content Filtering URL Filtering

NAT Support: Static Dynamic Policy based PAT

Price: RM 647.80

Figure 7: PIX-506E Firewall




NETWORK COSTING

To sum all up of the three additional VPN devices into Kamdar network system:

Device Cost Available at

CISCO CVPN 3005-

E/FE VPN 3000

Concentrator 64Mb

v4.7

RM 291.60 http://cgi.ebay.com.my/ws/eBayISAPI.dll?

ViewItem&item=390152358154

CISCO 1750-RF

Router

RM 179.80 http://www.shopping.com/xPO-Cisco-1750-

CISCO1750-RF

CISCO PIX 506E

(PIX-506E) Firewall

RM 647.80 http://www3.shopping.com/xPO-Cisco-PIX-

Firewall-506E-PIX-506E

TOTAL: RM 1119.20

So the total cost of developing new VPN connection for Kamdar will be RM 1119.20.



http://www3.shopping.com/xPO-Cisco-PIX-Firewall-506E-PIX-506E

http://www3.shopping.com/xPO-Cisco-PIX-Firewall-506E-PIX-506E

http://www.shopping.com/xPO-Cisco-1750-CISCO1750-RF

http://www.shopping.com/xPO-Cisco-1750-CISCO1750-RF

http://cgi.ebay.com.my/ws/eBayISAPI.dll?ViewItem&item=390152358154

http://cgi.ebay.com.my/ws/eBayISAPI.dll?ViewItem&item=390152358154


CHAPTER SUMMARY

Chapter 4 discussed about the proposed devices that important to realize VPN

networking for Kamdar.

As the usage of Cisco VPN 3005-E/FE concentrator proposed because it offers

best-in-class remote-access VPN devices that provide businesses with unprecedented cost

savings through flexible, reliable, and high-performance remote-access solutions. The

Cisco VPN 3015 offers solutions for the most diverse remote-access deployments by

offering both IP Security (IPSec) and Secure Sockets Layer (SSL)-based VPN

connectivity on a single platform.

The Cisco 1750 modular access router is the single solution for giving

small/medium-sized businesses and enterprise small branch offices robust WAN data

connections today. Most important, the Cisco 1750 offers investment protection with a

RISC architecture and features to support new technologies and applications, including

data/voice/fax integration, and VPNs, when Kamdar are ready to deploy them. The Cisco

1750 delivers routing capabilities with the power of Cisco IOS software in a modular

integrated access solution. The Cisco 1750 provides a cost-effective solution to support

applications, including: secure Internet, intranet, and extranet access with optional

firewall; multiservice data/voice/fax integration; VPN access; broadband access. The

Cisco 1750 features a modular architecture that enables users to cost-effectively upgrade

or add WAN and voice interfaces to accommodate changing requirements and growth.

While to secure this VPN connection, the Cisco PIX 506E Firewall are proposed.

It is an enhanced version of the widely popular Cisco PIX 506 Firewall, delivers

enterprise-class security for remote office/branch office environments in a robust, reliable

appliance. Ideal for securing Internet connections for remote/branch offices, the Cisco

PIX 506E Firewall, provides a wide range of rich security capabilities and powerful

remote management capabilities in a cost-effective, high-performance solution. The PIX

506E also delivers improved 3DES VPN performance, with up to 70% more performance

than the PIX 506, when using certain applications. Kamdar can take advantage of their

knowledge and investment in Cisco PIX Security Appliances, because there are

essentially no changes in user interface, operations, or training.




CHAPTER 5:

TESTING AND IMPLEMENTATION




EXISTING NETWORK

Figure 8: Existing Kamdar Network

Figure 8 above shows the existing implementation of the Kamdar which is

with switch, HP ProLiant DL120 G6, VDSL, PANEAGLE, and Internet. The

switch with 5 Mbps is the main connection to the current server while the switch

with 1 Mbps is just the backup for the switch of 5 Mbps. Now the focus is the

Fortigate-310B. As proposed to the network, VPN connection will be added to

this network system.




IMPLEMENTATION OF THE NETWORK

To implement the new network by using the proposed design, several new devices

are needed.

Figure 9: Proposed new network for Kamdar

CISCO CVPN 3005-E/FE Concentrator

Before You Begin

Save the current VPN 3005 configuration file and copy it to a remote system

before you proceed. See the Administration | File Management | TFTP Transfer

screen in the VPN Concentrator Manager.




Caution!

The VPN Concentrator and the battery contain electronic components that are

sensitive to electrostatic discharge (ESD). Improper handling could damage

components. Leave the battery in its protective ESD-shielded envelope until

instructed to remove it, and handle it only as instructed. If you have reservations

about installing the battery, ask for assistance from a qualified technician.

Parts Cisco Supplies

The battery upgrade kit includes these parts:

New battery—M4T28 part number prefix.

Disposable wrist strap ESD protection kit.

Documentation.

Tools You Need

No. 2 Phillips screwdriver.

Shutting Down and Powering Off

Shut down and power off the VPN 3005 Concentrator or VPN 3002 Hardware

Client before you install the module.

Step 1 Using the VPN Concentrator Manager, shut down the VPN 3005/3002

(see the Administration | System Reboot screen).

Step 2 Turn power off: press O on the power switch on the rear of the chassis.

Step 3 Disconnect power cord from the system and the power outlet.

Step 4 Disconnect all network cables and the console cable.




Warning!

Hazardous voltages and the risk of electrical shock may be present inside the

VPN Concentrator chassis. Always disconnect the power cord before

removing the chassis cover. Never operate the VPN Concentrator with the

cover removed.

CISCO 1750-RF Router

To configure a Cisco 1700 using the Ethernet WAN Interface Card (WIC-

1ENET) to act as a Point-to-Point Protocol over Ethernet (PPPoE) client with

Network Address Translation (NAT).

Components Used

The information in this document is based on these software and hardware

versions:

Cisco IOS® Software Release 12.1(3) XT1 or later to support the Cisco

1700 WIC-1ENET.

For this sample configuration, the Cisco 6400 Universal Access

Concentrator-Node Route Processor (UAC-NRP) was running Cisco IOS

Software Release 12.1(3)DC1.

To support PPPoE, you must have the ADSL+PLUS feature set. The ADSL-only

feature set does not support PPPoE on the Cisco 1700.

The information in this document was created from the devices in a specific lab

environment. All of the devices used in this document started with a cleared

(default) configuration. If your network is live, make sure that you understand the

potential impact of any command.




Background Theory

The WIC-1ENET is a 10BASE-T card developed for the Cisco 1700 series

routers. The WIC-1ENET provides a second Ethernet interface for the Cisco

1700, which helps to use the rich functionality of Cisco IOS Software with any

Digital Subscriber Line (DSL) or Cable modem.

The PPPoE client feature allows the PPPoE functionality to be moved to the

router. Multiple PCs can be installed behind the Cisco 1700 Fast Ethernet

interface and, before their traffic is sent to the PPPoE session, it can be encrypted,

filtered, and so on, and NAT can run. Running PPPoE on the router removes the

need of using PPPoE client software on the PCs.

Processor Requirements

Revision B5 of the MPC 860 Microprocessor is required. This processor is used

in all Cisco 1700 series routers shipped after November 21, 1999. Cisco 1700

serial numbers starting with JAB0347XXXX have been manufactured with the

Model MPC860 revision B5 microprocessor.

The date code is built into the serial number. The format is LLLYYWWSSSS,

where:

LLL is the location at which the unit was built.

YY is the year that the unit was built (1997=01, 1998=02, 1999=03,

2000=04).

WW is the work week of the year that the unit was built.

SSSS is the serial number.

The processor version information is displayed at bootup. You can also verify the

processor revision by issuing the show version command at the Router# prompt.

Memory Requirements

To run Cisco 1700 IOS images that support the Cisco WIC-1ENET, the router

must have a minimum amount of Flash memory and DRAM.




WIC-1ENET Restrictions and Unsupported Features

WIC-1ENET is not supported in platforms other than the Cisco 1700.

Only a twisted pair RJ-45 connection is supported; there is no attachment

unit interface (AUI) or BNC interface support.

There is no Auto Negotiation (Auto Sensing) between half-duplex and

full-duplex modes.

WIC-1ENET cannot be used for TFTP file downloading while the host is

in ROMMON.

WIC-1ENET is not recognized by the Cisco 1700 when it is in ROMMON

mode.

Current Cisco IOS Software supports the WIC-1ENET only in Slot 0 of a

Cisco 1700.

Configure

In this section, you are presented with the information to configure the features

described in this document.

The PPPoE client is configured on the Cisco 1700 with the virtual private dial-up

network (VPDN) commands. (VPDN commands are not needed for Cisco IOS

Software Release 12.2(13)T or later.) Make sure that you configure these

commands first.

CISCO PIX 506E Firewall

The following sections in the Installation Guide for Cisco Secure PIX

Firewall Version 5.2 are supported on a certified PIX Firewall and should be

followed when installing the certified PIX Firewall:

Introduction, including safety recommendations, maintaining safety with

electricity, and general site requirements in Chapter 1, "Introduction"

Installation Overview and Installing a PIX 515, PIX 520, and PIX 525

models and Hardware and Software requirements for version 5.2 in

Chapter 2, "Installing a PIX Firewall"

Installing the PIX Firewall Syslog Server (PFSS) in Chapter 4, "Installing

the PIX Firewall Syslog Server (PFSS)"




Opening a PIX Firewall Chassis for PIX 515, PIX 520, and PIX 525

models in Chapter 5, "Opening a PIX Firewall Chassis"

Installing a Memory Upgrade for PIX 515, PIX 520, and PIX 525 models

in Chapter 6, "Installing a Memory Upgrade"

Installing a Circuit Board for PIX 515, PIX 520, and PIX 525 models in

Chapter 7, "Installing a Circuit Board"

Installing a DC Voltage PIX 515 and PIX 520 in Chapter 8, "Installing a

DC Voltage PIX 515 or PIX 520"

The following sections in the Installation Guide for Cisco Secure PIX

Firewall Version 5.2 are not supported on the certified configuration of the PIX

Firewall. The features covered by these sections are outside the scope of the

evaluated PIX Firewall and should not be installed:

Installing Failover in Chapter 3, "Installing Failover"

Installing a Private Link VPN board in Chapter 7, "Installing a Circuit

Board"

Installing the PIX Firewall Setup Wizard in Chapter 9, "Installing the PIX

Firewall Setup Wizard"




CHAPTER SUMMARY

As summary of the chapter, the implementation of VPN connection to company is

not costly and can bring many benefits to company. The additional VPN will not

interrupt the existing Kamdar network system but it will improve the company’s network

efficiency.

After company decided to implement an appliance-based dedicated VPN solution

with a low-end VPN concentrator, a Cisco 3005 VPN concentrator. The Cisco VPN

Concentrator collects all the traffic, from different centers over the Internet to the central

Kamdar operating center. The partners' users are bound by a stringent enterprise-wide

security policy implemented by Kamdar which pre-defines the level of access and

services available to users on Kamdar’s network. The VPN concentrator is at Kamdar

corporate office where the company's SAP servers are also hosted. The 2 Mbps pipe at

the corporate office has 80 percent utilization at present. No QoS tools are in use on the

VPN setup. There is some in-built redundancy in the VPN concentrator.

At the client end, many locations have more than one phone connection or

Internet account. At places where wired telephone links are not stable, Wireless in Local

Loop (WLL) links are used to connect to the local ISP. These links have been deployed

by Kamdar and provide 9.6 or 14.4 Kbps bandwidth.




CHAPTER 6:

NETWORKING GUIDELINES




HP PROLIANT DL120 G6 SERVER

Figure 10: HP Proliant DL120 G6 Server

Right Sized, Right Priced Solution

• An array of 4 core Intel® Xeon® processors and dual core Pentium® and Core i-3

processors, enable you to pick the right processor based on workload requirements

• Support for large form factor SATA and SAS hard disk drives provides both low-cost,

high-capacity drives and high performance, high reliability drives

• Integrated SATA RAID 0/1 and an array of SAS HBAs and Smart Array Controllers

• Affordable performance for scale-out applications

• Provides essential features for computing needs

Easy-To-Own and Manage

• Easy-access, rack-optimized 1U chassis for fast deployment and efficient maintenance

• Offers the control to respond quickly to server issues wherever they occur

• Browser and command line interface access

• Essential, integrated entry-level remote management at an affordable price

Service and Support

• Upholds HP's reputation of dependability, by conducting some of the most rigorous and

thorough testing in the industry

• Full range of service and support for every budget including startup, installation,




extended warranty, network planning, software updates and others

• Access to HP helpdesks and service professionals for around the clock support

Table 1: Technical Specification of HP PROLIANT DL120 G6 SERVER

DEBUGGING THE PPPOE SERVER

Configuration on server are stressed on PPPOE server configuration for VPN at:

Layer 4 - PPP layer

Layer 3 - Ethernet layer

Layer 2 - ATM layer




Layer 1 - DSL physical layer




CONFIGURATION VPN 1750-RF ROUTER ON HP

PROLIANT DL120 G6 SERVER

! vpdn enable no vpdn logging! vpdn-group pppoe request-dialin

!--- The PPPoE client requests to establish !--- a session with the aggregation unit (6400 NRP).!--- These VPDN commands are not needed with !--- Cisco IOS Software Release 12.2(13)T or later.

protocol pppoe ! int Dialer1 ip address negotiated encapsulation ppp ip mtu 1492

!--- The Ethernet MTU is 1500 by default !--- (1492 + PPPoE headers = 1500).

ip nat outside dialer pool 1

!--- This ties to interface Ethernet0.

dialer-group 1 ppp authentication chap callin ppp chap hostname <username>ppp chap password <password>!

!--- The ISP instructs you regarding !--- the type of authentication to use.!--- To change from PPP Challenge Handshake Authentication !--- Protocol(CHAP) to PPP Password Authentication Protocol (PAP),!--- replace these three lines:!--- ppp authentication chap callin!--- ppp chap hostname !--- ppp chap password




!--- with these two lines:!--- ppp authentication pap callin.

ppp pap sent-username <username> password <password>

!dialer-list 1 protocol ip permit!

!--- This is the internal Ethernet network.

interface FastEthernet0 ip address 10.0.0.1 255.255.255.0 ip nat inside!interface Ethernet0 pppoe enable pppoe-client dial-pool-number 1

!--- The PPPoE client code ties into a dialer !--- interface upon which a virtual-access !--- interface is cloned.

!

!--- For NAT, you overload on the !--- Dialer1 interface and add a default route!--- out of the Dialer1 interface because!--- the IP address can change.

ip nat inside source list 1 interface Dialer1 overloadip classlessip route 0.0.0.0 0.0.0.0 dialer1no ip http server!dialer-list 1 protocol ip permitaccess-list 1 permit 10.0.0.0 0.0.0.255

!--- This is for NAT.




CHAPTER SUMMARY

To install VPN for Kamdar, the server used by company need basic configuration

that suitable with the server specification. It is because HP Proliant DL120 G6 server s a

usual and easy configured server that widely used so it is suitable to install VPN for

Kamdar. Since Configuration VPN 1750-RF router on HP Proliant DL120 G6 server

stressed on PPPOE configuration for VPN connection, this chapter only state the coding

that suitable to be configure at HP Proliant DL120 G6 server.




CHAPTER 7:

MAINTENANCE




PERFORMING MAINTENANCE

Some maintenance activities may consume a significant portion of the facility

expenses and manpower. Facility maintenance activities generally fall into four

categories: preventive, adaptive, corrective and protective. Each category has particular

costs associated and specific benefits.

Preventive

Preventive maintenance plans designed to keep business running efficiently.

Preventive allows monitoring computers and network hardware and software to help

prevent problems or errors that may cause loss of important data or loss of business.

Adaptive

As users more and more on the network, they become coupled to logical services

and decoupled from physical services. This decoupling means that users do not care

where servers are located, as long as they can get the services they need.

Corrective

Some data changes by the minute while other data can be archived once a year.

Corrective maintenance is probably the most commonly used maintenance approach, but

it is easy to see its limitations. When equipment fails, it often leads to downtime in

production. In most cases this is costly business. Also, if the equipment needs to be

replaced, the cost of replacing it alone can be substantial. It is also important to consider

health, safety and environment (HSE) issues related to malfunctioning equipment.




Protective

UNINTERRUPTIBLE POWER SUPPLY

A UPS differs from an auxiliary or emergency power system or standby generator

in that it will provide instantaneous or near-instantaneous protection from input power

interruptions by means of one or more attached batteries and associated electronic

circuitry for low power users, and or by means of diesel generators and flywheels for

high power users.

With this type of UPS, a user's equipment is normally connected directly to

incoming utility power with the same voltage transient clamping devices used in a

common surge protected plug strip connected across the power line.

BACKUP AND RECOVERY

Media failure can also cause data loss or damage. Media failure can happen when

the media the data files or transaction logs are stored on fail. Most databases will be

stored on computer hard drives or across groups of hard drives on designated servers.

Hard drives are mechanical devices, just like automobiles, and are made up of parts and

pieces that work together

HDD backup may also mean a backup of all data files or just all files from a hard

disk or creating a hard disk image. HDD backup is rather an inefficient method of a

backup, as usually a backup of the whole drive is not required.

5S IMPLEMENTATION METHOD

5S implementation methodology is a system to reduce workplace waste and

optimize productivity by maintaining an orderly workplace. The use of visual reminders

helps to achieve consistent improvements as well. 5S Implementation "cleans up" and

organizes the workplace, without changing its existing configuration, and it is typically

the first lean method which an organization puts into effect.



http://en.wikipedia.org/wiki/Battery_(electricity)

http://en.wikipedia.org/wiki/Standby_generator

http://en.wikipedia.org/wiki/Emergency_power_system


CHAPTER SUMMARY

For the maintenance method the four methods should be concern all over the

system. Each method produces their specific tasks. Preventive is essential to keep

computers, servers and networking equipment running smoothly and reliably. Adaptive is

the ability of the system to support user’s changing needs. Some data changes by the

minute while other data can be archived once a year. Corrective maintenance is probably

the most commonly used maintenance approach, but it is easy to see its limitations.




CHAPTER 8:

REVIEW AND EVALUATION




BACKUP AND RECOVERY

Backups are useful primarily for two purposes. The first is to restore a state

following a disaster (called disaster recovery). The second is to restore small numbers of

files after they have been accidentally deleted or corrupted. Data loss is also very

common. 66% of internet users have suffered from serious data loss.

Advantages

Improved data security

Reduced data entry, storage, and retrieval costs

Facilitated development of new applications program

Disadvantages

Damage to database affects virtually all applications programs

Extensive conversion costs in moving form a file-based system to a database

system



http://en.wikipedia.org/wiki/Data_corruption

http://en.wikipedia.org/wiki/Disaster_recovery


UNINTERRUPTABLE POWER SUPPLY

An uninterruptible power supply, also uninterruptible power

source, UPS or battery/flywheel backup, is an electrical apparatus that provides

emergency power to a load when the input power source, typically the utility mains, fails.

A UPS differs from an auxiliary or emergency power system or standby generator in that

it will provide instantaneous or near-instantaneous protection from input power

interruptions by means of one or more attached batteries and associated electronic

circuitry for low power users, and or by means of diesel generators and flywheels for

high power users. The on-battery runtime of most uninterruptible power sources is

relatively short—5–15 minutes being typical for smaller units—but sufficient to allow

time to bring an auxiliary power source on line, or to properly shut down the protected

equipment.

The general categories of modern UPS systems are on-line, line-

interactive or standby. An on-line UPS uses a "double conversion" method of accepting

AC input, rectifying to DC for passing through the battery (or battery strings), then

inverting back to 120V/240V AC for powering the protected equipment. A line-

interactive UPS maintains the inverter in line and redirects the battery's DC current path

from the normal charging mode to supplying current when power is lost. In a standby

("off-line") system the load is powered directly by the input power and the backup power

circuitry is only invoked when the utility power fails. Most UPS below 1 kVA are of the

line-interactive or standby variety which are usually less expensive.

For large power units, dynamic uninterruptible power supplies are sometimes used. A

synchronous motor/alternator is connected on the mains via a choke. Energy is stored in a

flywheel. When the mains power fails, an Eddy-current regulation maintains the power



http://en.wikipedia.org/wiki/Rectifier

http://en.wikipedia.org/wiki/Battery_(electricity)

http://en.wikipedia.org/wiki/Standby_generator

http://en.wikipedia.org/wiki/Emergency_power_system

http://en.wikipedia.org/wiki/Mains_electricity


on the load. DUPS are sometimes combined or integrated with a diesel-generator[clarification

needed], forming a diesel rotary uninterruptible power supply, or DRUPS.

Figure 11: Offline/ Standby UPS

IMPLEMENTATION METHOD

Implementation methodology is a system to reduce workplace waste and optimize

productivity by maintaining an orderly workplace. The use of visual reminders helps to

achieve consistent improvements as well.



http://en.wikipedia.org/wiki/DRUPS

http://en.wikipedia.org/wiki/Wikipedia:Please_clarify

http://en.wikipedia.org/wiki/Wikipedia:Please_clarify


CHAPTER SUMMARY

Based on the review and evaluation, the topic that has been discussed in chapter 7

Maintenance Method was repeated. It is for review once again the product or the

implementation works with error or not. Upon on the review each of the implementations

having their own advantages and disadvantages. Since a backup system contains at least

one copy of all data worth saving, the data storage requirements are considerable.

Organizing this storage space and managing the backup process is a complicated

undertaking.



http://en.wikipedia.org/wiki/Computer_data_storage


CHAPTER 9:

CONCLUSION




CONCLUSION OF VPN PROPOSAL

As a conclusion VPN can save an organization money in several situations:

eliminating the need for expensive long-distance leased lines

reducing long-distance telephone charges

offloading support costs

VPNs vs leased lines - Organizations historically needed to rent network capacity such

as T1 lines to achieve full, secured connectivity between their office locations. With a

VPN, you use public network infrastructure including the Internet to make these

connections and tap into that virtual network through much cheaper local leased lines or

even just broadband connections to a nearby Internet Service Provider (ISP).

Long distance phone charges - A VPN also can replace remote access servers and long-

distance dialup network connections commonly used in the past by business travelers

needing to access to their company intranet. For example, with an Internet VPN, clients

need only connect to the nearest service provider's access point that is usually local.

Support costs - With VPNs, the cost of maintaining servers tends to be less than other

approaches because organizations can outsource the needed support from professional

third-party service providers. These provides enjoy a much lower cost structure through

economy of scale by servicing many business clients.

Using VPN

To use a VPN, each client must possess the appropriate networking software or hardware

support on their local network and computers. When set up properly, VPN solutions are

easy to use and sometimes can be made to work automatically as part of network sign on.

VPN technology also works well with WiFi local area networking. Some organizations use

VPNs to secure wireless connections to their local access points when working inside the

office. These solutions provide strong protection without affecting performance

excessively.



http://compnetworking.about.com/cs/wireless80211/g/bldef_wifi.htm

http://compnetworking.about.com/cs/intranets/g/bldef_intranet.htm

http://compnetworking.about.com/od/internetaccessbestuses/g/bldef_dialup.htm

http://compnetworking.about.com/od/internetaccessbestuses/g/bldef_isp.htm

http://compnetworking.about.com/od/networkcables/g/bldef_leasedlin.htm


Limitations of a VPN

Despite their popularity, VPNs are not perfect and limitations exist as is true for any

technology. Organizations should consider issues like the below when deploying and

using virtual private networks in their operations:

VPNs require detailed understanding of network security issues and careful

installation / configuration to ensure sufficient protection on a public network

like the Internet.

The reliability and performance of an Internet-based VPN is not under an

organization's direct control. Instead, the solution relies on an ISP and their

quality of service.

Historically, VPN products and solutions from different vendors have not always

been compatible due to issues with VPN technology standards. Attempting to

mix and match equipment may cause technical problems, and using equipment

from one provider may not give as great a cost savings.




CHAPTER 10:

FUTURE PLANNING




KAMDAR NETWORK SYSTEM IN FUTURE

Kamdar plans to extend the VPN to other Kamdar locations which are part of the

Kamdar WAN and have ISDN/VSAT/leased lines as primary connectivity. This will act

as a fallback option. It also plans to extend VPN access to more mobile users.

Since the new site-to-site Intranet VPN implementation will be a try out for

Kamdar to see the success and efficiency of new network, if the result of using the new

network is success, this network will be implement to all Kamdar branch all over

Malaysia to be site-to-site Extranet VPN. Then its not only Kamdar’s staffs can enter

Kamdar system, maybe it ca be extend to customers of Kamdar.

Almost identical to Intranets, except they are meant for external business partners.

As such, firewall access restrictions are used in conjunction with VPN tunnels, so that

business partners are only able to gain secure access to specific data / resources, while not

gaining access to private corporate information.

Benefit : Businesses enjoy the same policies as a private network, including security,

QoS, manageability, and reliability.




APPENDIXES




Kamdar main headquarter address and branches

Kamdar can be reached by this address:

KAMDAR GROUP (M) BERHAD

113, JALAN TUANKU ABDUL RAHMAN,

50100 KUALA LUMPUR

Phone +603.2693.8988 (Hunting Line)

Fax +603.2698.8400

Email [email protected]

Contact Person Ms Helen

Office Hour Monday - Friday 8:30am - 5:30pm

Outlets Hour Monday - Sunday 10am - 10pm

As Kamdar have reached over 20 outlet crossover Malaysia, they are at:

KUALA LUMPUR

1. Locations: Jalan Tuanku Abdul Rahman

Address: 113,Jalan Tuanku Abdul Rahman,

50100 Kuala Lumpur.

Phone: +603.2698.8488

Fax:+603.2698.8400


Address: 171,Jalan Tuanku Abdul Rahman,

50100 Kuala Lumpur.

Phone: +603.2691.5708 / +603.2692.6896

Fax: +603.2691.5371


Address: 429-435,Jln Tuanku Abdul Rahman,

50100 Kuala Lumpur.

Phone: +603.2693.9513/12/15

Fax: +603.2691.1054




4. Locations: Mid Valley Mega Mall

Address: FJA-2(B),1st Floor,Mid Valley Mega Mall, Batu 2 1/2, Jalan Klang

Lama,

58000 Kuala Lumpur.

Phone: +603.2938.3052

Fax: +603.2284.6739

SELANGOR

1. Locations: SS2, Petaling Jaya

Address: 61,Jalan SS2/64,Petaling Jaya,

47300 Selangor.

Phone: +603.7877.2870

Fax: +603.7875.8895

2. Locations: Kajang

Address: E23-GA,Jalan Prima Saujana 2/D,

Sec 2,Taman Prima Saujana,

43000 Kajang,Selangor.

Phone: +603.8734.3390/84/71

Fax:+603.8734.3357

3. Locations: Klang

Address: 1st Floor,Complex Mais.Lot 336, Sec 23, Simpang Jalan Kapar,

Jalan Meru, 41050 Klang,Selangor.

Phone: +603.3341.0715/749

Fax:+603.3341.1016

4. Locations: IOI Mall, Puchong

Address: Lot ES 8 & ES 9,2nd,Floor,IOI Mall,

Batu 9,Jln Puchong,Bdr Puchong Jaya, 47170 Puchong,Selangor.

Phone: +603.8071.1866

Fax:+603.8070.9366




THE PROPOSAL




1.0 INDUSTRY

1.0.1 Textiles and Clothing

The first actual textile, as opposed to skins sewn together, was

probably felt. Surviving examples of Nale binding, another early textile method,

date from 6500 BCE. Our knowledge of ancient textiles and clothing has

expanded in the recent past thanks to modern technological developments. Our

knowledge of cultures varies greatly with the climatic conditions to which

archeological deposits are exposed; the Middle East and the arid fringes

of China have provided many very early samples in good condition, but the early

development of textiles in the Indian Subcontinent, sub-Saharan African and other

moist parts of the world remains unclear. In northern Eurasia can also preserve

textiles very well.

Textiles is a felt or spun fibers made into yarn and subsequently netted,

looped, knit or woven to make fabrics. Its appeared first at Middle east during the

late stone age. From ancient times until this present day, the methods of textile

production have continually evolved, and the choices of textiles available have

influenced on how people carried their possession, clothed themselves and

decorated their surroundings.

Textiles history studies can be discovered via archeology representation of

textiles and their manufacture in art; and documents concerning the manufacture,

acquisition, use, and trade of fabrics, tools, and finished garments.

Early woven clothing was often made of full loom widths draped, tied, or

pinned in place such as:

Ancient Near East

The earliest known woven textiles of the Near East may be fabrics used to wrap

the dead excavated at a Neolithic site at Airiel in Anatolia, carbonized in a fire

and radiocarbon dated to c. 6000 BC. Flax cultivation is evidenced from c. 8000




BC in the Near East, but the breeding of sheep with a wooly fleece rather than

hair occurs much later, c. 3000 BC.

Ancient India

Cotton has been spun, woven, and dyed since prehistoric times. It clothed the

people of ancient India, Egypt, and China. Hundreds of years before the Christian

era cotton textiles were woven in India with matchless skill, and their use spread

to the Mediterranean countries. In the 1st century, Arab traders brought fine

muslin and calico to Italy and Spain.

Ancient Egypt

Evidence exists for production of linen cloth in Ancient Egypt in the Neolithic

period, c. 5500 BC. Cultivation of domesticated wild flax, probably an import

from the Levant, is documented as early as c. 6000 BC. Other bast fibers

including rush, reed, palm and papyrus were used alone or with linen to make

rope and other textiles.

Ancient China

The earliest evidence of silk production in China was found at the sites of

Yangshao culture in Xia, Shanxi, where a cocoon of bombyx mori, the

domesticated silkworm, cut in half by a sharp knife is dated to between 5000 and

3000 BC. Scraps of silk were found in a Liangzhu culture site at Qianshanyang in

Huzhou, Zhejiang, dating back to 2700 BC.[16][17] Other fragments have been

recovered from royal tombs in the Shang Dynasty (ca. 1600 BC - c. 1046 BC).

1.0.2 Textiles and Apparel in Malaysia

The growth of Malaysia's textiles and apparel industry accelerated in the

early 1970s when the country embarked on export-oriented industrialization. With

exports valued at RM 10.49 while imports amounted to RM 5.46 billion thus

making Malaysia a net exporter of textiles and textile products. There are 662



http://en.wikipedia.org/wiki/Shang_Dynasty

http://en.wikipedia.org/wiki/History_of_clothing_and_textiles#cite_note-16

http://en.wikipedia.org/wiki/History_of_clothing_and_textiles#cite_note-15

http://en.wikipedia.org/wiki/Huzhou

http://en.wikipedia.org/wiki/Liangzhu_culture

http://en.wikipedia.org/wiki/Bombyx_mori

http://en.wikipedia.org/wiki/Cocoon

http://en.wikipedia.org/wiki/Shanxi

http://en.wikipedia.org/wiki/Yangshao_culture


licensed companies in production with investments of RM8.3 billion. The

industry employs more than 68,264 workers.

The industry currently encompasses a broad range of integrated activities

ranging from polymerisation and man-made fibre production, spinning,

texturizing, weaving, knitting, dyeing, printing and finishing of yarn and fabrics;

manufacture of made-up garments and other made-up textile goods such as

carpets, bed and table linen and ropes. The industry also covers the manufacture

of non-woven fabrics for personal care products, made-up garments, furniture and

bedding as well as construction and engineering applications.

2.0 WORLD TREND

2.0.1 Company Introduction

Levi Strauss & Co. is a worldwide corporation organized into three

geographic divisions: Levi Strauss Americas (LSA), based in San Francisco; Levi

Strauss Europe, Middle East and Africa (LSEMA), based in Brussels; and Asia

Pacific Division (APD), based in Singapore. The company employs a staff of

approximately 10,500 people worldwide, and owns and develops a few brands.

Levi's, the main brand, was founded in 1873 in San Francisco, specializing

in riveted denim jeans and different lines of casual and street fashion.

2004 saw a sharp decline of selling while facing of global outsourcing, so

the company was closed and the Edmonton manufacturing plant shut

down. Dockers (Levi’s clothing line) that was launched in 1986 has sold largely

through department store chains. It helped the company grow through the mid-

1990s, as denim sales began to fade. Levi Strauss attempted to sell the brand in

2004 to relieve part of the company's $2 billion outstanding debt.

Launched in 2003, Levi Strauss Signature features jeanswear and

casualwear. In November 2007, Levi's released a mobile phone in co-operation

with ModeLabs. Many of the phone's cosmetic attributes are customisable at the

point of purchase.




George P. Simpkins Sr, the Levi’s CEO is credited with the company's

record paced expansion of its manufacturing capacity from fewer than 16 plants to

more than 63 plants nationwide from 1964 through 1974. Perhaps most

impressive, however, was that Levi's expansion under Simpkins was

accomplished without a single unionized employee as a result of Levi's' and the

Hass families' strong stance on human rights and Simpkins' use of "pay for

performance" manufacturing at the sewing machine operator level up. As a result,

Levi's' plants were perhaps the highest performing, best organized and cleanest

textile facilities of their time. Levi's even piped in massive amounts of air

conditioning into its press plants, which were known in the industry to be

notoriously hot, for the comfort of Levi's workers.

3.0 LOCAL

3.0.1 Textile and Apparel in Malaysia

The growth of Malaysia's textiles and apparel industry accelerated in the

early 1970s when the country embarked on export-oriented industrialization. With

exports valued at RM 10.49 while imports amounted to RM 5.46 billion thus

making Malaysia a net exporter of textiles and textile products. There are 662

licensed companies in production with investments of RM8.3 billion. The

industry employs more than 68,264 workers.

The industry currently encompasses a broad range of integrated activities

ranging from polymerisation and man-made fibre production, spinning,

texturizing, weaving, knitting, dyeing, printing and finishing of yarn and fabrics;

manufacture of made-up garments and other made-up textile goods such as

carpets, bed and table linen and ropes. The industry also covers the manufacture

of non-woven fabrics for personal care products, made-up garments, furniture and

bedding as well as construction and engineering applications.




3.0.2 Kamdar Group (M) Berhad

Kamdar Group (M) Berhad was established in Malaysia since 1972, and

has since achieved a dominant position in the garment and textile departmental

store industry.

The Kamdar brand name has been well known for several generations. It

has become part of Malaysian history, a fact of which Kamdar is very proud.

Kamdar is well known for its extensive range and quality of garment and textile

products. Kamdar stores specialize in textile fabric, furnishing fabric, in-house

designed garments for ladies, men and children’s clothes, Indian clothing and

school uniforms.

4.0 AREA OF FOCUS

4.0.1 NETWORKING - VPN

VPN (Virtual Private Network) is a networking types which some of the links

between nodes carried by open connections or virtual circuits in larger network

area e.g.: Internet, as opposed running on single private network.

As the world of business is changing to be more sophisticated with technology

nowadays, many businesses have to consider on global markets and logistics. As

to achieve this goals, there are needs of way to maintain fast, secure and reliable

communications within network system (branches, customers, suppliers).

The use of leased lines to maintain WAN (Wide Area Network) provide a

company with a way to expand its private network beyond its immediate

geographic area. However maintaining a WAN, particularly when using leased

lines, can become quite expensive and often rises in cost as the distance between

the offices increases.

As the popularity of the Internet grew, businesses turned to it as a means of

extending their own networks. First came intranets, which are password-

protected sites designed for use only by company employees. Now, many

companies are creating their own VPN (virtual private network) to

accommodate the needs of remote employees and distant offices.




Basically a VPN is a private network that use public network e.g.: Internet; to

connect to remote sites or users of company. Instead of using leased-line, VPN

use virtual connection routed through Internet from company’s private network to

remote sites or employee. It’s mostly about help distant colleagues work together,

much like desktop sharing.

For Kamdar, it is proposed to develop a new Site-to-Site Internal VPN. With

Intranet VPN, gateways at various physical locations within the same business

negotiate a securecommunication channel across the Internet known as a VPN

tunnel. An example would be a network that exists in several buildings connected

to a data center or mainframe that has secure access through private lines. Users

from the networks on either side of the tunnel can communicate with one another

as if it were a single network. These may need strong encryption and strict

performance and bandwidth requirements.

The advantage of Site-to-Site Internal VPN is the substantial cost savings over

traditional leased-line or frame relay technologies through the use of Internet to

bridge potentially long distances between sites. With VPN, Kamdar employee can

keep sharing information and company’s data with secure and reliable way. Its

important as to keep and maintain business data integrity for company’s future

use.



Documents

vpn