Network design proposal for Bank

In this blog , we will primarily focus on designing and implementing a Bank Network using Cisco Packet Tracer (CPT). Security breach in the sector of banks is one of the most important concerns that need to be addressed in the first place since the loss of information can lead to huge losses to the bank overall. This blog will help us curb such concerns by understanding the regulated flow of information/data. We will consider a national bank with its head offices in big cities like Gandhi Nagar. The other small branches will be present in cities like Ahmadabad, Rajkot, and Surat. These small branches in each state will be connected through LANs. Apart from this, VLANs and WANs will automatically be a part of the project networking since we are working on a Bank Network. Additionally, bank machines will be made available all around each city in specific to ensure better reach and reliable services to the people. Employees use special software to access user accounts. The level of access to advanced resources within the bank varies from employee to employee based on several criteria, including the employee’s designation, the criticality of the information, etc. The typical servers, mail, web, files, and directories will be made available to all the employees to understand the flow of work within the bank.

The main objective of this blog is to design a network for the bank with the given constraints. In this, we have 1 server room, 3 branches, and 1 main branch. This network design of the bank also has a server for online transactions which is used by the customers of all branches.

Basic picture for bank connection

Network requirement analysis

As the locations of the banks are spanned across different geographical locations, a VPN solution is recommended as it would be more economical as compared with a leased line solution. VPN appliances are required for the same. The application server is recommended as Windows 2008 / Windows 2012, with appropriate failover clustering to provide high availability to the application. The application server should be set up on a DMZ, where only access to the HTTPS protocol (TCP port 443), should be made available to users accessing from the outside. Antivirus with a desktop firewall should be installed on the server, which would provide host-level protection. An appliance, which would perform deep packet inspection, should be set up on the network, to filter incoming traffic to the application server. This would scan the traffic for security threats and attacks.

Hardware and software requirement analysis

1. At the main office, a VPN appliance would be required, which would have an integrated firewall and deep packet inspection. The recommended VPN appliance is Sonic wall NSA 220/W, which can support site-to-site VPN tunnels and also has deep packet inspection and firewall capabilities.
2. There are 200 users in the main office. A total of 5 no of 48 port switches are recommended considering ports for servers, VPN appliances, and expansion plans. The Cisco Catalyst 2960S48FPD-L is recommended for the same.
3. At the branch offices, the SonicWALL TZ105 series is recommended to establish a site-to-site VPN connectivity with the main office.
4. There are a total of 100 users each at the branch office. A total of 3 no. of 48 port switches is recommended, which are Cisco Catalyst 2960S-48FPD-L, considering future expansion plans.
5. Windows 2008/2012 is recommended for the application server with server hardware.

Network Requirements:

1. Identify the hardware components required to set up the network for the Bank

2. High availability should be available to the application server, which is accessible using the HTTPS protocol.

3. The application server should be set up securely with network and host-level protection.

4. All traffic into the application server should be scanned for security attacks.

5. IP network design for the branch and main offices.

6. IP addressing range for users and hardware components.

7. The users at different locations should be able to access each other, including the application server.

8. Identify the features and methodology which would be followed to achieve the solution.

9. Network Topology diagram.

Implementation —

Cisco Packet Tracer:

For implementing this bank prototype, we have used Router-PT which has serial ports, So that it will be easy for us to connect to 6 branches we have also used 2960–24TT switches all over the network to connect to various campuses among the cities which are then interconnected to the servers and users. All the serial ports are assigned IP addresses so they can be recognized between the cities without confusion.

Cisco Packet Tracer:

• Cisco Packet Tracer is a visual simulation tool designed by Cisco Systems that allows users to create network topologies and imitate modern computer networks.
• Using packet tracer, we have implemented network topology and assigned routers and switches.
• We can also configure every router and network with the IP address and tested whether the data transfer is successful or not.

Feature and Services

1. VLAN

Two networks are required at the main office. One network would be for the LAN, where the office users would be connected. The second network would be the DMZ network, where the application server is hosted. This is required since the application server would require access from outside. Two VLANs would be created which would be mapped with the LAN and DMZ network. VLANs would be configured on the Switches.

2. Access control lists

Access control lists are configured on the VPN appliance at the main office. The ACLs are used to restrict communication from the internet to only the allowed port, which is TCP port 443 on the application server in the DMZ. ACL is also configured to allow all traffic from the branch office networks to the DMZ and LAN network in the main office.

3. Static NAT

Static NAT is configured on the VPN Appliance to allow traffic from the public IP address of the application server to the LAN IP address.

4. Failover cluster

The failover cluster is configured on Windows 2008/2012, on which the application server is hosted. This would ensure that high availability is provided to the application.

5. RIP (Routing Information Protocol)

This protocol is the intradomain (interior) routing protocol which is based on distance vector routing, and it is used inside an autonomous system. Routers and network links are called a node. The first column of the routing table is the destination address. The cost of metric in this protocol is hop count which is the number of networks that need to be passed to reach the destination. Here infinity is defined by a fixed number which is 16 it means that using a Rip, the network cannot have more than 15 hops.

RIP Version-2:

Due to some deficiencies in the original RIP specification, RIP version 2 was developed in 1993. It supports classless Inter-Domain Routing (CIDR) and can carry subnet information, its metric is also hopped count, and max hop count 15 is the same as rip version 1. It supports authentication and does subnetting and multicasting. An auto-summary can be done on every router. In RIPv2 Subnet masks are included in the routing update. RIPv2 multicasts the entire routing table to all adjacent routers at the address 224.0.0.9, as opposed to RIPv1 which uses broadcast (255.255.255.255).

Advantages of RIP version-2

1. It’s a standardized protocol.
2. It’s VLSM compliant.
3. Provides fast convergence.
4. It sends triggered updates when the network changes.
5. Works with snapshot routing — making it ideal for dial networks.

Network Topology Diagram

Access Layer

In this layer, all the end devices are connected to each other to the network and we will be having the layer 1 switch for the further connections.

Distribution Layer

Distribution layer, mostly the layer 3 switches are used to connect the end devices and make the network correspond and this connects to the access and core layers of the network design.

Core Layer

The core layer is the main source of all the layers, where this layer is used to transfer the large amount of traffic very quickly.

There will be 1 server room ,1 main branch and 3 sub-branches for this network topology:

• Gujarat
• Gandhi Nagar
• Ahmadabad
• Surat
• Rajkot

Each branch is explained separately for better understanding of the network.

We’ll get started with Gandhi Nagar network topology then followed by Ahmedabad , Surat, Rajkot network topologies.

Gujarat — Network Topology:

Gandhi Nagar — Network Topology:

Ahmadabad — Network Topology:

Surat — Network Topology:

Rajkot — Network Topology:

Server room — Network Topology:

Network Design and configuration strategy

We have manually checked if the network between each user in the branch is connected to one other.

This is done individually with testing from one branch device to other branch devices instead of buffer manager interface. After testing this manually buffer testing is implemented and checked.

Ping from a PC to Another PC:

The above screenshot shows the successful implementation of the connection across two different systems, where it executes perfectly.

All the data packets are received without any loss of data.

The general aim of this blog is to simulate a banking system that is secure and easy to use. Previously the system was manual, not secure, and also working slowly. This proposed system overcomes the lacking of the existing manual system, which sometimes creates problems to get up-to-date information rapidly. But now through this system whenever any transaction will be taking place it will store in the central database and authorized person can get necessary information or report when they get into the system from any branch through Wide Area Network (WAN). This system is using Packet Tracer for network simulation. After the implementation of all functions, the system is tested in different stages and it was successful for its purpose.