Infrastructure Assessment Report Dec 2020

INFRASTRUCTURE ASSESSMENT

INFRASTRUCTURE ASSESSMENT REPORT

VERSION: 1.0

December, 2020

Prepared By: Sam Kaddoura
KCiNETWORKS
2141 Thurston Drive
Suite 204
Ottawa, ON K1G 6C9

Telephone: (613) 565‐0600 Ext. 560

Submitted to: Cassandra McGregor
Clerk Administrator / Recreation Director
TOWNSHIP OF BECKWITH
1702 9th Line Beckwith
Carleton Place, ON K7C 3P2

Telephone: (613) 257‐1539

Infrastructure Assessment Report Confidential
TABLE OF CONTENTS

INTRODUCTION ............................................................................................................................. 3

DISCLAIMER ................................................................................................................................... 3

SCOPE OF WORK REVIEW .............................................................................................................. 4

KEY ASSUMPTIONS ........................................................................................................................ 4

REPORT LIST .................................................................................................................................. 4

ISP ................................................................................................................................................. 5

SONIC WALL .................................................................................................................................. 5

WIFI ............................................................................................................................................... 5

SWITCHING .................................................................................................................................... 5

NETWORK ...................................................................................................................................... 6

SERVERS ........................................................................................................................................ 6

TAPE DRIVE .................................................................................................................................... 8

COUNCILS CHAMBERS .................................................................................................................... 8

NEW SITE LOCATION PLANS ........................................................................................................... 8

CONCLUSION ................................................................................................................................. 9

GENERAL OVERVIEW AND ADDITIONS ........................................................................................... 9

SAMPLE DIAGRAM ....................................................................................................................... 10

Presented by KCiNetworks – December 2020 2
INTRODUCTION
This report is intended to provide the Township of Beckwith with an overview of its current network
status at 1702 9th Line Beckwith, Carleton Place ON K7C 3P2.
This report focuses on the general network and this is NOT an audit as quoted on quote 50693. It
also discusses thoughts on how the IT should be managed as managing the IT onsite in an orderly
fashion helps with the overall health of the environment. Upon arrival onsite I was walked through
the office and given a tour. It was mentioned that there is a new building and plans are in place for a
move. Cassandra will be sending Sam Kaddoura of KCiNetworks the floor plans for later reference if
required.
DISCLAIMER
This report entitled Infrastructure Assessment Report is made available by KCiNetworks for the
purposes of pointing out general network setup within the Township of Beckwith network. Some
general recommendations will be suggested in this report.

Sam Kaddoura
KCiNetworks

Date: December 2020

SCOPE OF WORK REVIEW
 Write a General Assessment Report for Modernization
 IT Infrastructure Review – Current State with some recommendation input on the below:
 Review computer systems and end user use
 Hardware Review – Servers Network Gear and Computers (Backup Equipment, Information
Storage)
 Network Review - Firewall, Switches, Routers, and cabling
 Applications Review – Server-Side Applications, Desktop Applications, Cloud Applications
(Financial Software Review)
 Vendor Review – Internet Provider, Anti-Virus Provider
Notes: This is an assessment and not an audit. An assessment offers a high-level view. An audit is a
detailed review.
KEY ASSUMPTIONS
 The review provided on the security is a snapshot in time, any changes done during or after the
review may change the opinion(s) and/or suggestions of this report.
 There was limited access to resources while onsite as the County of Lanark is running the IT
Infrastructure.
 Manufacturers expectations for proper functionality such as should be considered
REPORT LIST
Below is the list of FCI devices which have been reviewed by KCiNetworks
IP/HOST DESCRIPTION
216.46.2.54 Bell Home Hub 2000
192.90.135.1 SonicWall TZ300
N/A WiFi
N/A Dell Switch 48 Port
N/A Network
BWSRV01 Dell Power Edge T620
N/A Backup Tape Unit
N/A Council Chambers
N/A New Site Location Plans

ISP

Bell Home Hub 2000
Public IP - 216.46.2.54
Explanation: The current Internet Service Provider is Bell Canada. The technology being used is
PPPOE. This internet is not very stable and is not something the Township of Beckwith should rely
on.
Action: Upgrade your internet service to symmetrical fiber 50/50 or 100/100. The Symmetrical
Fiber also offers a Service Level Agreement where your current internet does not. If this is not
available in your area, I would suggest getting another internet provider that uses coax and bond
both the Bell Internet (currently being used) and another coax internet provider. This will provide
redundancy and increase bandwidth.
SONICWALL
SonicWall TZ300
IP – 192.90.135.1
Explanation: This device is a good industry device that provides adequate services to the network
environment its shelf life will extend till 2025-01-23. For better manageability and reporting
considering a cloud-based Firewall would be better allowing a more detailed approach to combating
web based malicious attacks at the perimeter.
Action: Changing to a subscription-based solution would offer many features that are more current
and in line with industry standards. If adding another internet service provider ISP is being
considered this device would need to be changed to get the most out of a dual connection.
Wi‐Fi
Explanation: The Wi-Fi is standard and sufficient. The Wi-Fi has not been separated from the internal
network. There are two SSIDs (Beckwith-Public-Wi-Fi and Beckwith), but both have access to the
LAN 192.90.135.0 even though they have different IP ranges.
Action: Get a more suitable Wi-Fi solution to provide stringent access controls straight from the AP
and allows for content filtering based on SSID.
SWITCHING
Explanation: The Dell switch 48 port that is currently being used is standard and works fine for this
type of network environment.
Action: Nothing required.

NETWORK
IP Network - 192.90.135.0
Subnet Mark - 255.255.255.0
Gateway - 192.90.135.1
DNS – 192.90.135.9
DHCP – 192.90.135.9
Internal Domain – beckwithtwp. local
External Domain – twp.beckwith.on.ca
Explanation: The above network range allows for 254 devices to be on the network with one subnet.
This is likely adequate for the Township of Beckwith. Should you require more than one subnet,
based on the above IP Networks and Subnet Mask your devices will be significantly diminished from
254 devices to 126 devices.
Action: No Action is required at this time unless the new site plan requires a VLAN/SUBNET for
security.
SERVER(s)
Dell T620 Power Edge
Physical 192.X.X.X
Host Server Running VMWare
Explanation: The Dell Power Edge server T620 has VMWare as its platform to run Windows
BWSRV01. Limited access to this console.
Action: No Action is required at this time on the server. The physical security of the server is an issue
and should be put in a secured and locked room or lockable rack.

SERVER(s) CONT’D

Dell T620 Power Edge (Virtual Machine BWSRV01)
BWSRV01 Virtual Machine
ITEM SUGGESTIONS / RECOMMENDATIONS

Windows Only allow specified IP’s to RDP and add a Certificate
Explanation:
The cert is really there to warn you there is potential risk. Adding a cert isn’t necessary although should
be done. Adding a management IP to connect to network device like the server through RDP is best.
Only allowing specified IP’s to access the RDP console allows for a more secure connection.
Windows Windows Updates should be kept up to date
Explanation:
Running Windows updates at a specified time and a schedule on a weekly or daily basis is valuable. This
is an easy way to keep your security updated with relative ease.
Windows Have all Windows Event Logs go to an external server
Explanation:
Syslog watcher is a useful tool but the Township of Beckwith being able to track who is logging in and
out of their network is important. This has low risk, it is more of a helpful tool to be able to monitor
security after the fact. Who has logged in and when. This helps more with the internal security and
helps pin point internal user that may have caused a security breach.
Windows Remove all Windows components that are not required. Turn off all services that are not used.
Explanation:
Removing non‐essential services and components limits the potential for exploits
Software Remove software that is not required, TeamViewer
Explanation:
TeamViewer is a remote control and asset tool(s), remote access should never be given to anyone
without the explicit consent of the IT administrator. If it is a must then this goes hand in hand with the
(“have all Windows Event Logs go to an external server”) This way any remote control can be
monitored.
Windows RDP NLA should be used
Explanation:
This provides an extra layer of security. You need to provide credentials before the connection is
established

Cloud / Remote Server (usti‐connect.local)
IP Address - 192.90.130.6
Explanation: This server runs Financial Software and is not in the Township of Beckwith’s network.
Limited access is available.
Action: No Action is required at this time.

TAPE DRIVE
Physical LTO
Explanation: The backup LTO is directly connected to the Dell Power Edge server T620, It is an 800GB
tape drive.
Action: It is recommended that you move to a cloud-based backup that supports DRaaS and cloud
storage. A backup check sheet should be used to ensure backups are complete.
COUNCILS CHAMBERS
Explanation: Site is very dated and has no or old conference technology that has been ‘put’ together.
Action: Replace equipment and setup a modern conference solution. Quotes have been sent for
template of technology. Quote # 50700 & 50701
NEW SITE LOCATION PLANS
Explanation: Reviewed site location plans with Cassandra.
Action: Reviewed site location floor plans. Will discuss further with Cassandra once we are closer to
a firm completion date and a budget has been established for the IT, cabling and conference setups.

CONCLUSION
After reviewing the Township of Beckwith network there are some things that can be done to
improve performance, specifically around project-based work and modernizing. The network itself
seems to be setup in a sound manner. Based on the size of Township of Beckwith, a dedicated person
is not required to maintain the network and associated projects. This work should be outsourced.
GENERAL OVERVIEW AND ADDITIONS
I would suggest filtering your outbound/inbound email traffic through a third party filtration system
provider. Currently you are using O365 for this service.
I propose maintaining network documentation as it makes it much easier to keep the network secure.
A process sheet could be made available for onboarding and off boarding new staff. Template users
should also be used. Accidental security changes are more likely to happen than someone infiltrating
your network.
Physical security should be always maintained. There is no good reason to have your server out in
the open.
With the cost of technology today the difference in price between a laptop and desktop are small.
Laptops would be a better option for desktop users. Upgrading your laptops is a good investment.
Printing should be backed up and secured. There should be 2 high volume Multi Function Printer
using secure print for the tax statements.

SAMPLE DIAGRAM

Bell Home Hub
2000
Township Beckwith
Dell Switch 48 Port
WiFi
SonicWall TZ300 ‐ Beckwith
‐ Beckwith‐
Public‐Wi‐Fi
Dell T620 Power Edge
VMWare
O365 E-Mail
BWSRV01 Virtual Machine
Tape Drive LTO
800GB usti‐connect.local
Workstation
Pool Printer Pool

END OF DOCUMENT

Infrastructure Assessment Report Dec 2020

Uploaded by

Copyright:

Available Formats

Infrastructure Assessment Report Dec 2020

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Infrastructure Assessment Report Dec 2020

Uploaded by

Copyright:

Available Formats

ITEM SUGGESTIONS / RECOMMENDATIONS

Action: No Action is required at this time.

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.