The process of implementing security

 


The process of implementing security frequently opens one's eyes to other forms of security not previously considered. In this two-part assignment, you should experience just that. This assignment focuses on a model of implementing security in layers, which, in many cases, requires a network that is designed accordingly.

The specific course learning outcome associated with this assignment is:

Recommend best security practices to achieve business objectives based on risk assumptions.
Instructions
Design a network that incorporates the following:

One corporate site (Chicago).
All servers exist here (web server, file server, print server, mail server, FTP server).
Connection to the Internet (50 MBps).
300 employees who only need access to local corporate resources and the Internet.
One remote site (8 miles away).
20 employees who need access to all resources at corporate, plus the Internet.
Connection to the Internet (3 MBps).
Part 1
Use Microsoft Visio or an open-source alternative, such as Dia Diagram Editor, to:

Create a network diagram with defense in depth in mind, citing specific, credible sources that support the design and depicting at least four-fifths of the following:
All necessary network devices (routers, switches and/or hubs, firewalls, VPNs, proxies, and others).
The interconnections between network devices.
Connections to end-user (client) devices (desktops, laptops).
Connections from the Internet cloud to the network input.
Part 2
Write a 6-10 page paper in which you:

Describe the flow of data through the network, citing specific, credible sources.
Assume data begins at the remote site.
Data flow may be monitored by an IDS.
Explain all three elements of the CIA triad and how isolating by network functions helps deliver a layered approach, citing specific, credible sources that support your assertions and conclusions.

 

Your diagram should visually depict the following flow:

Internet Cloud $\rightarrow$ Chicago External Router $\rightarrow$ FW1 $\rightarrow$ FW2 (NGFW)

FW2 separates to the DMZ (Web/FTP) and the Internal Network.

The Internal Network passes through FW3 $\rightarrow$ L3 Core Switch.

L3 Core Switch connects the L2 Access Switches (300 Clients) and the Internal Servers (Mail/File/Print).

A separate line should show the IDS passively connected to the L3 Core Switch.

The Remote Site connects to its ISP $\rightarrow$ FW-R, with a dotted line representing the VPN tunnel back to Chicago's FW2/FW3.

 

📝 Part 2: Paper Outline and Content

 

 

1. Data Flow Analysis (Remote Site to Chicago Server)

 

This section describes the detailed path of data (e.g., an employee accessing a file from the Chicago File Server) from the remote site.

Assumptions: The remote employee initiates an SMB file request destined for the Chicago File Server.

StepLocation/DeviceAction & Security Check
1Remote ClientInitiates request. Encrypted by the VPN Client.
2Remote L2 SwitchForwards the encrypted data stream to the Remote Firewall (FW-R).
3Remote Firewall (FW-R)Security Check: Encrypts and encapsulates the packet in the IPsec VPN tunnel. Forwards it over the Internet.
4Chicago FW2/FW3Security Check: Receives the encrypted VPN packet. FW2/FW3 decrypts the tunnel traffic.

Sample Answer

 

 

 

 

 

 

Part 1: Network Design Blueprint (Defense-in-Depth)

 

This design uses a layered security model (Defense-in-Depth) to protect the critical corporate resources in Chicago and securely connect the remote site.

 

1. Chicago Corporate Site (300 Employees & All Servers)

 

Network SegmentSecurity Layer & DevicePurpose/Rationale
Perimeter Layer (Internet Edge)External RouterConnects to the ISP (50 MBps). Only forwards traffic to the external firewall.
 External Firewall (FW1) - Stateful InspectionFirst line of defense. Performs basic packet filtering and Network Address Translation (NAT).
DMZ Layer (Demilitarized Zone)Internal Firewall (FW2) - Next-Generation Firewall (NGFW)Isolates public-facing services from the internal network. Provides deep packet inspection, intrusion prevention (IPS), and application control.
 Public-Facing Servers: Web Server (HTTPS), FTP ServerOnly these servers reside here. They are accessible from the Internet via specific port forwarding rules on FW2.
We are here to help

We have crazy offers

It’s quick and easy to place an order. We have an efficient customer service that works 24/7 to assist you.It’s quick and easy to place an order. We have an efficient customer service that works 24/7 to assist you.

We are here and ready to help

Ready to join our block community of business leaders for four days of virtual sessions on driving developer happiness and boosting productivity?

Order Now

IS IT YOUR FIRST TIME HERE? WELCOME

USE COUPON "11OFF" AND GET 11% OFF YOUR ORDERS

PLACE AN ORDER NOW REGISTER NOW