Reference no: EM133527712
IT Security
Assignment: Comprehensive Network Security Design for Business Expansion
Objectives
This assessment covers all the learning outcomes as in the unit descriptor. This assessment is designed to improve the ability of students to design a secured network, critically analyze the security principles, and to develop network policies accordingly. The assignment provides an opportunity to work in a group and to achieve a joint objective.
Background:
In the ever-changing world of technology, ACME CO Inc is a leader in making software. As the company gets ready to open another office, the importance of keeping the network safe is clear. Because important information, valuable ideas, and important business tasks are shared quickly, it's important to have a detailed plan to keep the network safe. Your team, made up of experts in IT and network security, has the important job of creating a detailed plan to keep the network safe. This plan will include different tools and parts to make sure the network is secure, like firewalls, a Demilitarized Zone (DMZ), Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), Threat Protection, IT security rules and policies, and other important placements and settings.
Assignment:
Your mission is to create a holistic network security design tailored to ACME CO Inc.'s forthcoming office expansion. The design should incorporate all the necessary security devices and network components, strategically placed to offer an impregnable shield while optimizing operational efficiency. And you have to note that the finance is not unlimited.
The office has 4 buildings spread into 4 different departments. ACME CO Inc should have two Internet connections, one for the primary connection and the other for the backup connection. These should be from two different ISPs:
1.) SE division
2.) QA division
3.) HR and Finance division
4.) IT, Security, and management division
Requirements:
TASK 1: Draw a Network Diagram: Draw a hypothetical network diagram for ACME CO Inc's network. The diagram should encompass both the primary and secondary offices (The new office), intricately detailing the interlinks between them. Precisely identify the strategic placements of firewalls, DMZ, IPS, IDS, virus guards, VPN access, and supplementary security and network devices.
TASK 2: Justifying Network Security: Explain why network security is important for ACME CO Inc. Talk about the many different threats like data breaches, ransomware attacks, and spying on our ideas. Also, mention attacks that try to make the systems stop working and stealing information. Give a strong reason for using good security steps to keep the business running smoothly and to make sure our customers trust us.
TASK 3: Firewalls Placement: Carefully study the best places to place firewalls. Look closely at how data moves between offices, departments, and public private access to the servers, including what comes in and goes out. You have to give reasons for the selections to put the firewalls where you did, focusing on protecting important things. Important thing to keep in mind is that you have to use very limited amount of firewalls, because the cost factor is high
TASK 4: DMZ Configuration: Create a smart plan for a DMZ that separates things outside the company from the inside network. Clearly list the things that will be placed in the DMZs. Explain why you chose these things and how you'll make the DMZ work smoothly with them. And you MUST indicate the DMZs in your design diagram
TASK 5: Additional Security Devices: Create a smart plan for integrating a diverse array of supplementary security devices, such as:
• Intrusion Detection System (IDS): Ascertain placements where IDS devices can bolster the network's threat detection capabilities.
• Virtual Private Network (VPN) Concentrator: Discuss the strategic positioning of VPN concentrators to secure remote connections effectively.
• Network Access Control (NAC) System: Justify the placement of NAC devices for streamlined endpoint management and authentication.
• Intrusion Prevention System (IPS): Articulate the advantages of strategic IPS placements to improve the Intrusion prevention automatically.
TASK 6: Security Policies Enhancement: Elevate the existing security policy framework by incorporating comprehensive measures, including multifactor authentication, encryption protocols, incident response strategies, and regular security audits for the following topics:
• Access Control Policy:
• Password Management Policy:
• Data Classification and Handling Policy:
• Remote Access Policy:
• Network Security Policy:
• Bring Your Own Device (BYOD) Policy:
• Social Engineering and Phishing Awareness Policy:
• Physical Security Policy:
• Employee Training and Awareness Policy: