Reference no: EM132377578
Assignment
This project provides an opportunity for students to apply their understanding of practical security concepts, network design and security implementation skills gained from lectures, studying the online curriculum, discussion as well as self-study and online research.
You are required to design, setup and implement a secure network infrastructure for a TAFE NSW. You need to do your research in order to provide a through and workable design. You should also show your research results in your written report.
To complete this Project properly with all required documentations is not a trivial task. It is important that you read and understand each requirement and complete all tasks as study progress.
You need to submit a written report (Microsoft word .docx format) and a working Packet Tracer file (.pkt format).
General Requirements and suggestions
1. This Report is to be completed as group work. Form a group of 2-3 members.
2. You should plan and complete the Report on a weekly basis so that all tasks can be completed properly. Leaving the Report to the very last day(s) will result in an unprofessional research report.
3. The configuration must be working and is based on your Topology design.
4. Use Packet Tracer version 7.1 for your configuration.
5. Some part of your design may not work in Packet Tracer. You can include a Limitation section in your report to show that you plan to and can do the parts that are not supported in Packet Tracer.
6. All information sources must be appropriately acknowledged and a full bibliography is required. Failure to do so could result in severe penalties.
7. Research using internet would be helpful. Make sure you state the source of the materials. Refer to the referencing format in Moodle.
8. Plagiarism: It is expected that this will be completely your own work. Therefore using the "cut and paste" approach will not be accepted.
Scenario
Green Powered Electricity Supplier (GPES) is a relatively small but fast growing electricity retail supplier in NSW. GPES is keen on reducing cost; improve efficiency, increase market share and profitability. They have hired John Winterbottom as new CEO who is a tech savvy and very enthusiastic about technologies such as 5G and penetration of IoT in every walks of our lives.
In order to achieve the goals set forward by the company as far growth and profitability is concerned; he comes with a new business initiative where GPES is to opt for automatic electricity utility bill generation system. The system is to be highly available and secure and work with internet connected electricity meters powered by latest IoT using 5G technology installed on customer's premises. This, he argues will reduce the cost, increase efficiency and ultimately improves the bottom line when comes to profitability.
Starting in first quarter of 2020, the company is planning to install the new meters to all their customer premises, business as well as their domestic customers. In the first phase, meters will be installed to the premises of the business customers only, which numbers around 150 customers site. Electricity usage data from the meters are to be automatically uploaded on weekly basis. GPES also requires that electricity usage data be read remotely from the company if required.
Depending on what customers choose, the system should generate electricity utility bill every month or quarterly. Bills will be automatically emailed to the customers and or a printed version is generated and posted to the customers if required. The system should also be able to generate automatic reminder notification for the bills not paid on time. Notifications should be in the form of email or hard copy send to the customer.
GPES has opened two regional branches in Melbourne and in Brisbane to cover Victoria and Queensland market place as part of GPES drive toward nationwide service coverage. GPES also supports staff to work at home. GPES business structure includes the following departments:
1- Management
2- Engineering
3- Sales
4- Marketing
5- IT support
6- HR
7- Accounts
8- Customer Support
Requirements
Your task is 2-folds:
Task 1: Written Report
• Need analysis and implementation plan for GPES HQ:
GPES HQ is to be designed based on the latest integrated LAN enterprise architecture with security, high availability, redundancy and load balancing at its core. Your analysis should include but not limited to:
- Authentication,
- Authorization,
- Accounting/logging.
• Security of IoT enabled meters:
Your written report must thoroughly discuss, but not limited to:
- legislative compliance issue relating to IoT enabled meters
- suitability of protocols and technologies to read meters remotely
- protecting GPES enterprise networks from IoT enabled meters exploits.
Task 2: Network design and configuration
• As proof of concept, you are to prototype the proposed design of your GPES enterprise network using Cisco Packet Tracer version 7.1 for the configuration. Your small-scale network should include a site for the HQ LAN network and one of the branch offices of your choice.
• Industrial best practice and recommendations should be adopted. For GPES HQ LAN, you may consider a three-zone security model: internal, external and DMZ.
• For the HQ network, you should also consider, but not limited to:
- VLANs (choose no less than 3 vlans)
- DHCP service,
- Server-based AAA service, with TACACS+ and/or RADIUS servers,
- NTP, Web Server, FTP Server, TFTP server, etc.
- LAN security,
- Syslog Server,
- ASA firewalls,
- Authenticate devices connected to the network through switch ports.
Communication between the HQ and the branch office should be secure.
- Site-to-site VPN should be use
- HQ uses a Cisco ASA firewall.
- For the firewall in the branch office, you may use Cisco ASA firewall or Cisco router with IOS zone based firewall support. Whichever security appliance you choose, you are required to have a brief discussion about each in your report with reasoning and justification for your choice.
• You should also include some home office users' connections.
Your report should include, but not limited to, the following sections:
- An abstract summarizing your report
- A table of contents
- The objectives of the report
- Network Topology
- Research and discussion about your choice of design
- Conclusions and/or Recommendations
- Reference/bibliography
- appendices
Your Packet Tracer file should have:
- the test network topology you designed
- fully working configurations which match the contents of your report.
* You must use Packet Tracer v7.1
If you use a different way to configure your design other than Packet Tracer, you have to convert your final configurations into Packet Tracer:
- commands that do not supported by Packet Tracer should be included in the written report.
Assessment
Your report will be assessed based on:
- Neatness and professional presentation
- Show your understanding of IT security requirement, in the context of modern corporate environment
- Scope and areas covered.
- Rationales for your design, suggestions and recommendations
- How practical are your recommendations
- A general, basic or even shallow discussion will ended up with bad result
- Extensive and in-depth discussion will get you good mark.
Report submission
You need to submit your work using the link in Moodle. If you are not familiar with Turnitin, refer to the Turnitin Guide for Students in Useful Resources in Moodle. Make sure only ONEmember of your group submits the report and the working Packet Tracer file. Name you report and Packet Tracer file as follow:
{NameofStudentSubmit}_Project_Report.docx
{NameofStudentSubmit}_Packet_Tracer.pkt
Incorrect filename and format will not be marked.