User Account

All Pages

Re-design the companys hq network

Assignment Help Computer Network Security
Reference no: EM131936603

Assignment

This project provides an opportunity for students to apply their understanding of practical security concepts, network design and security implementation skills gained from lectures, studying the online curriculum, discussion as well as self-study and online research.

You are required to design, setup and implement a secure network infrastructure for a company. You need to do your research in order to provide a through and workable design. You should also show your research results in your written report.

To complete this Project properly with all required documentations is not a trivial task. It is important that you read and understand each requirement and complete all tasks as study progress.

You need to submit a written report and a working Packet Tracer file.

General Requirements and suggestions

1. You should plan and complete the Report on a weekly basis so that all tasks can be completed properly. Leaving the Report to the very last day(s) will result in an unprofessional research report.

2. The configuration must be working and is based on your Topology design.

3. Use Packet Tracer version 7.1 or for all your configuration.

4. All information sources must be appropriately acknowledged and a full bibliography is required.

5. Research using internet would be helpful. Make sure you state the source of the materials.

Scenario

XYZ Ltd. Pty (you can use your group name as the Company's name) is a medium size company based in Sydney. The Company has grown from a small company into a medium size company in recent years. It also has plan to expand further in the next two years. As the company's growth, the needs for securing its assets and IT infrastructure is getting more and more important. The Company hires you, a network security expert, to help them achieve their goals.

The Company has two offices: The HQ Office is in the City and a Branch Office at Liverpool. The current network setup is as follow:

The HQ Office was originally setup by a general admin staff, Steve, who is enthusiastic about networking. The structure of the network was not flexible and scalable enough to grow with the Company. It has an edge router, R1 and multiple access layer switches. When there is a need to connect more staff devices, more switches will be added. There are three major departments in the HQ Office: namely Management and Admin, HR and Finance, and Sales. The HQ has an internet connection through an ISP. It also has a dedicate link connecting the Branch Office.

The Branch Office is a small network which has a edge router, R11 and a access layer switch. Direct access from the Branch Office to the HQ Office is through dedicate connection.

The Company will expand the business to other states. It has hired M in Melbourne and B in Brisbane for the expansion. There is no office setting in these two cities. So both M and B use their home computers to do their work. Remote access connection will be needed from their homes to the HQ Office.

Requirements

Your task is to re-design the company's HQ network and secure the Company's network infrastructure and communications, which includes the following:

General: redesign a new IP address scheme for the whole network. You need to make sure that the size of routers' routing tables is optimised. The Company also want to start using IPv6 in their network. If full IPv6 implementation is not possible, you should at least plan for it and configure some part of the network using IPv6 as a start. Budget had already approved so you can add or replace devices to the network as you see fit in your design. You are also required to secure the management plane, control plane and the data plane of all the devices.

New Network Topology: Your network design should adopt industrial best practice for layer 3 and layer 2 devices. For the HQ Office, you should include, but not limited to:

• DHCP service,
• Server-based AAA service, with TACACS+ and/or RADIUS servers,
• NTP ,
• Syslog Server,
• ASA firewall,
• Dynamic routing protocol
• monitoring system such as Netflow,
• VLANs

For the Branch Office, the network topology does not need to be changed.

Securing the Network:

Your major task is to secure the HQ Office. It should include, but not limited to, the followings:

• secure network devices physically,
• harden the layer 3 device: management plane, control plane and data plane.
• network segmentation: based on departments
• protect the LAN network from major types of layer two attacks, eg. VLAN attacks,

DHCP attacks, DTP, VTP as well as STP manipulation, etc.

• use AAA for authentication
• secure NTP communications
• adopt industrial best practice for layer 3 and layer 2 devices

You should also plan and secure the Branch Office. The Branch Office security implementation should include, but not limited to, the followings:

o secure network devices physically,
o harden the layer 3 device: management plane, control plane and data plane.
o using Zone-based Policy Firewall on the edge router, R11, to protect the Branch
Office from major types of cyber attacks.
o implement Intrusion Prevention System (IPS)

Securing communication between HQ and Branch Office

Your task is to secure communication between sites by:

• installing a Cisco ASA Firewall in HQ Office.
• Setting up site-to-site IPSec VPN tunnels between HQ ASA and Branch R11

Securing communication between HQ and Home users

Your task is to secure communication between HQ and Melbourne and Brisbane. You should provide secure remote access by:

- Clientless VPN connecting to the ASA Firewall Hints

To ensure that you can apply most of the knowledge, make sure you are using the latest IOS you can get for all the devices. You should also make sure that your ASA Firewall is running the latest IOS, and upgrade from base licence to Security Plus licence. To use Security Plus licence on ASA, configure the following command:

ASA# activation-key 0x1321CF73 0xFCB68F7E 0x801111DC 0xB554E4A4 0x0F3E008D

You can use a router or multiple routers to represent the ISP/Internet that connecting the whole Company's network. You need to make sure that the ISP/Internet routing is set up properly so general communication can be achieved. You can also use the Cloud in Packet Tracer to represent the ISP/Internet.

Limitation

The latest version of Packet Tracer can support most of the configuration you may need in this project. However, there may still be some commands, according to your design, that may not be supported. If this is the case, you can include these configurations in your recommendation. Marks will be deducted if you put configuration/commands that supported by Packet Tracer in the recommendation.

Deliverable

You are expected to deliver a professional piece of work and a working Packet Tracer file. The report is expected to be concise, systematic and well organise in a logical manner. The length of the body of the report should be at least 2000 words (excluding IP address scheme, page title, abstract, references and appendix). The report must have a cover page. Supporting materials and references should be part of the Appendix.

The report should, but not limited to, these sections:

1. An abstract summarizing your report
2. A table of contents
3. The objectives of the report
4. Network Topology
5. Research and discussion about your design
6. Conclusions and/or Recommendations

- Reference/bibliography - appendices

The Packet Tracer files should have:

1. the network topology you designed for XYZ Ltd Pty.

2. working configurations which match the contents of your report.

If you use a different way to configure your design other than Packet Tracer, you have to convert your final configurations into Packet Tracer:
- commands that does not supported by Packet Tracer should be included in the written report

Assessment

Your report will be assessed based on:

• Neatness and professional presentation
• Show your understanding of IT security requirement, in the context of modern corporate environment
• Rationales for your design, suggestions and recommendations
• How practical are your recommendations
• Scope and areas covered.
• A general, basic or even shallow discussion will ended up with bad result.

Reference no: EM131936603

Questions Cloud

What is your optimal position in the risky asset : If you want your complete portfolio to have a standard deviation of 15%, what percentage of your complete portfolio should be invested in the risky portfolio?
What is the coupon rate of bond : What is the coupon rate of this bond? (Answer to the nearest hundredth of a percent, i.e. 1.23 without the % sign).
Determine how much money will you have after 20 years : If you invest $26,778 today at an interest rate of 6.71 percent, compounded daily, how much money will you have in your savings account in 20 years?
What effect would the finding have on your responses : On further analysis, you find that the growth rate in FCF beyond 2019 will be 4% rather than 3%. What effect would this finding have on your responses.
Re-design the companys hq network : Your task is to re-design the company's HQ network and secure the Company's network infrastructure and communications.
What will the fund balance grow to in 35 years : If you invest $500 at the beginning of each year in a mutual fund earning an average 9% after-tax rate of return.
How to run the business : They decide together what to serve, what hours to operate, and generally how to run the business. Do they have a partnership?
Current share price-no dividends will be paid on the stock : Metallica Bearings, Inc., is a young start-up company. No dividends will be paid on the stock over the next nine years, what is the current share price?
Who pays the tax the partnership or able : Who must file a tax return listing this as income, the partnership or Able? Who pays the tax, the partnership or Able?

Reviews

Write a Review

Computer Network Security Questions & Answers

  Indicate whether the certificate is valid or not

Identify the key elements in certificate, including the owner's name and public key, its validity dates, the name of the CA that signed it, and the type and value of signature.

  Discuss briefly the use of inheritance blocking and forcing

You are required to show evidence that you can prevent student phone numbers on the user information from being read by anyone other than Dorothy Liddleton and the appropriate section manager.

  Problem regarding the website migration project

Tony's Chips has recently been sold to a new independent company. The new company has hired you to manage a project that will move the old Website from an externally hosted solution to an internal one.

  Describe ways hacker can gain access to employee information

Describe two (2) ways a hacker can gain access to employee information. Recommend the steps an organization could take to address these security breaches after the fact. Then, outline a plan for preventing these breaches from occurring, and specif..

  How clark -wilson model is implemented on computer system

Assume that the Clark -Wilson model is implemented on a computer system. Could a computer virus that scrambled constrained data items be introduced into the system?

  Create alternative message which has hash value

Generates the alternative message which has a hash value which collides with Bob's original hash value. Illustrate a message that Alice may have spoofed, and demonstrate that its hash value collides with Bob's original hash.

  How to find anti-virus and firewall sw on your computer

How to find anti-virus and/or Firewall SW on your computer. Discussion on how to remove unwanted Virus and Malware?

  Passive eavesdropper observes single execution of protocol

Show that a passive eavesdropper that observes a single execution of the protocol can recover key s and impersonate the tag.

  Describe the steps necessary to restore operations

A disgruntled employee takes a critical server home, sneaking it out afterhours. For each of the scenarios (a-e), describe the steps necessary to restore operations. Indicate whether law enforcement would be involved.

  Capabilities of midrange systems and power of supercomputers

Some commentators have suggested that mainframe computer systems could be squeezed out of existence in the next few years, with the incredible advances in the capabilities of midrange systems and the power of supercomputers combining to divide up ..

  How will cross-forest trusts be implemented

CMIT-371 Windows Network ServicesProposal- How will Forest Functional Levels be implemented? How will cross-forest trusts be implemented? How will replication be handled? Read-Only Domain Controllers - how and where will they be used?

  Cryptography assignment

cryptography assignment:  Consider the following problems: (P1) computing the output p from an input n; (P2) computing the output phi(n) from an input n. Which one of the following statements is true?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd