Assignment

Part 1:

Scenario

In this scenario you are going to take on the role of an IT Security Consultant. The company unequal tact has hired you to provide a recommendation that will bolster the security architecture of the organization while meeting the criteria below.

Requirements:

• The webserver should be accessible from outside the network but not internally.

• Traffic should be restricted between the internal network and the webserver. (This should be based on your judgement and best practices. You will need to defend your choices).

• The webserver processes payment card information on an internal database, this must be taken into consideration when making design decisions.

• Network and System Administrators require a means to securely access the network remotely to address problems.

• The workforce at unequal tact regularly works remotely and requires a secure method to access the network.

• All other traffic should be allowed/blocked based on appropriate strategy and research.

• The solution should take into account the CIA triangle.

• The solution should take into account, ease of use, functionality and security.

• These requirements are areas that I have specifically identified. Material and discussions we have had in the class should fill in other areas based on the information presented in this document that need addressed.

Background:

• The client hosts a webserver.
• The client hosts a database that stores payment card information
• The client has an intranet site.
• The client has only one ingress/egress to the network.
• The client has roughly 1000-2000 employees& workstations.
• The organization has a guest wireless network.
• The client has a hybrid email setup (On premise and cloud solution.
• The client is at one geographic site with 1 data center.
• The client uses Kaspersky AV.

Deliverables:

• Network Diagram with your suggested solution that includes the following:

o All equipment represented including but not limited to (routers, switches, workstations, vpn appliances, servers, web servers, cabling, etc..) Standard/recognizable images should be used.

o Identify the 7 domains within your diagram

o Identify the IP address, subnet mask and default gateway for the devices. Workstations you can provide a range

o Make sure it is clear what device is being shown.

• A Firewall Security Policy

o You should provide the ACL for your firewalls within this policy.

- The ACL should include common information, inbound vs outbound, source address, source port, destination address, destination port, action.

o Basic Configuration information of your firewalls
o Please see the power point, book or conduct independent research to provide a comprehensive policy.
o The firewall configurations must be able to be tied to specific devices on the network diagram so please be sure to include this.

• A written break down of decisions that you made during the design of your solution and why. Think about your overall approach to the solution, the decision you made and how it supports your strategy.

Part 2:

Scenario

In this scenario you are going to take on the role of an IT Security Consultant again. It has been one year since you provided your initial recommendation to the company unequal tact. The company has just announced a merger with another organization. You have been tasked to provide guidance to safeguard the companies assets during the transition based on the criteria below. All existing requirements, planning and background are still in play unless otherwise stated.

Requirements:

• The two networks must be joined, the method should be a new physical link from site to site.

Keep in mind that the existing requirements are still in play for unequal tact network, plan accordingly.

• The new organizations database must connect periodically to unequal tacts locally hosted database. Special consideration needs to this communication as payment card info will be transported between the two.

• Unequal tacts intranet site should be accessible from the new organizations LAN.

• These requirements are areas that I have specifically identified. Material and discussions we have had in the class should fill in other areas based on the information presented in this document that need addressed.

Background:

• The new organization hosts a webserver
• The new organization hosts a database that stores payment card information
• The new organization has only one ingress/egress network.
• The new organization has a perimeter firewall.
• The new organization has one geographic site with 1 data center
• The new organization has roughly 1000 employees and workstations

Deliverables:

• Aupdated Network Diagram with your suggested solution that includes the following:

o All equipment represented including but not limited to (routers, switches, workstations, vpn appliances, servers, web servers, cabling, etc..) Standard/recognizable images should be used.

o Identify the 7 domains within your diagram

o Identify the IP address, subnet mask and default gateway for the devices. Workstations you can provide a range

o Make sure it is clear what device is being shown.

o Make sure to incorporate the new network/components and changes in architecture.

• A Firewall Security Policy (Updated policies as well as new policies to incorporate any additional devices)

o You should provide the ACL for your firewalls within this policy.

- The ACL should include common information, inbound vs outbound, source address, source port, destination address, destination port, action.

o Basic Configuration information of your firewalls
o Please see the power point, book or conduct independent research to provide a comprehensive policy.
o The firewall configurations must be able to be tied to specific devices on the network diagram so please be sure to include this.