Network Design Project
docx
keyboard_arrow_up
School
Meru University College of Science and Technology (MUCST) *
*We aren’t endorsed by this school
Course
238
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
25
Uploaded by kipketervictor40
1
Network Design Project Group Names:
Course Name:
Group Names:
Date of Submission:
2
Project Part 1: Network Design
To prevent future cyber attacks, the corporation's technology team will develop a comprehensive plan to educate employees on the importance of security and best practices for safeguarding sensitive data (Radosavovicv et al., 2020). This will involve training sessions, informational materials, and regular reminders to raise awareness and foster a culture of security within the organization.
In addition, protocols such as HTTP (Hypertext Transfer Protocol) will be implemented to facilitate communication among all users in cyberspace. This protocol is widely used for accessing and transferring data on the Internet and can provide security through encryption and secure communication channels (Radosavovicv et al., 2020). By implementing HTTPS (Hypertext Transfer Protocol Secure), the secure version of HTTP, the corporation can ensure that all sensitive data transmitted over their network is encrypted, making it more difficult for attackers to intercept and steal.
Another crucial aspect of securing the network is implementing secure communication between software programs. For this, a Remote Procedure Call (RPC) will be utilized. RPC is a network programming technique that allows programs to communicate with each other remotely over a network (Yadav et al., 2022). This means that programs can share resources and data without being
3
physically connected. By utilizing RPC, the corporation can improve the efficiency
of its network while still maintaining a high level of security.
The team will implement the Network Basic Input/Output System (NetBIOS) to facilitate communication between computers within the network. This protocol enables communication of computers within a local area network (LAN). NetBIOS was developed to ease communication between devices on a LAN, and it does so by using a unique identifier for each device on the network. This identifier, a NetBIOS name, is used to identify and locate different devices and services within the network, making it easier for them to communicate. NetBIOS will improve the efficiency and security of the corporation's network by providing a standard method for devices to identify and communicate with each other.
Lastly, the Dynamic Host Configuration Protocol (DHCP) will organize IP addresses and set limitations for each network device. DHCP is a network protocol that automates the assignment of IP addresses to devices within a network (Shrestha et al., 2023). By using DHCP, the technology team can control the allocation of IP addresses and set restrictions for specific devices on the network, such as limiting the number of devices, a user can connect to the network or setting
a time limit for their connection. This helps prevent unauthorized access to the network and reduces the risk of cyber-attacks.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
Network Configuration
Port redirection and reverse proxy are critical to securing a company's
internal network (Shrestha et al., 2023). They act as a protective barrier, preventing
direct access from external sources and safeguarding the internal network. In this
section, we will further discuss the importance of these methods and their role in
the network security infrastructure.
Port redirection is a technique that involves forwarding network traffic from
one port to another. It is commonly used to allow external access to specific
services or applications running on an internal network without exposing the entire
network to potential security threats (Shrestha et al., 2023). For instance, a
company may redirect incoming traffic from port 80 (HTTP) to a web server
running on port 8080, effectively hiding the exposed web server from external
sources. This strategy minimizes the attack surface and limits potential
vulnerabilities, making it a crucial part of network security.
Similarly, a reverse proxy acts as an intermediary between the external and
internal networks. It can be configured to handle requests from external sources
and forward them to the appropriate services within the internal network. This
setup keeps the internal network hidden from external sources, reducing the risk of
potential attacks (Ajaz et al., 2023). Moreover, a reverse proxy can also act as a
5
load balancer, distributing incoming traffic across multiple servers, further
enhancing network security and improving performance.
In addition to port redirection and reverse proxy, the overall network design
should prioritize security. This involves implementing a multi-layered security
approach, also known as defense in depth. The network should be divided into
security zones, each with security measures and access controls (Ajaz et al., 2023).
This helps contain potential security breaches, limiting their impact on the overall
network.
One effective way to implement this multi-layered security approach is
through two firewalls. The first firewall, also known as the perimeter firewall, is
placed between the external and internal networks. It acts as the first line of
defense, filtering incoming traffic and preventing unauthorized access to the
internal network (Ajaz et al., 2023). The second firewall, or the internal firewall, is
placed between different zones within the internal network. It helps control and
monitor traffic within the network, further strengthening security.
Remote access is another important aspect of network security, especially in
today's modern workplace. A virtual private network (VPN) is a secure connection
that enables remote access to an internal network. It creates a secure encrypted
tunnel between the user's device and the internal network, ensuring that the data
6
exchanged is protected from potential threats. With increased remote work, VPNs
have become crucial in maintaining network security.
One cannot emphasize enough the importance of proactive measures in
network security. Therefore, an intrusion detection system (IDS) is employed to
identify and alert of potential attacks. It monitors network traffic and compares it to
known attack signatures, raising an alarm if a possible attack is identified. This
allows for quick detection and mitigation of threats before they can cause
significant damage to the network.
Utilizing port redirection and reverse proxy, along with a multi-layered
security approach, virtual private networks, and intrusion detection systems, is
crucial for maintaining the security of a company's internal network. These
measures work together to strengthen the network infrastructure and promote
network security, ensuring the safety of the internal network. It is essential for
companies to continuously update and assess their network security infrastructure
to stay ahead of potential security threats.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7
High-Level Plan
Certain steps need to be followed to choose a relevant communication plan
for a company. The first step involves conducting thorough investigations to
analyze the situation (Jin et al., 2023). This will better understand the company's
current communication methods and identify any flaws or gaps in the process.
Next, it is important to clearly outline the goals that the company wants to
achieve through its communication plan. This will help identify the key elements
that must be included in the project and ensure they align with the company's
objectives (Jin et al., 2023). Once the goals are established, the focus should shift
towards finding the best ways to communicate the information to the target
audience. This involves identifying the most effective transmission channels that
will enable the company to reach as many people as possible.
Furthermore, it is crucial to establish multiple servers to manage the
information flow efficiently. Additionally, using secured gateways and firewalls is
8
essential to ensure the safety and security of the company's communication
network. Firewalls can also be utilized to filter network traffic and prevent any
unauthorized access.
Moreover, the company must have a plan in place for change control, as
communication methods and technologies are constantly evolving. This will ensure
that the communication plan can adapt to any changes in the market or within the
organization itself (Jin et al., 2023). Lastly, it is important to have a backup plan in
case the primary internet service provider (ISP) cannot supply web services. This
could involve finding alternative ISPs or establishing a backup plan for internet
access.
In conclusion, choosing a relevant communication plan for a company
involves thoroughly analyzing the situation, setting clear goals, identifying
effective transmission channels, implementing security measures, planning for
change control, and having a backup plan (Jin et al., 2023). By following these
steps, a company can communicate effectively with its target audience and achieve
its desired outcomes.
Pv4 or upgrade to IPv6
The increasing popularity of IPv6 and its gradual replacement of the
traditional IPv4 is transforming the landscape of internet communication. Its main
purpose is to provide a larger pool of unique TCP/IP addresses, as the limited 4.3
9
billion addresses offered by IPv4 have been completely exhausted. This limitation
has been a driving force behind the development of IPv6, and its resolution is a
significant breakthrough for the future of the Internet. The most considerable
advantage of IPv6 is its ability to accommodate the ever-growing number of
internet-connected devices (Jin et al., 2023). As the Internet of Things (IoT)
continues to expand, the demand for addresses has skyrocketed, and IPv6 offers a
long-term solution to this pressing issue.
Apart from its ability to provide a larger address pool, IPv6 offers enhanced
security features, making it a more secure and reliable option for Internet
communication. One of its major security upgrades is implementing the Secure
Neighbor Discovery (SEND) protocol, which allows for cryptographic validation.
This feature ensures that a connected host is authentic and prevents unauthorized
access, providing additional protection against cyber threats.
Moreover, IPv6 also includes other security measures, such as IPsec, which
offers end-to-end encryption, guaranteeing the confidentiality and integrity of
transmitted data. This is a significant improvement from IPv4, which did not have
built-in encryption capabilities and relied on additional protocols to provide
security.
In conclusion, the emergence of IPv6 is a crucial development in internet
communication. It not only addresses the pressing issue of address exhaustion but
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
10
also offers enhanced security features, making it a more reliable and secure option
for internet connectivity. With its efficient use of resources and advanced security
measures, IPv6 is a vital innovation essential for the future of the Internet.
Network Diagram
Project Part 2: Firewall Selection and Placement
As the senior network architect at Corporation Techs, I am responsible for ensuring the security of the network perimeter and internal network resources. After consultation with the senior network architect and assessing the current state of the network, it has been determined that the existing border firewall needs to be replaced, and a demilitarized zone (DMZ) should be created to enhance network
11
security. In addition, the network authentication needs to be revamped to increase security (Coscia et al., 2022). In this project, we will discuss the selection and placement of firewalls, the creation of a DMZ, and a plan for secure network authentication.
Selection and Placement of Firewalls
To ensure optimal network perimeter security, selecting and placing firewalls strategically is important. Firewalls act as a barrier between the internal and external networks, filtering incoming and outgoing traffic based on specified rules (Coscia et al., 2022). I have selected three types of firewalls for Corporation Techs – network, server, and workstation firewalls, each with a specific purpose and placement.
Network Firewalls
A network firewall is the primary line of defense for the network perimeter. It is placed at the network's border, between the internal and external networks. A network firewall should be chosen based on its ability to handle the traffic volume, advanced security features, and scalability. After careful consideration, I have selected the Cisco ASA 5500-X series firewall for Corporation Techs (Liang & Kim, 2022). This firewall offers advanced threat protection, a next-generation intrusion prevention system (NGIPS), and advanced malware protection (AMP). It
12
also has a high throughput capacity, making it ideal for the traffic volume of Corporation Techs.
Server Firewalls
Server firewalls are essential for protecting the internal network from threats
that may originate from within the network. They are used to control the incoming and outgoing traffic to and from servers. I recommend using a server firewall at the
boundary between the DMZ and the internal network for Corporation Techs. This will enable the server firewall to control and monitor the traffic entering and leaving the DMZ (Liang & Kim, 2022). The Microsoft Windows Server 2019 built-in firewall is recommended for this purpose. It has advanced features such as application and port-based filtering, making it an effective solution for controlling traffic in the DMZ.
Workstation Firewalls
Workstation firewalls protect individual computers and devices within the internal network. They provide an added layer of security by filtering incoming
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
13
and outgoing traffic from a specific device. I recommend using a host-based firewall, such as the Windows Defender Firewall, for Corporation Techs' workstations (Liang & Kim, 2022). This firewall is built into the Microsoft Windows operating system and offers basic network protection by blocking unauthorized incoming traffic and allowing only authorized outgoing traffic.
Creation of a DMZ
A DMZ is a security zone separate from the internal network, where external-facing servers and services are placed (Kim & Barber, 2022). The purpose
of a DMZ is to provide an extra layer of security by limiting direct access to the internal network. To create a DMZ for Corporation Techs, I propose the following plan:
1. Identify the servers and services in the DMZ: This includes web servers, email servers, and other external-facing servers.
2. Implement a network firewall at the border of the DMZ and the internal network: As discussed earlier, the Cisco ASA 5500-X series firewall will be used for this purpose. It will be configured to allow only authorized traffic to enter and leave the DMZ.
3. Implement a server firewall at the boundary between the DMZ and the internal network: The Microsoft Windows Server 2019 built-in firewall will be
14
used for this purpose (Kim & Barber, 2022). It will be configured to allow only authorized traffic to and from the DMZ servers.
4. Configure access control lists (ACLs) on the network firewall and server firewall: This will further restrict access to the DMZ servers from external sources.
5. Implement a web application firewall (WAF) for the web server in the DMZ: A WAF provides an additional layer of protection specifically designed for web applications. It can detect and block common web application threats like SQL injection and cross-site scripting (XSS).
6. Regularly review and update the DMZ configuration: It is important to review and update the DMZ configuration to ensure that it is still effective in protecting the internal network.
15
Benefits of Creating a DMZ
Creating a DMZ for Corporation Techs' network offers several benefits. Firstly, it limits direct access to the internal network, making it more difficult for potential attackers to access internal resources. It also provides additional layers of security, such as the use of a network firewall, server firewall, and WAF (Wang, 2022). Placing external servers and services in the DMZ reduces the risk of critical internal resources being compromised in the event of a successful attack. Finally, a
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
16
DMZ can improve network performance by segregating external traffic from internal traffic.
Network Authentication Plan
In addition to enhancing network perimeter security and creating a DMZ, it is also important to revamp the network authentication process (Wang, 2022). The current username and password approach is no longer sufficient to protect against sophisticated cyber-attacks. For Corporation Techs, I propose the following plan for secure network authentication:
1. Multi-factor authentication:
Implementing multi-factor authentication (MFA) adds a layer of security to the network. It requires users to provide two or more forms of identification, such as a password and a unique code sent to their mobile device, before gaining access to the network.
2. Role-based access control: Implementing role-based access control (RBAC) ensures that users only have access to the network resources necessary for
their role. This reduces the risk of unauthorized access to critical resources.
3. Regular password updates:
Instituting policies for regular password updates can help prevent the use of compromised or weak passwords.
4. Implementing identity and access management (IAM) solutions: IAM solutions provide centralized access control and management for users and devices,
making enforcing and monitoring secure authentication practices easier.
17
5. Continuous monitoring and auditing:
Regularly auditing network authentication processes can help identify and address security vulnerabilities.
Project Part 3: Remote Access and VPNs
A VPN, or Virtual Private Network, is a network connection that utilizes the
Internet to establish a secure link between a device and a network. It allows for the
safe transfer of sensitive data by creating an encrypted channel that prevents
unauthorized individuals from accessing the transmitted information (Chatterjee et
al., 2022). This enables individuals to work together remotely while ensuring their
communication remains protected from external threats.
VPNs facilitate the connection of remote locations or individuals to a private
network by using a public network, such as the Internet. This can be achieved
through the company's network or a third-party VPN service (Chatterjee et al.,
2022). The term "virtual" in VPN refers to the fact that the connection is not
physical but instead uses the Internet as a medium to establish a secure link
between two entities.
The main purpose of VPNs is to ensure security, as all data transmitted
through the network is encrypted and, therefore, unreadable to third parties
(Chatterjee et al., 2022). This is particularly important for businesses that utilize
intranets, which are private internal networks that can only be accessed by
authorized individuals (Chatterjee et al., 2022). With the advancement of VPN
18
technology, these intranets can now be extended to connect remote locations or
individuals, allowing for efficient and secure communication across different
branches and teams. In essence, VPNs provide a reliable and secure means of
communication for businesses and individuals, facilitating collaboration and data
transfer without the risk of external interference. VPNs have transformed how
organizations operate by utilizing the Internet as a medium, enabling seamless and
secure connections regardless of physical location.
Most Appropriate VPN Technology
A Virtual Private Network (VPN) is a secure method of connecting a computer or a network to another network or server over the Internet. It enables users to access and use the resources of the remote network as if they were directly
connected to it. This is achieved by creating an encrypted tunnel through which all data and information can safely pass (Aditya, 2022). As a result, VPNs provide a secure and reliable way to establish connections between remote devices and networks.
The primary purpose of a VPN is to ensure the confidentiality, integrity, and availability of data that is transmitted over an untrusted network such as the Internet (Aditya, 2022). This is especially crucial for businesses that need to protect sensitive information and maintain the privacy of their communications. By
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
19
using encryption, VPNs protect data from being intercepted or accessed by unauthorized individuals.
A user typically needs to have a VPN client installed on their device to establish a VPN. This application allows users to connect to the VPN server and access the private network (Aditya, 2022). Businesses may also provide their employees with company-owned devices that already have the VPN client pre-
installed, making it easier for employees to access the corporate network from anywhere securely.
One common method of securing a VPN is using IPsec protocols. IPsec, short for Internet Protocol Security, is a set of protocols that establish secure connections and ensure that only authorized users can access the network (Aditya, 2022). These protocols use encryption and authentication techniques to protect data
from cyber threats and unauthorized access.
However, a VPN login using only a password can still be vulnerable to cyberattacks. To enhance security, businesses can implement two-factor authentication (2FA), requiring the user to enter a second form of verification, such
as a unique code sent to their phone and their password (Aditya, 2022). This adds an extra layer of security and makes it more challenging for hackers to access the VPN.
20
IPsec VPNs can be configured in transport mode and tunnel mode. In transport mode, the data is encrypted only for the specific session between two devices. In contrast, in tunnel mode, the entire data path is secured from one point to another (Aditya, 2022). This mode is particularly useful when connecting to a remote network or server over a public network.
Tunnel Mode
IPsec tunnel mode is a widely used method of creating a secure communication channel between two networks. This mode is most commonly used
between two secured network gateways, allowing hosts on both sides to connect securely with hosts on the other side (Nam et al., 2022). Any traffic sent between these two networks will be protected from potential threats or attacks.
The main purpose of IPsec tunnel mode is to establish a secure connection between two physically separated networks. This is useful when sensitive information needs to be transmitted between these two networks, such as between a branch office and a main office (Nam et al., 2022). The two gateways function as IPsec proxies, allowing users in either location to connect securely to systems in the other place.
It is important to note that although the IPsec channel is created between the two gateway hosts, it can connect any host within the secure networks (Nam et al.,
21
2022). This means that hosts on both sides of the network can communicate with each other securely, regardless of their location.
Hosts on both ends must be configured to use the tunnel mode to ensure that all traffic between the two networks is protected. Any data sent between the two networks will be encrypted before being transmitted, making it unreadable to potential eavesdroppers (Nam et al., 2022). In summary, IPsec tunnel mode is a secure method of establishing a connection between two networks. It is commonly used between secured network gateways in branch and main offices, allowing for secure communication between hosts. By encrypting all traffic between the two networks, IPsec tunnel mode helps to protect sensitive information from potential threats or attacks.
Transport Mode
An IPsec VPN creates a secure connection between two hosts, establishing what is known as a transport mode IPsec circuit. This is often used when a remote
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
22
server needs to be accessed by IT professionals for maintenance purposes. The structure of the IPsec circuit allows these individuals to securely log into the remote server without fear of their communication being intercepted or compromised (Kaur, 2022). The process involves the two hosts directly negotiating
and establishing the circuit, which automatically terminates once the session is complete. This type of connection is particularly useful for corporations needing to
provide remote access to their servers and networks for their technical staff. IPsec ensures that all data transmitted between the hosts is encrypted, providing an extra layer of security against potential cyber threats (Kaur, 2022). Overall, the transport mode IPsec circuit is an essential tool for corporations looking to maintain the security and integrity of their networks while still allowing for remote access for maintenance and technical purposes.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
23
References Aditya, Y. (2022). A consumer VPN framework to address its associated security and privacy risks. Telematique
, 4357-4372.
Ajaz, F., Naseem, M., & Ahamad, G. (2023). IP address allocation protocols in vehicular ad hoc networks. International Journal of Communication Systems
, e5490.
Chatterjee, P., Bose, R., Banerjee, S., & Roy, S. (2022). Secured Remote Access to Cloud-Based Learning Management System (LMS) Using VPN. In Pattern Recognition and Data Analysis with Applications
(pp. 111-126). Singapore: Springer Nature Singapore.
Coscia, A., Dentamaro, V., Galantucci, S., Impedovo, D., & Maci, A. (2022). A novel genetic algorithm approach for firewall policy optimization.
Jin, B., Zha, Z., Yu, M., Meng, H., Chen, J., Long, F., ... & Zhang, R. (2022, December). Wireless Communication-Based Coexistence of IPv4 and IPv6 for IoT Devices. In 2022 International Conference on Knowledge Engineering and Communication Systems (ICKES)
(pp. 1-7). IEEE.
Kaur, D. C. (2022). The vital role of vpn in making secure connection over internet
world. International Journal of Recent Technology and Engineering (IJRTE)
ISSN
, 2277-3878.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
24
Kim, Y. H., & Barber, N. A. (2022). Tourist’s destination image, place dimensions, and engagement: the Korean Demilitarized Zone (DMZ) and dark tourism. Current Issues in Tourism
, 25
(17), 2751-2769.
Liang, J., & Kim, Y. (2022, January). Evolution of firewalls: Toward securer network using next generation firewall. In 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC)
(pp. 0752-0759). IEEE.
Nam, T. S., Van Thuc, H., & Van Long, N. (2022). A High-Throughput Hardware Implementation of NAT Traversal For IPSEC VPN. International Journal of
Communication Networks and Information Security
, 14
(1), 43-50.
Radosavovic, I., Kosaraju, R. P., Girshick, R., He, K., & Dollár, P. (2020). Designing network design spaces. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition
(pp. 10428-10436).
Shrestha, P., & Sherpa, T. D. (2023, January). Dynamic Host Configuration Protocol Attacks and its Detection Using Python Scripts. In 2023 International Conference on Artificial Intelligence and Knowledge Discovery in Concurrent Engineering (ICECONF)
(pp. 1-5). IEEE.
Wang, P. (2022). Research on firewall technology and its application in computer network security strategy. Frontiers in Computing and Intelligent Systems
, 2
(2), 42-46.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
25
Yadav, V. S., Singh, A. R., Gunasekaran, A., Raut, R. D., & Narkhede, B. E. (2022). A systematic literature review of the agro-food supply chain: Challenges, network design, and performance measurement perspectives. Sustainable Production and Consumption
, 29
, 685-704.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help