Module 08 - PART 2 Course-Long Project-Project
docx
keyboard_arrow_up
School
Palm Beach State College *
*We aren’t endorsed by this school
Course
1712
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
5
Uploaded by CLAUDIAMESA7677
1
Network Design and Plan: Firewall Selection and Placement
Part 2 Claudia Mesa
Palm Beach State Collage
CNT 4406 1 Network Security and Cryptography
Dwight Elliott
March 12, 2024
1
2
Project Part 2: Firewall Selection and Placement
Research and Selection of Firewalls:
a. Firewall Selection and Placement:
Border Firewall:
I recommend deploying a next-generation firewall (NGFW) such as Palo Alto Networks PA-Series. This firewall offers advanced threat protection capabilities, including intrusion prevention, malware detection, and application control. It
should be placed at the perimeter of the network to inspect and filter all incoming and outgoing traffic effectively. This ensures maximum protection against external threats and
unauthorized access attempts.
Network Firewall:
For internal network security, a Unified Threat Management (UTM) firewall like Fortinet FortiGate is suitable. It provides comprehensive security features such as antivirus, web filtering, and VPN support. This firewall should be strategically placed within the internal network to monitor and control traffic between different segments, ensuring protection against internal threats and unauthorized access.
Workstation Firewall:
Windows Defender Firewall is a reliable choice for workstation protection, especially for remote employees. It offers basic firewall capabilities along with integration with Windows Security for threat detection and prevention. Each workstation should have its firewall enabled to provide an additional layer of defense against malicious activities and unauthorized network access.
2
3
b. Addressing Network, Server, and Workstation Firewalls:
Network Firewalls:
Positioned at the network perimeter, these firewalls filter traffic entering and leaving the network, enforcing security policies and protecting against external threats.
Server Firewalls:
Installed on servers to control incoming and outgoing traffic specific to server applications and services, minimizing the attack surface and protecting critical data and resources.
Workstation Firewalls:
Deployed on individual workstations to regulate network traffic based on predefined rules, safeguarding endpoints from malicious activities and unauthorized access attempts.
Plan for Creating a DMZ:
Creating a DMZ:
The DMZ will be established between the border firewall and the internal network. It will host publicly accessible services such as web servers and email servers, segregating them from the internal network for enhanced security. Access control
lists (ACLs) will be configured on the border firewall to allow only necessary traffic to and from the DMZ, while blocking direct access to the internal network.
Enhanced Security:
By isolating publicly accessible services in the DMZ, the internal network is protected from potential attacks targeting these services. Any compromised systems in the DMZ have limited access to the internal network, minimizing the impact of security breaches.
3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
High-Level Plan for Secure Authentication:
Secure Authentication:
Implementing multifactor authentication (MFA) for accessing internal network resources is crucial. This involves requiring users to provide multiple forms of identification, such as passwords, biometrics, or smart cards, significantly reducing the risk of unauthorized access even if credentials are compromised.
Integration with Identity Management Systems:
Integrate authentication mechanisms with centralized identity management systems like Active Directory or LDAP for centralized user management and enforcement of security policies across the network.
4
5
Sources:
Palo Alto Networks. (n.d.). Next-Generation Firewall (NGFW). Retrieved from https://www.paloaltonetworks.com/network-security/next-generation-firewall
Fortinet. (n.d.). Unified Threat Management (UTM). Retrieved from https://www.fortinet.com/products/unified-threat-management
Microsoft. (n.d.). Windows Defender Firewall. Retrieved from https://www.microsoft.com/en-us/windows/firewall
Cisco. (n.d.). What Is a DMZ? Retrieved from https://www.cisco.com/c/en/us/products/security/what-is-dmz.html
Microsoft. (n.d.). Plan for Multifactor Authentication. Retrieved from https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-
getstarted
5