Assignment – NETWORK SECURITY POLICY & INFRASTRUCTURE
To provide learners with opportunities to manage, support and implement a secure network infrastructure for a commercial LAN or WAN environment.
On successful completion of this unit a learner will:
1. Understand the impact on the social and commercial environment of network security design
2. Be able to design network security solutions
3. Be able to implement network security solutions
4. Be able to manage network security solutions
SCENARIO: Genesis Online Company
Genesis Online is a medium sized e-commerce company that sells student resources like books and pens online. On average, it has about 300 customers a day accessing the company e-commerce site.
Genesis Online has offices at three locations supporting a total of 250 employees. The company has a file and print server as well as a public web server that hosts the e-commerce website
The internal network for Genesis Online is logically divided according to the departments in the company. The departments include HR (Human Resources), IT (Information Technology), Accounting, Customer Service, Sales and Marketing, and Inventory.
The management of Genesis Online has decided that you should go ahead with the development of Project as detailed below:
Genesis Online requires a new security policy for the design, implementation and management of the company’s network security solutions. As part of the contract between your company and Genesis Online, you are also required to analyse the current network of Genesis Online and suggest alternative secure network designs.
The Genesis Online IT department has provided you with a diagram of the company’s suggested network layout. The network diagram, entitled Genesis Online Network, is attached below. You have been asked to review the design and provide technical support for the implementation of the proposed network. Genesis Online would like you to make suggestions on how the security of their network can be improved.
PART 1 – Network Security Concepts
LO1: Understand the impact on the social and commercial environment of network security design
Write a report to present the work for the following tasks to help Genesis Online management understand their current network security vulnerabilities and what can be done to counter them:
a) Study the Genesis Online Network diagram provided to understand their current system’s network security. Genesis Online uses an online form to collect customer payment information. They then use the information to manually request payments from banks and credit card companies of customers.
Evaluate thesecurrent processes and methods of implementing Secure Electronic Transaction for e-commerce applications that Genesis Online could possibly use
b) Upon further investigation into Genesis Online current system’s network security 3 issues were noted, which you are also mandated to resolve, thus:
a. Describe types of potential malicious threats and their impacts against the Genesis Online network to help its IT department understand how their network, especially its e-commerce website can be compromised. Identify and critically evaluate the security technologies, products and solutions that could be used to counter such threats
b. Discuss the security measures that could be implemented to ensure messages passed over the LAN and the internet between remote users and Genesis online are not accessible to unauthorised users
c. The management of Genesis Online are concerned about having very little data on the security and usage of their network infrastructure equipment. Suggest and describe a network management tool that could be used to obtain such data on the genesis Online network.
c) Tunnelling protocols have assumed increased importance in the need to establish secure point-to-point communication over public networks to help create VPNs (Virtual Private Networks). Discuss the potential impact of a proposed network design such as this, which embraces tunnelling and other options for creating VPN for secure data transmission across the Internet that could be used for Genesis Online network.
d) Explain what is meant by trusted and untrusted network, and DMZ (Demilitarised Zone). Discuss the following types of firewalls: Packet filtering, State filtering and Application Layer Gateway (Proxy).
Part 2 – Security Design, Emulation, Testing & Evaluation
LO2: Be able to design network security solutions
LO3: Be able to implement network security solutions
LO4: Be able to manage network security solutions
In relation to the network design provided and your proposed network security design in Part 1, Task 1c above, you are required to develop an IT Security Policy for Genesis Online. You need to gather the security requirements for the company by creating a list of questions that you will ask the genesis Online management team and its IT department to better understand the company’s security requirements.
• Using the security requirements gathered, explain and identify network boundaries, analyse and create a security policy for Genesis Online. Explain what is meant by Security Wheel and why it would be important to Genesis Online even after the new security policy is implemented.
• Before you produce a final network design for Genesis Online which is based on the network diagram specifications provided, try out possible site protection mechanisms that could be used to design the network
• Evaluate the design and analyse any feedback received from client workshops and/or meeting (including feedback from your colleagues/tutor)
• Using your proposed design, construct a complex network security solution
• Systematically test the complex network security solution, and evaluate live emulations for at least two (2) firewall/DMZ architectures
• Use a test plan to document your analysis and test results
• Provide evidence that you have/can manage a network security solution by performing the following change management and ICMP protocol activities with printouts in evidence:
|1||Backup and restore files|
|2||User group creation/deletion; user account creation/deletion|
|3||Design and develop login scripts|
|4||Install and/or update antivirus software; perform virus scan|
|5||Perform File clean-up|
|Understand and perform the following ICMP Protocol (echo-request) commands:|| |
|13||Finger -l [user]@host|