Week 10 assignment – designing a secure network

 

 

Introduction

In this three-part assignment, you will  apply the various concepts you have learned throughout this course to  the design of the single most secure network possible, capable of  supporting three IT services: e-mail, file transfer (centralized), and  VPN. After you have fully designed your  network, you will need to provide three data flow diagrams explaining  how your designed network handles three different transactions: 

  • The first datapath diagram should show an internal user sending an  e-mail with their corporate e-mail address to a user on the Yahoo  domain with an arbitrary address of [email protected]
  • The second datapath diagram should show a user initiating an FTP  session from inside your network to the arbitrary site of  ftp.netneering.com.
  • The third datapath diagram should show an externally located  employee initiating a VPN session to corporate, in order to access files  on the Windows desktop computer DT-Corp534-HellenS at work.

The specific course learning outcome associated with this assignment is: 

  • Recommend solutions, products, and technologies to meet business objectives.

Instructions

Part 1

Use Microsoft Visio or an open-source alternative to: 

  • Create a diagram showing the overall network you have designed,  from the user or endpoint device to the Internet cloud; following the  access, core, and distribution layer model; depicting at least  four-fifths of the necessary network components; and citing specific,  credible sources that support the design. Include the following, at a  minimum:     
    • An authentication server (Microsoft Active Directory).
    • Routers.
    • Switches and/or hubs.
    • Local users.
    • Remote users.
    • Workstations.
    • File share (CIFS).
    • Mail server.
    • Web servers (both internal and external).
    • Firewalls.
    • Internet cloud.
    • Web proxy.
    • E-mail proxy.
    • FTP server (for internal-to-external transport).
Part 2

Use Microsoft Visio or an open-source alternative to: 

  • Create a datapath diagram for the following e-mail transaction:     
    • A local (corporate) user, with the e-mail address  [email protected], sends an e-mail to a Yahoo recipient at  [email protected]       
      • Document and label the diagram showing the protocols and path  of the data flow as data traverses through your network from source to  destination.
      • Show user authentication when necessary.
      • Cite specific, credible sources that support the diagram.
  • Create a datapath diagram for the following file transfer transaction:     
    • A local user, Jonny Hill, transfers a file, using FTP, through  the Internet to another company’s site (ftp.netneering.com). He has to  access the secure shell, using his active directory credentials, to  authenticate the FTP server (Linux running Redhat) on the DMZ. He needs  to transfer files from his desktop across the Internet to  ftp.netneering.com.       
      • Document and label the diagram showing the protocols and path  of the data flow as data traverses through your network from source to  destination.
      • Show user authentication when necessary.
      • Cite specific, credible sources that support the diagram.
  • Create a datapath diagram for the following VPN transaction:     
    • A remote user, Hellen Stover, connects, via VPN, from home  through the Internet to her corporate desktop, DT-Corp534-HellenS.  Hellen uses a browser to initiate her VPN connection. By going to  https://VPNaccess.corp534.com, she arrives at a login page where she  needs to authenticate using her Active Directory credentials before the  VPN tunnel is built.       
      • Document and label the diagram showing the protocols and path  of the data flow as data traverses through your network from source to  destination.
      • Show user authentication when necessary.
      • Cite specific, credible sources that support the diagram.
Part 3

Write a 6–10 page paper in which you: 

  • Explain the function and configuration of at least four-fifths of  all required network devices, citing specific, credible sources.     
    • Authentication server (Microsoft Active Directory).
    • Routers, switches, and/or hubs.
    • Local and remote users.
    • Workstations.
    • File share (CIFS).
    • Mail server.
    • Web servers (both internal and external).
    • Firewalls.
    • Internet cloud.
    • Web proxy.
    • E-mail proxy.
    • FTP server (for internal-to-external transport).
  • Explain how the overall network design protects the organization  from both inside and outside attacks, addressing all required network  design features and considerations and citing specific, credible sources  that support your assertions and conclusions. Address:     
    • Physical and virtual access.
    • Logging requirements.
    • Security policy.
    • Firewalls.
    • Proxy servers.
    • The VPN tunnel.
    • DMZ isolation.
    • User authentication.
    • Distribution of layer routers and switches.
  • Explain how your layered design compensates for possible device  failures or breaches in network security, addressing all key design  features and considerations and citing specific, credible sources that  support your assertions and conclusions. Include:     
    • Load balancing.
    • Swappable devices.
    • Standby backup devices.
    • QoS prioritization.
    • Vendor support for core and services.
  • Explain how to make the file transfer process more secure, fully  addressing FTP security risks and how specific FTP replacement devices  add protection, clearly delineating the features of each device, and  citing specific, credible sources that support one’s assertions and  conclusions.