Your company, Security Consultants Incorporated has been engaged to perform a perimeter assessment

Your company, Security Consultants Incorporated has been engaged to perform a perimeter assessment

Your company, Security Consultants Incorporated has been engaged to perform a perimeter assessment and submit a proposal for remediation.

The perimeter assessment / current state is included as “Case 1 – Network Design”.

Your proposal should include:

·         Cover page

·         Brief overview (two paragraph max) of the problem or current state.

·         Proposed Network design – Diagram

·         Proposed Design description and reasoning – one to two pages

·         Implementation approach – one to two pages

·         Equipment pricing and implementation costs – one page

·         References – one page

The paper should be double spaced and 12pt. font. This does not include a cover or reference page.

APA format is encouraged.

Papers are due via Blackboard before the start of class on the assigned date.

Because the case will be discussed during class, no late case assignments will be accepted

 

Case 1 Network DesignAbstract

The company in this case is a small consulting firm whose specialty is providing theircustomers with Microsoft Windows and Citrix networked business solutions.They believed their internal servers are secure due to their diligence in keeping theOperating Systems up to date with the latest service packs, hotfixes and patches. Virussignatures and scanning software is also kept current. Your security company has beengiven the task of evaluating the security of the network perimeter and to makerecommendations for securing our network perimeter and Internet connection.Examination of the perimeter infrastructure showed the network to be virtuallydefenseless. There is no Firewall installed and very little filtering of inbound oroutbound Internet traffic on either the router at the corporate office or the router atthe branch office. The Linux, Help Desk, Mail server and the two Active Directory servershad direct network links to both the internal network and the Internet making themprime targets for intruders. Your proposal is to completely redesign the networkperimeter to provide a layered Defense in Depth.Current Network designThe original perimeter network design included two Cisco routers and five publiclyaddressed servers, four of which were Windows based and the fifth, RedHat Linux. Asstated, the network did not have a Firewall device and the perimeter routers performedextremely limited inbound packet filtering. The corporate router is configured with aserial interface for connection to the Internet, an Ethernet interface for the publicnetwork, and an Ethernet interface for the internal (private) network. The branch officerouter had a serial interface to the Internet and an Ethernet interface to their internalnetwork (diagram 1).The branch and corporate routers were connected by VPN tunnel over the Internet. Thevarious network devices at the corporate office, both internal and external, wereconnected via three cascaded switches. Each of the external (public) servers had a directlink to the internal network and represented a significant danger if they werecompromised. The branch office network consisted of four PCs on a hub connected tothe router. A brief description of each network device follows.

RoutersCorporate Router

The Cisco router at the corporate office provided Network Address Translation (NAT) foroutbound Internet connections. The five public servers were assigned static NATaddresses. All other traffic is given the public address of the serial interface by the NAT“overload” feature of the Cisco Internetwork Operating System (IOS). The router alsoacted as one end of a point-to-point VPN tunnel to the branch office router. Thisprovided secure access to the corporate Microsoft Active Directory servers and othernetwork resources. The serial interface had an inbound access list to block port 1433(SQL Server) traffic to a single internal server. All other traffic, inbound and outbound ispermitted.Branch Office RouterThe Branch office router is configured to provide NAT for outgoing Internet traffic, inaddition to a VPN tunnel to the corporate router. An inbound access list is applied to theserial interface making it somewhat more secure. The access list is designed to blockpackets with spoofed private network addresses. No other security measures were inplace.Public ServersHelp Desk Server

Security Proposal PowerPoint RubricPowerPoint RubricFailingLess than 7.4Satisfactory7.4-8.2Good8.3-9.1Excellent9.2-10TotalOrganizationAudiencecannotunderstandPowerPointbecause thereis no sequenceof information.Audience hasdifficultyfollowingPowerPointbecausestudent jumpsaround.Studentpresentsinformation inlogicalsequencewhich audiencecan follow.Studentpresentsinformation inlogical,interestingsequence whichaudience canfollow.SubjectKnowledgeStudent doesnot have graspof information;student cannotanswerquestionsabout subject.Student isuncomfortablewithinformationand is able toanswer onlyrudimentaryquestions, butfails toelaborate.Student is atease andanswers mostquestions withexplanationsand someelaboration.Studentdemonstratesfull knowledge(more thanrequired) byanswering allclass questionswithexplanationsand elaboration.Visual AidsStudent usessuperfluousvisual aids orno visual aids.Studentoccasionallyuses visualaids that rarelysupport thePowerPoint.Student's visualaids relate tothePowerPoint.Student's visualaids explain andreinforce thePowerPoint.MechanicsStudent'sPowerPointhas four ormore spellingerrors and/orgrammaticalerrors.PowerPointhas threemisspellingsand/orgrammaticalerrors.PowerPoint hasno more thantwomisspellingsand/orgrammaticalerrors.PowerPoint hasno misspellingsor grammaticalerrors.Total Points:SCOREX 2.5 =
Powered by