Introduction
This is an individual assignment. This task weights 70% of the overall grade.
For this coursework, you are required to implement network security. You must reflect/validate the network security services and produce an associated 3000 words report. You need to complete this assignment as an individual. Please provide a detailed walk through snippet of secure network and services. The quality of walk through snippet will influence the weighting of assignment marks.
Assume that you are working as a Network Security Engineer at Finance Solutions Pvt, Ltd at London. You have been asked to implement and test network security of Finance Solutions Company. The network topology of Finance Solutions is given below:
(please view the figure in attached document)
Finance Solutions Network Topology
Your main task is to design and implement network security with direct link to Internet/Wide Area Network (WAN) in a series of Block Tasks. You should be able to design and implement Site-to-Site VPN Tunnel, ASA Firewall and IOS based Intrusion Prevention System (IPS) along with basic device hardenings to secure organisation Local Area Network (LAN) using appropriate network simulation environment. The organisational network enable integration with IPSec VPN that allow strong encryption to ensure confidentiality and integrity. The network and security services can be designed using well known network simulators.
Assignment Tasks:
Your work must be presented in the form of a Project Report and be no longer than 3000 words (excl. references, figures, tables and appendices) plus a facing page that includes the executive summary. This should be typed on A4 paper and use a font size Arial 11 single spacing. For completeness, you may if you wish include additional material in an appendix but this will not contribute to the marks.
Portfolio Task(s):
Block A: Network Architecture and Communication [30 marks]
1. Implement basic device hardening with the following services fully running and functional, DHCP server, DNS Server, Web Server and Sys log Server.
2. Allocate and distribute the IP addresses to network and end devices according to given design both static configuration and dynamic configuration via DHCP server.
3. Implement and configure Dynamic Routing using RIPV2 protocol to demonstrate effective routing on WAN network between internal and external site.
4. Configuring appropriate VLAN trunking for multiple VLAN’S to segment the traffic in separate broadcast domain for security reasons.
5. Design and implement fully functional Inter-Vlan routing using IEEE 802.1X encapsulation standard to demonstrate connectivity between business sites.
Block B: Secure Operations and Service Delivery [30 marks]
1. Configure ACL and firewall on the ASA device to implement the Security Policy to restrict the network access according to the organisation policy. (Reasonable assumptions can be made).
2. Implement and configure a Site-to-Site IPsec VPN to comprehensively encrypt the traffic traveling over WAN network between internal and external site network. Evidence must be provided on how the VPN Tunnel provide the integrity and confidentiality for the IP packets traversing in and out of network.
3. Implement IOS based Network Intrusion Prevention System (IPS) and test its efficiency in your deployment to secure internal network.
Block C: Research & Development [40 marks]
1. Zero Trust is a network security model, based on a strict identity verification process. The framework dictates that only authenticated and authorized users and devices can access applications and data. At the same time, it protects those applications and users from advanced threats on the Internet. Considering the context of case study and practical implementation of block A and B, please discuss and critically analyse the Zero Trust Network Security Model. You should refer to your security implementation in given network for the sack of discussion and back up your findings with credible references to demonstrate critical research on the topic.
2. With reference to the case study, critically discuss how IPSec VPN can be used to achieve security. Identify the level of reliability and critically discuss the cryptographic mechanism of IPSec.
Deliverable(s)
Create a single report for each of the three (3) block tasks described in the previous section. You should record and analyse all the steps followed to complete the installation configuration of network security services. Although a certain flexibility of the way you construct your report, an indicative structure is given below:
Report Structure:
1. Executive Summary
2. Block A: Architecture and Communication
2.1 Configure IP connectivity and device hardening
2.2 Configure servers DHCP, DNS, WEB, SYS-Log.
2.3 Configure Dynamic Routing (RIPV2) and Inter-Vlan Routing/Trunking
3. Block B: Secure Operations and Service Delivery
3.1 Implement ACL and Firewall on ASA device
3.2 Implement Site-To-Site IPSec VPN
3.3 NIPS implementation and testing
4. Research & Development
4.1 Zero Trust Network Security Framework
4.2 Overview of VPN reliability
4.3 Cryptographic mechanism of IPSec
5. Conclusion and Future Work
0 comments