Designing A Secure Network For Patrician LLC's New Headquart

Designing a Secure Network for Patrician LLC's New Headquarters

The case study presents a comprehensive scenario for Patrician LLC, a company specializing in wireless transmission technology, which plans to relocate its headquarters and set up a disaster recovery site in Cheyenne, Wyoming. The core objective is to design a robust, secure, and highly available network infrastructure that supports business continuity, facilitates seamless connectivity between sites, and ensures the security of sensitive research operations, particularly involving military-grade microburst technology. This paper offers detailed recommendations for cabling, wireless and WAN technologies, physical and logical security measures, and strategies for attack prevention and detection.

Network Topology and Hardware Overview

The proposed network topology adopts a layered architecture, combining a core/distribution layer with access layers in both facilities, ensuring scalability and redundancy. Each building, being identical in layout with three floors, hosts data centers on the third floor, and the network connections distribute throughout the premises. A redundant core switch connects both sites via a high-capacity dedicated fiber optic link, enabling a minimum of 32 Mbps throughput and continuous data synchronization. The network employs dual redundant switches and routers in each building's wiring closet to maintain high availability.

Each floor will be equipped with multiple wiring closets to facilitate physical segregation and management of cabling, interconnected via high-speed backbone links. The core of each wiring closet includes switches that support Power over Ethernet (PoE) for IP phones and wireless access points, and redundancy is achieved through stacking or clustering. Network interfaces incorporate NIC teaming for servers, ensuring physical redundancy and load balancing. The data centers on the third floors will contain servers with failover clustering and load balancing appliances, ensuring high-availability for all critical services, including webservers and databases.

Wireless access points, located strategically across all floors, will provide extensive Wi-Fi coverage, supporting wireless connectivity for mobile staff and research units outside the main offices. The WAN technology connecting the two sites will be a dedicated fiber optic link, possibly a leased dark fiber or wavelength-division multiplexing (WDM), providing secure, high-bandwidth, low-latency communication channels. Additionally, site-to-site VPNs using IPsec will be established for secure remote access and secure communication with external partners when necessary.

Connectivity and Cabling Recommendations

Regarding cabling, multi-mode fiber optic cables are recommended for backbone connections between wiring closets, providing high bandwidth and immunity to electromagnetic interference, ideal for data centers and core links. For the horizontal cabling within each floor, CAT6a twisted-pair cables are suitable, supporting gigabit Ethernet speeds and PoE. Fiber cables will connect the core switches and provide resilience against physical damage, ensuring continued operation during outages or maintenance.

Wiring closets should be positioned at central points on each floor, ideally close to the core of traffic flow, to minimize cable lengths and facilitate management. Each wiring closet must include at least two switches configured for redundancy, with secure access via locking cabinets and monitored by CCTV for physical security. The data centers should incorporate dedicated cabling trays, environmental controls, and fire suppression systems to safeguard servers and networking equipment.

Wireless and WAN Technologies

For wireless connectivity, enterprise-grade Wi-Fi 6 access points are recommended, supporting high throughput, low latency, and numerous simultaneous connections—crucial benefits for R&D personnel and mobile devices. These access points support advanced security protocols such as WPA3-Enterprise and support network segmentation through VLANs to isolate sensitive research data. Wi-Fi networks should be secured with centralized authentication using RADIUS servers, and policies should enforce strong password requirements and periodic credential updates.

The WAN connection employs high-capacity fiber optic links with redundant pathways to prevent single points of failure. MPLS-based VPNs could be used for efficient and secure remote connectivity, supporting Quality of Service (QoS) policies for prioritized traffic such as real-time data from R&D units. Satellite or microwave backup links could be considered as secondary backup options, ensuring connectivity during primary link outages.

Security Measures and Attack Prevention

Physical security must be robust in both locations, including biometric access controls, CCTV surveillance, security guards, and locked server cabinets. All critical infrastructure should be located within secure, access-controlled environments. On the logical side, the network should deploy multiple firewalls at the perimeter, coupled with internal segmentation via VLANs to isolate sensitive R&D and research microburst segments from general corporate traffic.

Intrusion Detection and Prevention Systems (IDS/IPS) should be installed at strategic points to monitor traffic continuously, alerting administrators to suspicious activity. The network should employ encrypted communications for remote access, including VPNs with multi-factor authentication to prevent unauthorized access. To identify ongoing attacks, anomaly detection systems can monitor traffic for unusual patterns, and Security Information and Event Management (SIEM) platforms can correlate logs for threat analysis.

Logical traps, also known as honeypots, can be deployed within the network to attract and trap attackers, gathering intelligence about attack methods and tools. These traps can include decoy servers mimicking sensitive systems, which trigger alerts upon access attempts. Regular vulnerability scans and penetration testing should be part of routine security assessments, validating the effectiveness of existing defenses and uncovering new vulnerabilities.

Justification of Recommendations

The layered approach to hardware, cabling, and security ensures both resilience and performance. Fiber optic cabling in backbone links provides high speed and immunity to interference, supporting the 32 Mbps minimum throughput requirement essential for real-time data synchronization and collaboration between the sites. Redundant switches, routers, and inter-site links eliminate single points of failure, aligning with the high availability requirement for servers and network architecture.

Wireless solutions using Wi-Fi 6 address mobility needs while maintaining security and performance, particularly important for mobile research staff and temporary setups. Strong physical security combined with logical controls, including segmentation, firewalls, and IDS/IPS, protect against attacks and internal breaches. The use of honeypots and continuous monitoring further strengthen the organization’s ability to detect and respond to threats proactively.

Routing protocols, VPNs, and encryption ensure data confidentiality and integrity over the WAN, supporting the company's business continuity and disaster recovery plans. Overall, these recommendations create a secure, redundant, and high-performance network infrastructure aligned with the company's strategic needs and regulatory considerations for handling sensitive research data and military-grade technologies.

References

• Cybersecurity and Cyber Operations: A Guide for Business & IT Leaders. (2020). John Wiley & Sons.
• Cisco. (2023). Cisco Enterprise Architecture for Network Design. Cisco White Paper.
• Kim, D., & Solomon, M. G. (2016). Fundamentals of Information Systems Security. Jones & Bartlett Learning.
• Pearson, M. (2019). Network Security Essentials. Pearson Education.
• Stallings, W. (2019). Network Security Essentials: Applications and Standards. Pearson.
• Ross, T., & Allen, M. (2021). Effective Security Management. CRC Press.
• Scarfone, K., & Mell, P. (2007). Guide to Intrusion Detection and Prevention Systems (IDPS). NIST SP 800-94.
• Kshetri, N. (2018). 1 Blockchain's Roles in Meeting Key Supply Chain Management Objectives. International Journal of Information Management, 39, 80-89.
• Schneier, B. (2015). Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. W. W. Norton & Company.
• ENISA. (2022). Network Security Best Practices for Critical Infrastructures. European Union Agency for Cybersecurity.