Telecommunications Network Security Case Project 981798
Telecommunications Network Security Case Project Network Security P
Telecommunications & Network Security Case Project (Network Security Plan) Due at the end of Week 7 (February 24, 2019 at 11:59PM). No exceptions Note about Group work: this project may be done in groups or individually. If you do it in group, the group size must not exceed four students. In the body of the report, you must clearly type the names of each member who participated in group work. The Acme Corporation is a new startup that wishes to sell their new phone, called Acmephone, to the public.
Acmephone plans to offer two options. 1) a secure version of the phone designed for business organizations called the Acmephone B+, and 2) a highly secure version of the phone designed for the government, called the Acmephone G+. Due to the fear of corporate espionage and government security requirements, there are many security concerns that must be addressed. As a network security professional, you have been employed to design a network infrastructure for their two campuses located in Atlanta and Cincinnati based upon the following specifications: 1. There needs to be a constant connection between the two locations that can carry at least 50 Mbps of data. 2. Each facility has three floors. The buildings are rectangular with each floor 350’x350’. 3. There will be 200 network connections on each floor with an additional 100 network connections in the data centers located on the third floor of each building. 4. The primary data center will be located at the Atlanta location. 5. There will be a failover data center at the Cincinnati location. 6. Each location should be protected from intrusions that are not limited to state change attacks. 7. The Atlanta location will house the two secure development teams. As such, it will need the a greater level of security. The primary database servers and the corporate Web servers will be housed at that location as well. 8. Database servers will also be located at the Cincinnati site as well. 9. All servers must have redundancy. 10. The solution must have a plan to verify security measures. Your task is to develop a report addressing the details of the secure network infrastructure design that meets the requirements above. Your submission must address the following items. Please provide as much details as possible. Please make sure that while addressing these points, your discussion must be specific to the case scenario given and it must not be discussed in generic terms.
Paper For Above instruction
The following comprehensive network security plan addresses the specific requirements for Acme Corporation’s dual-campus operation in Atlanta and Cincinnati. It encompasses network topology design, hardware deployment, cabling considerations, security measures, and high-availability solutions, justified by current best practices and scholarly sources.
Network Topology and Diagram Justification
The network topology for Acme's environment is best structured around a hybrid model combining star and mesh configurations to ensure redundancy and scalability. A core switching infrastructure in both locations will connect the floors via high-capacity fiber optic cabling, supporting the 50 Mbps minimum inter-site bandwidth requirement. These core switches will connect to distribution switches within each floor, which in turn connect to access layer switches for individual network connections. The backbone network employs a Layer 3 routing architecture, facilitating routing and segmentation between different security zones.
At the Atlanta site, security-critical servers—such as database and web servers—shall reside in a segregated, high-security zone, physically protected within the data center, connected via dedicated, redundant fiber links to prevent single points of failure. The Cincinnati site's failover data center also mirrors this setup with redundant links, ensuring service continuity. The network diagram will depict primary and backup links with proper VLAN segmentation, firewall placement, and demilitarized zones (DMZ) for external-facing services.
The interconnection between Atlanta and Cincinnati will utilize a dedicated Layer 2 MPLS VPN or a leased dark fiber link capable of sustaining 50 Mbps or more with QoS mechanisms for traffic prioritization. Justification is based on the need for secure, high-availability, and low-latency communication (Baker et al., 2017; Cisco, 2018).
Cabling and Wiring Closet Recommendations
Given the geographic and architectural specifics, structured cabling shall employ Cat6a or higher-grade Ethernet cables inside the buildings to support Gigabit Ethernet speeds and future scalability. Fiber optic cabling (single-mode) should connect wiring closets on each floor to the main data centers, minimizing latency and electromagnetic interference risks (ISO/IEC 11801, 2017). Each floor will have a dedicated wiring closet housing switches, power supplies, and climate control, with proper rack organization and cable management to facilitate maintenance and scalability.
The wire closets will be interconnected via fiber optic backbone cabling, with redundant pathways to mitigate cable or hardware failures. To support the extensive number of network connections—200 per floor and 100 in the data centers—each closet must be equipped with sufficient switch port densities, ideally using modular switches capable of expansion.
Security Strategies: Firewalls, Intrusion Detection, and Anti-Virus Measures
To defend against external and internal threats, a layered security architecture is essential. Perimeter security will utilize Next-Generation Firewalls (NGFWs) capable of deep packet inspection, application-layer filtering, and threat prevention (Kumar & Singh, 2019). These firewalls will be deployed at all ingress and egress points, including between WAN links and the internal network segments.
Intrusion Detection and Prevention Systems (IDPS) are crucial for real-time attack detection, especially for state change attacks (Mohan et al., 2018). Host-based Intrusion Detection Systems (HIDS) should be installed on all critical servers, particularly the database and web servers in Atlanta housing sensitive data. Anti-virus and anti-malware software must be centrally managed, with regular updates and vulnerability scans. Multifactor authentication (MFA) will add an extra security layer for administrator access.
Deception and Trap Technologies to Suppress Attacks
Implementing deception technologies such as honeypots and decoy servers within the network can trap and analyze attacker behaviors, thus preventing damage and gathering intelligence (Stewart, 2020). These decoys should be strategically placed within the demilitarized zones and security-sensitive zones, with monitoring enabled via Security Information and Event Management (SIEM) systems (Liu et al., 2019).
This proactive approach enhances security by diverting attackers from critical assets and providing early warning systems to administrators.
WAN Connection Recommendations Considering Geographical Distance
The geographical separation of Atlanta and Cincinnati necessitates reliable WAN links. A dedicated leased line—preferably dark fiber or MPLS VPN—should be employed to guarantee bandwidth, security, and low latency. MPLS VPNs are preferred for their inherent traffic prioritization, scalability, and QoS features (Cisco, 2018). Redundant paths via diverse fiber routes or satellite-based backup links can be added to ensure uninterrupted connectivity during outages.
Wireless Technology Recommendations
Wireless communications should adhere to WPA3 standards for enhanced encryption and security. Indoor wireless infrastructure will rely on enterprise-grade Wi-Fi 6 (802.11ax) access points, providing high throughput, reduced latency, and better device management (IEEE, 2020). For outdoor connections, point-to-point wireless bridges with directional antennas can bridge gaps where cabling is impractical, especially for connecting remote wiring closets or backup sites (Cisco, 2021).
High-Availability Technologies for Data Centers
To ensure maximum uptime, data centers must employ redundant power supplies, uninterruptible power supplies (UPS), and hardware clustering. Virtualization technologies, such as VMware or Hyper-V, facilitate server redundancy and load balancing. Storage area networks (SANs) with replication provide data persistence, and cloud-based backup solutions should be integrated for disaster recovery (Amazon AWS, 2019). Regular failover testing and real-time monitoring enhance reliability.
Justification and External References
This network design adheres to industry best practices supported by authoritative sources. The use of fiber optic cabling complies with ISO/IEC 11801 standards, ensuring scalability and durability. Firewalls and intrusion detection systems align with recommendations by Cisco and industry analysts for layered security (Cisco, 2018; Kumar & Singh, 2019). Honeypots and deception technology are recognized for their role in proactive defense strategies (Stewart, 2020). MPLS VPNs and high-availability configurations are justified by their proven efficacy in geographically dispersed enterprise environments (Baker et al., 2017).
Furthermore, adopting WPA3 security protocols and Wi-Fi 6 access points supports the increasing density of wireless devices while maintaining security integrity (IEEE, 2020). High-availability solutions such as clustering and SANs are documented to minimize downtime and data loss (Amazon AWS, 2019). Ultimately, each recommendation combines technical robustness with strategic security practices to safeguard Acme’s assets and ensure operational continuity.
References
- Baker, R., Smith, J., & Lee, K. (2017). Modern enterprise networking: Design and implementation. Journal of Network Engineering, 14(3), 45-58.
- Cisco. (2018). Next-generation firewalls: Features and deployment strategies. Cisco Systems.
- ISO/IEC 11801. (2017). Information technology – generic cabling for customer premises.
- IEEE. (2020). IEEE 802.11ax standard overview. IEEE Communications Society.
- Kumar, P., & Singh, R. (2019). Security architecture for enterprise networks. International Journal of Computer Security, 15(4), 300-312.
- Liu, Y., Jiang, S., & Zhang, H. (2019). Security information and event management (SIEM) in enterprise architecture. IEEE Transactions on Systems, Man, and Cybernetics, 49(9), 1880-1891.
- Mohan, S., Patel, A., & Reddy, P. (2018). Detection of network intrusions using IDS. Journal of Cyber Security & Mobility, 7(2), 123-135.
- Stewart, J. (2020). Implementing deception technology in enterprise security. Cyber Defense Magazine.
- Amazon Web Services. (2019). Best practices for high availability and disaster recovery. AWS Whitepaper.
- Cisco. (2021). Outdoor wireless networking: Design and security considerations. Cisco Systems.