Umuc CMIT 454 Spring 2019 Course Final Project Paper Grading

Posted on December 26, 2025

Umuc Cmit 454 Spring 2019 Course Final Project Paper Grading Rub

Evaluate the ECU network environment and propose security solutions to address their current issues, including lack of logging, insecure remote access, weak password policies, outdated IOS files, and insufficient firewall protections, ensuring recommendations are realistic, well-structured, and backed by course literature.

Sample Paper For Above instruction

Title: Enhancing Security in a Cisco-Only Enterprise Network: A Comprehensive Proposal for ECU

Introduction

In today’s rapidly evolving cybersecurity landscape, enterprise networks must adopt robust security measures to safeguard sensitive information and ensure operational continuity. Evil Corp. Unlimited (ECU), a growing organization with 150 employees and multiple branch locations, currently faces significant security challenges within its Cisco-only network environment. These challenges include inadequate logging, insecure remote access protocols, weak password policies, unmanaged IOS updates, and unconfigured firewalls. This paper aims to analyze ECU’s network architecture, identify vulnerabilities, and propose practical, effective security enhancements that align with industry best practices and course principles. The goal is to develop a comprehensive strategy that not only mitigates existing threats but also establishes a resilient framework for future growth.

Current State Analysis

ECU’s network comprises routers, switches, and a firewall operating within a largely flat topology. Their reliance on Cisco devices using default configurations and basic security practices presents multiple vulnerabilities. For instance, using deprecated Type 7 passwords on all devices exposes administrative credentials to easy compromise. The absence of logging mechanisms prevents the network administrators from tracking suspicious activities or outages, increasing the risk of unnoticed breaches. Remote management via TELNET further exacerbates vulnerabilities, as TELNET transmits credentials in plaintext, making it susceptible to interception.

Furthermore, their network devices are subject to accidental IOS deletions, indicating a lack of automated backup and version control. Their extensive use of OSPF with no authentication magnifies threats such as route poisoning or impersonation. The firewall rules are overly permissive, allowing any inbound, outbound, or lateral traffic, which could be exploited by malicious actors. Additionally, their DHCP configuration lacks security features such as DHCP snooping, leaving their network vulnerable to rogue DHCP servers.

Security Gaps and Risks

Key vulnerabilities identified include the use of weak password storage methods, unencrypted remote management protocols, lack of centralized logging for incident response, and inadequate firewall configurations. The absence of remote access controls prevents secure connectivity for remote employees, compromising productivity and data confidentiality. Also, default spanning tree settings can potentially expose the network to issues like broadcast storms or topology loops, despite their low likelihood currently.

Proposal of Security Enhancements

1. Implement Strong Password Policies and Secure Authentication

ECU must transition from Type 7 to stronger password hashes, such as Type 5 or 8, and enforce complex password policies. Multi-factor authentication (MFA) should be incorporated for administrative access, reducing the risk of credential theft. Incorporating AAA (Authentication, Authorization, and Accounting) via RADIUS or TACACS+ centralizes credential management and enhances security (Cisco, 2021).

2. Enable Secure Remote Management

Replace TELNET with SSH for remote device access, utilizing key-based authentication and disabling unnecessary management protocols. Implement ACLs to restrict SSH access to trusted IP addresses only. This prevents eavesdropping and unauthorized control of network devices (Cai & Hu, 2020).

3. Deploy Centralized Logging and Monitoring

Configure syslog servers to collect logs from all network devices, enabling real-time monitoring and facilitating incident response. Integrating SIEM solutions can provide automated alerts for anomalies or security breaches (Kraus et al., 2019).

4. Harden Network Device Configurations

Automate IOS backups and enable secure file transfer protocols like TFTP or SCP for device management. Apply security passwords, disable unnecessary services, and implement secure SNMPv3 configurations. Enable secure routing protocols with authentication (e.g., OSPF with MD5 hashes) to prevent route hijacking (Zhou et al., 2021).

5. Fortify Firewall Policies and DMZ Security

Revamp firewall rules to permit only necessary inbound traffic—specifically ports 80 and 443 for web services—and restrict outbound traffic based on the principle of least privilege. Implement packet inspection and stateful firewall features on the DMZ router to monitor and filter traffic (Kumar & Dutta, 2018).

6. Upgrade Network Infrastructure and Segmentation

Segment the network using VLANs to isolate critical assets, such as the web servers and administrative systems. Enable Dynamic ARP Inspection and DHCP snooping to prevent ARP spoofing and rogue DHCP servers. Adjust Spanning Tree Protocol (STP) settings to optimize resilience and prevent loops (Sathya & Mahesh, 2019).

7. Establish a Comprehensive Security Policy

Develop a company-wide security policy encompassing password standards, remote access protocols, incident response procedures, and device management guidelines. Conduct regular training sessions for staff to foster security awareness and compliance (Smith & Johnson, 2020).

8. Enable Secure Remote Access for Remote Office (RO)

Implement VPN solutions, such as IPsec or SSL VPNs, to allow secure connectivity between the RO and HQ. Configure access controls and audit logs to monitor remote access activities. This ensures that remote users can access necessary resources without exposing the network to additional risks (Li & Hu, 2022).

9. Continuous Assessment and Improvement

Establish routine vulnerability assessments, penetration testing, and audit procedures to evaluate the effectiveness of the security measures. Regularly update device firmware, IOS versions, and security configurations in alignment with evolving threats and best practices (Pant et al., 2021).

Conclusion

Addressing ECU’s network security needs requires a multifaceted approach combining technical solutions, policy development, and ongoing management. By deploying strong authentication protocols, enabling encrypted remote management, configuring centralized logging, and implementing rigid firewall rules, ECU can substantially reduce its vulnerability landscape. Furthermore, network segmentation, infrastructure upgrades, and comprehensive security policies will underpin the network’s resilience. The proposed strategies are designed to be realistic, scalable, and aligned with industry standards, offering a clear pathway toward a more secure and reliable network environment.

References

Cai, H., & Hu, J. (2020). Enhancing network security with SSH and access control in enterprise environments. Journal of Cybersecurity, 6(3), 115-124.
Cisco. (2021). Cisco security best practices for enterprise networks. Cisco Press.
Kraus, S., Zhang, L., & Wang, Q. (2019). SIEM integration for enterprise security monitoring. IEEE Transactions on Information Forensics and Security, 14(2), 321-332.
Kumar, A., & Dutta, S. (2018). Firewall security policies and their impact on network security. International Journal of Computer Science and Network Security, 18(4), 45-53.
Li, Y., & Hu, Y. (2022). Secure remote access solutions for enterprise networks. Journal of Network and Computer Applications, 181, 103-116.
Pant, A., Kumar, P., & Shukla, S. (2021). Continuous vulnerability assessment and mitigation techniques. Cybersecurity Journal, 4(1), 56-65.
Sathya, S., & Mahesh, M. (2019). Network segmentation and Spanning Tree Protocol optimization. International Journal of Network Security, 21(2), 203-211.
Zhou, D., Li, X., & Zhang, H. (2021). Securing OSPF routing with MD5 authentication. Journal of Network Security, 12(4), 215-225.

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.