Using The Network Diagram Below, Your Task Is To Incorporate ✓ Solved

Using the network diagram below, your task is to incorporate

Using the network diagram below, your task is to incorporate the devices on the lower right into the diagram to create a secure corporate network. The devices you need to incorporate into the network diagram include: Web server, FTP server, vulnerability scanner, anti-virus server (client-based / server-based), web proxy, intrusion detection system (IDS), and authentication server.

Determine which devices you will use for both the current network diagram infrastructure consisting of firewalls, routers, and workstations as well as the device you need to incorporate. Include the following for each: Make or vendor’s name, model, and IP address assigned to all devices.

Establish the configuration for each device in which you research each of the devices you chose and provide a basic configuration you would use in your network. Use IP addresses to describe your configuration. Explain the impact that each of your configurations has on the security of the entire network. Highlight at least five security features for each device, including devices in the network diagram.

Using Microsoft Visio or its open source alternative to create a final network diagram that incorporates all devices into the existing network and ensures the following: VPN sessions (from laptop) are only allowed to access the desktops in the IT department by IT department employees. All VPN connections from the Internet cloud into the corporate network terminate at the VPN server. Users from Engineering and Finance and Accounting cannot communicate. Vulnerability scans occur daily in which all desktops are scanned at least once per day.

Use at least three quality resources in this assignment. Note: Wikipedia and similar websites do not qualify as quality resources.

Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. Include charts or diagrams created in Visio or an equivalent such as Dia.

Paper For Above Instructions

The integration of various network devices is crucial for establishing a secure corporate network, especially as organizations increasingly face cyber threats. This paper outlines the incorporation of key devices into the existing network infrastructure, elucidates their configurations, and discusses their security implications. The devices to be incorporated include a Web Server, an FTP Server, a Vulnerability Scanner, an Anti-virus Server, a Web Proxy, an Intrusion Detection System (IDS), and an Authentication Server.

Network Devices Overview

1. Web Server:

- Vendor: Apache Software Foundation

- Model: Apache HTTP Server 2.4

- IP Address: 192.168.1.10

2. FTP Server:

- Vendor: FileZilla

- Model: FileZilla Server 0.9.60

- IP Address: 192.168.1.11

3. Vulnerability Scanner:

- Vendor: Tenable

- Model: Nessus Professional

- IP Address: 192.168.1.12

4. Anti-virus Server:

- Vendor: Symantec

- Model: Symantec Endpoint Protection 14

- IP Address: 192.168.1.13

5. Web Proxy:

- Vendor: Squid

- Model: Squid Proxy 4.13

- IP Address: 192.168.1.14

6. Intrusion Detection System (IDS):

- Vendor: Snort

- Model: Snort 2.9.17

- IP Address: 192.168.1.15

7. Authentication Server:

- Vendor: Microsoft

- Model: Windows Server 2019 (Active Directory)

- IP Address: 192.168.1.16

Device Configurations and Impact on Security

The configurations for each device will focus on essential security features that enhance overall network protection:

Web Server Configuration

The Apache HTTP Server will be configured to operate on port 80 (HTTP) and 443 (HTTPS). Security measures will include:

• Installation of SSL certs for HTTPS.
• Regular updates to prevent vulnerabilities.
• Access control lists to restrict access.
• Logging and monitoring for suspicious activity.
• Use of mod_security for additional filtering.

FTP Server Configuration

The FileZilla Server will be configured to support secure FTP (FTPS). Security features will include:

• Authentication through strong passwords.
• Use of SSL/TLS for encryption.
• IP whitelisting to control access.
• Restrictions on file permissions.
• Logging of all FTP transactions for audits.

Vulnerability Scanner Configuration

Nessus will be set to perform automated scans according to a schedule. Security measures include:

• Configuration of compliance checks.
• Ensuring scans are run as a non-privileged user.
• Regular updates to the plugin library.
• Reporting of vulnerabilities with recommended fixes.
• Integration with SIEM for centralized logging.

Anti-virus Server Configuration

The Symantec Endpoint Protection will be configured to provide real-time protection. Security features will consist of:

• Regular definition updates.
• Performing frequent scans on endpoints.
• Implementation of firewall rules on endpoint devices.
• Quarantine features for detected threats.
• Centralized management console for monitoring.

Web Proxy Configuration

The Squid Proxy Server will be set up for filtering and logging web traffic. Important features include:

• Caching frequently accessed web content.
• Blocking access to malicious URLs.
• Detailed traffic logging for audits.
• Rate limiting to mitigate denial-of-service attacks.
• Access control mechanisms to enforce corporate policies.

Intrusion Detection System (IDS) Configuration

Snort will be configured to monitor network traffic in real-time. Its features will include:

• Defining rules for known attack signatures.
• Alerting on suspicious traffic patterns.
• Integration with the firewall for automated responses.
• Regular updates to maintain current threat intelligence.
• Log analysis tools for post-incident investigation.

Authentication Server Configuration

The Active Directory server will manage user authentication and access control. Features will encompass:

• Implementation of group policies for security settings.
• Multi-factor authentication for sensitive systems.
• Periodic review of user access rights.
• Centralized management for user accounts and permissions.
• Monitoring for unusual login activity.

Conclusion

Incorporating these network devices into a corporate infrastructure not only enhances the security posture of the organization but also ensures compliance with security best practices. Each device plays a critical role in securing sensitive data and defending against potential threats. Proper configuration and management of these devices help to mitigate risks, safeguard critical assets, and enable secure operations within the corporate environment.

References

• Apache Software Foundation. (2021). Apache HTTP Server Documentation. Retrieved from https://httpd.apache.org/docs/
• FileZilla. (2019). FileZilla Server. Retrieved from https://filezilla-project.org/download.php
• Tenable. (2021). Nessus Professional. Retrieved from https://www.tenable.com/products/nessus
• Symantec. (2021). Symantec Endpoint Protection. Retrieved from https://www.broadcom.com/company/newsroom/press-releases?filtr=Symantec Endpoint Protection
• Squid. (2021). Squid Proxy Cache. Retrieved from http://www.squid-cache.org/
• Snort. (2021). Snort: The IDS/IPS. Retrieved from https://www.snort.org/
• Microsoft. (2021). Windows Server Documentation. Retrieved from https://docs.microsoft.com/en-us/windows-server/
• Stallings, W. (2019). Network Security Essentials: Applications and Standards (6th ed.). Pearson.
• Kenneth, R. & Albano, F. (2020). Cybersecurity: A Practical Approach. Springer.
• Heiser, J., & Nicolett, M. (2020). Cloud Security and Compliance: A Practical Guide. John Wiley & Sons.