You Have Been Hired As Part Of The Network Security Team

You Have Been Hired As Part Of The Network Security Team At Umgc Aft

You have been hired as part of the network security team at UMGC. After completing orientation and training, your manager calls you into a meeting to discuss your first project. The university has completed the implementation of the leased building in Adelphi, Maryland. The university realizes it needs to secure the faculty, students, and visitors' network and data. With your background and skills, the university is looking to you for guidance.

In addition to helping the university secure its network, you are required to obtain your CompTIA Security+ certification within 60 days of being hired. The leased building in Adelphi was designed and implemented with a specific network layout. You have been asked to perform a network security analysis and planning, secure boundary devices, hosts, and software, and protect data at rest and in transit. Your deliverable should explain the security requirements, propose solutions, and justify those solutions. Study materials from TestOut LabSim will be used to prepare for the certification and to create the security plan. You should also incorporate other credible sources as needed.

Your explanation must convey technical concepts in layman's terms to ensure clarity for non-technical stakeholders. Before starting, review the existing Network Security Proposal (Parts 1-3). The project involves using TestOut Security Pro to identify and assess network vulnerabilities and pass the CompTIA Security+ exam. Initially, complete a practice exam to determine your strengths and weak spots; this guides your focus within LabSim.

All online labs in TestOut LabSim, marked with a computer mouse icon, must be completed. Optional areas are available for additional learning but are not mandatory. The project comprises nine steps, beginning with accessing TestOut Security Pro and enrolling in LabSim, followed by taking the practice exam. Each step builds toward a comprehensive Vulnerability Assessment and Recommendation Document, which should include an analysis of vulnerabilities and proposed mitigations.

Paper For Above instruction

The rapid advancement of technology and the increasing sophistication of cyber threats necessitate a comprehensive approach to network security, especially within educational institutions like the University of Maryland Global Campus (UMGC). The recent implementation of a leased building in Adelphi, Maryland, presents a unique opportunity to analyze, secure, and strengthen the university’s network infrastructure to protect faculty, students, visitors, and sensitive data. This paper provides a detailed security assessment, proposes effective solutions, and justifies the chosen measures, aligning with the university’s goals and compliance requirements.

Security Requirements and Challenges

The primary goal for UMGC’s new facility is to establish a secure and resilient network that promotes safe academic and administrative operations. The network must safeguard against external threats such as cyberattacks, and internal vulnerabilities like unauthorized access, data breaches, and data loss. Additionally, the protection of data at rest (stored data) and data in transit (data being transmitted over the network) is critical to ensure confidentiality, integrity, and availability. The diverse user base—including faculty, students, visitors, and administrative staff—requires a multi-layered security approach tailored to various access needs and threat levels.

Analyzing Network Infrastructure and Vulnerabilities

The first step involves a thorough assessment of the existing network architecture, including boundary devices (firewalls, routers), internal hosts (servers, workstations), and software applications. Using tools like TestOut Security Pro provides insights into potential vulnerabilities, such as open ports, weak passwords, outdated firmware, or unpatched software. Common vulnerabilities observed in similar network environments include insufficient network segmentation, weak authentication mechanisms, and lack of encryption protocols. These vulnerabilities could be exploited by cybercriminals, leading to unauthorized data access or disruption of services.

Proposed Security Solutions

To address identified vulnerabilities, a layered security approach—also known as defense in depth—is essential. This incorporates multiple security controls at different levels of the network to provide comprehensive protection. The key solutions include:

  • Perimeter Security: Deploy advanced firewalls with intrusion detection and prevention systems (IDS/IPS) to monitor and control incoming and outgoing traffic. Implementing demilitarized zones (DMZ) ensures public-facing services are isolated from internal networks.
  • Network Segmentation: Divide the network into segments based on user roles and data sensitivity. For example, separate student, faculty, and administrative networks to minimize lateral movement of threats.
  • Access Controls: Enforce strong authentication mechanisms such as multi-factor authentication (MFA) and role-based access control (RBAC) to restrict system access to authorized personnel only.
  • Secure Communication: Implement encryption protocols such as TLS for data in transit and encrypt sensitive data stored at rest. VPNs can secure remote access for faculty and staff.
  • Endpoint Security: Equip hosts with updated antivirus, anti-malware software, and host intrusion prevention systems (HIPS). Regular patch management is vital to mitigate known vulnerabilities.
  • Wireless Security: Secure Wi-Fi networks with WPA3 encryption, disable WPS, and hide SSID broadcasting. Consider implementing a separate guest network for visitors.

Data Protection Strategies

Protecting data at rest and in transit involves implementing both technical and administrative controls. For data at rest, full disk encryption on laptops and servers prevents unauthorized access in case of device theft or loss. Regular backups stored securely offsite mitigate data loss due to hardware failure or cyberattacks like ransomware. For data in transit, TLS encryption ensures secure communication channels, especially for login credentials and sensitive personal data. Using VPNs for remote access adds an extra layer of encryption and security.

Justification of Solutions

The layered security approach ensures that no single point of failure compromises the entire network. Firewalls and IDS/IPS serve as the first line of defense, preventing malicious traffic from entering the network. Network segmentation limits the scope of any breach, reducing potential damage. Strong authentication and encryption protect sensitive data from interception and unauthorized access, aligning with compliance standards such as FERPA and GDPR. Endpoint security minimizes the risk of malware spread, especially important given the diverse user base and BYOD policies. Implementing these controls in conjunction creates a resilient security posture capable of adapting to evolving threats.

Implementation and Monitoring

The implementation process involves configuring boundary devices, setting up segmentation, deploying security software, and establishing security policies. Regular monitoring and audits using network security tools ensure ongoing compliance and early detection of anomalies. Security training for users enhances awareness and promotes best practices, reducing the likelihood of phishing or social engineering attacks.

Conclusion

Securing UMGC’s new Adelphi building network requires a comprehensive, multi-layered defense strategy that encompasses technical controls, policy enforcement, and user education. By systematically assessing vulnerabilities, deploying targeted safeguards, and maintaining vigilant monitoring, the university can protect its critical data assets and ensure safe, reliable access for all users. Achieving the CompTIA Security+ certification within this timeframe further solidifies the security team's knowledge and capability, reinforcing the institution’s commitment to cybersecurity excellence.

References

  • Anderson, R. J. (2020). Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley.
  • Chapple, M., & Seidl, D. (2019). CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide. John Wiley & Sons.
  • Cisco. (2021). Cisco Networking Security Fundamentals. Cisco Press.
  • FAIR Institute. (2022). Quantitative Risk Analysis and Management. Retrieved from https://www.fairinstitute.org
  • Gordon, L. A., & Loeb, M. P. (2022). Information Security Management Handbook. CRC Press.
  • Kim, D., & Solomon, M. G. (2021). Fundamentals of Information Systems Security. Jones & Bartlett Learning.
  • National Institute of Standards and Technology (NIST). (2018). Framework for Improving Critical Infrastructure Cybersecurity. NIST.
  • Sans Institute. (2020). Security Awareness Training: Best Practices. SANS Whitepapers.
  • Stallings, W. (2018). Network Security Essentials: Applications and Standards. Pearson.
  • TestOut Security Pro. (2023). Network Security Simulation and Practice Exam. TestOut.

Related Assignments