Learning Outcome 1: Develop an in-depth understanding of fundamental concepts and challenges in data and network security
Learning Outcome 2: Demonstrate concepts related to basic cryptography
Learning Outcome 3: Critically evaluate threats to data and network security; design and implement security solutions using networking IOS
This is an individual assignment. This task weights 70% of the overall grade.
For this coursework, you are required to implement network security.You must reflect/validate the network security services and produce an associated 3000 words report. You need to complete this assignment as an individual. Please provide a detailed walk-through snippet of secure network and services. The quality of walk-through snippet will influence the weighting of assignment marks.
Assume that you are working as a Network Security Engineer atEquinox IT Solution, Ltd in London. The Equinox IT solution, Ltd was subject to security breaches in the past, which caused financial lose and effected the organization reputation as well. This time the organization is focusing on robust Network Security implementation to protect confidential data in transit. It will also be helpful for security auditing. You have been asked to implement and test network security ofEquinox IT Solutions Company. The network topology ofEIS is given below:
Equinox IT Solution Network Topology
Your main task is to design and implement network security with direct link to Internet/Wide Area Network (WAN)in a series of Block Tasks. You should be able to design and implement Site-to-Site VPN Tunnel, ACL andIOS based Intrusion Prevention System (IPS) along with basic device hardenings to secure organisation Local Area Network (LAN) using appropriate network simulation environment. The organisational network enable integration with IPsec VPN that allow strong encryption to ensure confidentiality and integrity.The network and security services can be designed using well known network simulators.
Your work must be presented in the form of a Project Report and be no longer than 3000words (excl. references, figures, tables and appendices) plus a facing page that includes the executive summary. This should be typed on A4 paper and use a font size Arial 11 single spacing. For completeness, you may if you wish include additional material in an appendix but this will not contribute to the marks.
Block A: Network Architecture and Communication
1. Implement basic device hardening with the following services fully running and functional, DNS Server, Web Server andSyslog Server.
2. Allocate and distribute the IP addresses to network and end devices according to given design both static configuration and dynamic configuration via DHCP server.
3. Implement and configure Dynamic Routing using RIPV2/OSPF protocol to demonstrate effective routing on WAN network between internal and external site. It is preferred to use OSPF.
4. Configuring appropriate VLAN trunking for multiple VLAN`S to segment the traffic in separate broadcast domain for security reasons.
5. Design and implement fully functional Inter-Vlanrouting using IEEE 802.1Q encapsulation standard to demonstrate connectivity between business sites.
Block B: Secure Operations and Service Delivery
1. Configure Access Control List (ACL)on routing device to implement the Security Policy to restrict the network access according to the organisation policy. (Reasonable assumptions can be made).
2. Implement andconfigure a Site-to-Site IPsec VPN to comprehensively encrypt the traffic travelingover WANnetwork between internal and external site network. Evidence must be provided on how the VPN Tunnel provide the integrity and confidentiality for the IP packets traversing in and out of network.
3. Implement IOSbased Network Intrusion Prevention System (IPS) and test its efficiency in your deployment to secure internal network.
4. Implement a firewall and configure relevant rules in the context of the given scenario. Evidence the functionality and provide a narrative elaborating on the rationale behind the location on the network.
Block C: Research & Development
1. Zero Trust is a network security model, based on a strict identity verification process. The framework dictates that only authenticated and authorized users and devices can access applications and data. At the same time, it protects those applications and users from advanced threats on the Internet. Considering the context of case study and practical implementation of block A and B, please discuss and critically analyse the Zero Trust Network Security Model. You should refer to your security implementation in given network for the sake of discussion and back up your findings with credible references to demonstrate critical research on the topic.
2. With reference to the case study, critically discuss how IPsec VPN can be used to achieve security. Identify the levelof reliability and critically discuss the cryptographic mechanism of IPsec.
1. Executive Summary
2. Block A: Architecture and Communication
2.1 Configure IP connectivity and device hardening
2.2 Configure servers DNS, WEB, SYS-Log.
2.3 Configure Dynamic Routing (RIPV2) and Inter-Vlan Routing/Trunking
3. Block B: Secure Operations and Service Delivery
3.1 Implement ACL onRouting device
3.2 Implement Site-To-Site IPSec VPN
3.3 NIPS implementation and testing
3.4 Firewall configurations
4. Research & Development
4.1 Zero Trust Network Security Framework
4.2 Overview of VPN reliability
4.3 Cryptographic mechanism of IPSec
5. Conclusion and Future Work