LD7007 Critically evaluate threats to data and network security; design and implement security solutions using networking IOS

Network Security Implementation using ACL, IPS and VPN

Learning Outcome 1: Develop an in-depth understanding of fundamental concepts and challenges in data and network security
Learning Outcome 2: Demonstrate concepts related to basic cryptography
Learning Outcome 3: Critically evaluate threats to data and network security; design and implement security solutions using networking IOS

Assignment Tasks:

Your work must be presented in the form of a Project Report and be no longer than 3000 words (excl. references, figures, tables and appendices) plus a facing page that includes the executive summary. This should be typed on A4 paper and use a font size Arial 11 single spacing. For completeness, you may if you wish include additional material in an appendix but this will not contribute to the marks.

Portfolio Tasks:

Block A: Network Architecture and Communication

Implement basic device hardening with the following services fully running and functional, DNS Server, Web Server and Sys log Server.

Allocate and distribute the IP addresses to network and end devices according to given design both static configuration and dynamic configuration via DHCP server.

Implement and configure Dynamic Routing using RIPV2/OSPF protocol to demonstrate effective routing on WAN network between internal and external site. It is preferred to use OSPF.

Configuring appropriate VLAN trunking for multiple VLAN`S to segment the traffic in separate broadcast domain for security reasons.

Design and implement fully functional Inter-Vlan routing using IEEE 802.1Q encapsulation standard to demonstrate connectivity between business sites.

Block B: Secure Operations and Service Delivery

Configure Access Control List (ACL) on routing device to implement the Security Policy to restrict the network access according to the organisation policy. (Reasonable assumptions can be made).

Implement and configure a Site-to-Site IPsec VPN to comprehensively encrypt the traffic traveling over WAN network between internal and external site network. Evidence must be provided on how the VPN Tunnel provide the integrity and confidentiality for the IP packets traversing in and out of network.

Implement IOS based Network Intrusion Prevention System (IPS) and test its efficiency in your deployment to secure internal network.

Implement a firewall and configure relevant rules in the context of the given scenario. Evidence the functionality and provide a narrative elaborating on the rationale behind the location on the network.

Block C: Research & Development

Zero Trust is a network security model, based on a strict identity verification process. The framework dictates that only authenticated and authorized users and devices can access applications and data. At the same time, it protects those applications and users from advanced threats on the Internet. Considering the context of case study and practical implementation of block A and B, please discuss and critically analyse the Zero Trust Network Security Model. You should refer to your security implementation in given network for the sake of discussion and back up your findings with credible references to demonstrate critical research on the topic.

With reference to the case study, critically discuss how IPsec VPN can be used to achieve security. Identify the level of reliability and critically discuss the cryptographic mechanism of IPsec.