This assignment consists of two (2) sections: an infrastructure document and a revised project plan. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it

cis-590-project-deliverable-5-network-infrastructure-and-security-6011 x
 

This assignment consists of two (2) sections: an infrastructure document and a revised project plan. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for. Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment.

With the parameters set forth at the onset of the project, present the infrastructure and security policy that will support the expected development and growth of the organization. The network solution that is chosen should support the conceived information system and allow for scalability. The network infrastructure will support organizational operations; therefore, a pictorial view of workstations, servers, routers, bridges, gateways, and access points should be used. Since the company will be merging with a multinational company, virtualization and cloud technology should be taken into consideration. In addition, access paths for Internet access should be depicted. A narrative should be included to explain all the nodes of the network and the rationale for the design. Lastly, using the Confidentiality, Integrity and Availability (CIA) Triangle, define the organizational security policy.

Section 1: Infrastructure Document

Write a five to ten (5-10) page infrastructure document in which you:

• Identify possible network infrastructure vulnerabilities. Address network vulnerabilities with the appropriate security measures. Ensure that consideration is given to virtualization and cloud technology.
• Design a logical and physical topographical layout of the planned network through the use of graphical tools in Microsoft Word or Visio, or an open source alternative such as Dia. Explain the rationale for the logical and physical topographical layout of the planned network. Note: The graphically depicted solution is not included in the required page length.
• Illustrate the possible placement of servers, including access paths to the Internet and firewalls. Note: facility limitations, workstations, printers, routers, switches, bridges, and access points should be considered in the illustration.
• Create and describe a comprehensive security policy for the company that will:
• Protect the company infrastructure and assets by applying the principals of CIA. Note: CIA is a widely used benchmark for evaluation of information systems security, focusing on the three (3) core goals of confidentiality, integrity, and availability of information.
• Address ethical aspects related to employee behavior, contractors, password usage, and access to networked resources and information.

Use Microsoft Project to:

• Update the project plan (summary and detail) template, from Project Deliverable 4: Cloud Technology and Virtualization, with three to five (3-5) new project tasks each consisting of five to ten (5-10) subtasks.

The specific course learning outcomes associated with this assignment are:

• Describe the methods and best practices in implementing process change in IT organizations.
• Describe the role and methods of technology-induced process improvement in organizations.
• Use technology and information resources to research issues in information systems.
• Write clearly and concisely about leadership issues and strategic insight of the Information systems domain using proper writing mechanics and technical style conventions.

Attachments area
 

Project

Deliverable 5 Network Infrastructure and Security

With the parameters set forth at the onset of the project, present the infrastructure and security policy that will

support the expected development and growth of the organization. The network solution that is chosen should

support the conceived informatio

n system and allow for scalability. The network infrastructure will support

organizational operations; therefore, a pictorial view of workstations, servers, routers, bridges, gateways, and

access points should be used. Since the company will be merging wit

h a multinational company, virtualization

and cloud technology should be taken into consideration. In addition, access paths for Internet access should be

depicted. A narrative should be included to explain all the nodes of the network and the rationale fo

r the design.

Lastly, using the Confidentiality, Integrity and Availability (CIA) Triangle, define the organizational security

policy.

Section 1: Infrastructure Document Write a five to ten (5

–

10) page infrastructure document in which you:

Identify possibl

e network infrastructure vulnerabilities. Address network vulnerabilities with the appropriate

security measures. Ensure that consideration is given to virtualization and cloud technology. Design a logical

and physical topographical layout of the planned n

etwork through the use of graphical tools in Microsoft Word

or Visio, or an open source alternative such as Dia. Explain the rationale for the logical and physical

topographical layout of the planned network. Note: The graphically depicted solution is not

included in the

required page length. Illustrate the possible placement of servers, including access paths to the Internet and

firewalls. Note: facility limitations, workstations, printers, routers, switches, bridges, and access points should

be considered

in the illustration. Create and describe a comprehensive security policy for the company that will:

Protect the company infrastructure and assets by applying the principals of CIA. Note: CIA is a widely used

benchmark for evaluation of information systems

security, focusing on the three (3) core goals of

confidentiality, integrity, and availability of information. Address ethical aspects related to employee behavior,

contractors, password usage, and access to networked resources and information.

ANSWER

For a data collection and analysis company, the data is their most valued asset.

Hence its security should be of utmost importance to the company.

 

The overall

value of the data depends on its context i.e., how it is used, how often it is used,

what value

it derives for the company and so on. The value of Information

Technology to any company is its ability to store, present, manage, analyze and

protect the data to support the company do its business operations with the help

of it. Some types of data have i

nherent value for example profiles of a large

number of customers. Some data have derived value for example; large amount of data relating to customer’s buying behavior analyzed using social media tools during the period of black Friday. Some data might be worth more and some data would be of lesser value. Data collected and analyzed from various sources related to customer satisfaction and feedback, sales enticements, competitive differentiation etc all have value. However the ultimate value of the data is quite complicated as it’s built from a composite of all these sub-dates. When more and more people within the company access the data and derive information out of it, makes the data more valuable.
How good the data is secured, depends on various factors and one of the biggest factors is he IT infrastructure of the organization. Following are some reasons through which we can determine the relation between infrastructure and data security :
a) Loss of data confidentiality: The data which is being transmitted over a network is always at a risk of being eavesdropped by an unauthorized party. The weak controls over access to the company network might result in data stored on the company’s servers and workstations subject to unauthorized access.
b) Loss of data integrity: If the network nodes are not setup properly and secured, the data in transit between these network nodes may be modified deliberately or otherwise. This would result in the Data may be modified in transit between network nodes, deliberately or
otherwise. This might result in the system receiving the data process it incorrectly or perhaps malicious data might get transmitted. However the end result is a loss for the company.
c) Denial of Service: The network infrastructure of the company relies on the continued functionality of all the network links that connects to its component codes. The disconnection of a network or slowdown of a network link may prevent the system from providing necessary services for the data analysis and collection process to effectively continue.
d) System compromise: The network infrastructure includes routers, Modems, DNS Servers, other communication and connectivity devices are at risk of being compromised and their resources being used by unauthorized party for illegitimate purposes as denial-of-service (DoS) attacks or bandwidth theft occurs.

Present the rationale for the logical and physical topographical layout of the planned network.

Current – Before up gradation, the network is straightforward like that of any of small business. Both logical and physical layout consist of mail server, database, firewalls, and so on i.e. all those elements which form a backbone of data-collection company.
Planned – In planned one, the company is moving from 1 floor to three floors. To avoid complexity, the layout will remain the same. On each of the floor the physical and logical layout remains identical. Only at the hub connection, the entire wired are gathered and tied at one place. For Wi-Fi related equipments, router with heavy-loading capability is required. The entire server will be shifted to third floor, so that it is not easily accessible to any client and unauthorized person.  

Design a logical and physical topographical layout of the current and planned network.

Current – Physical layout

Logical

Planned – Physical

Logical is more or less same like that of current’s logical diagram which more number of devices and wiring.

Illustrate the possible placement of servers.

Enhanced availability and resiliency – Hardened devices are placed as shown in the figure so as make sure that company has optimal service availability and remove any system and interface-based redundancy.
Network Foundation Protection – As shown in the figure, device hardening, and control and managment plane protection is ensured throughout the entire infrastructure to maximize availability and resiliency.
Public Services DMZ – This portion depicts the placement of devices to ensure endpoint server protection, intrusion prevention, stateful firewall inspection, application deep-packet inspection and DDoS protection.
Secure mobility – Under this, VPN protection is a priority for mobile users. It performs the persistent and consistent policy enforcement independent of location of staffs. It integrates web security and malware defense systems.
Internal Access – The equipments are arranged as shown in figure to ensure email-web security, stateful firewall prevention and global correlation and granular access control.
Threat detection and management – this part ensures intrusion prevention and infrastructure based telemetry so as to identify and mitigate threats.
Edge protection – This placement ensures traffic filtering, routing security, firewall integration and IP spoofing protection to discard anomalous traffic flows, prevent unauthorized access and block illegitimate traffic.

Create and describe a comprehensive security policy for this data-collection and analysis company.

Classification of Data
Any company’s user having authoritative access to data of the company may, modify data’s classification. The user may be in a position to change classification of data if there are sufficient and justifiable reasons of doing so. Resources doing so will be held strictly responsible for their changes. When a new data is created, it should be classified as “Company Only” data till it user reclassifies it as per one’s modifications. Users are held strictly for any change in classification they do.
Classifications for existing company’ data are given below:

· Company’s business information (memos, financial documents, planning documents etc) should be classified as “Company Only”;

· Company’s customer data (contact details, contracts, billing information etc) should be classified as “Company Only”;

· Network management data (IP addresses, passwords, configuration files, etc.) should be classified as “Confidential”;

· Human resources information (employment contracts, salary information, etc.) should be classified “Confidential”;

· Published information (pamphlets, performance reports, marketing material, etc.) should be classified “Shared”;

· E-mail between Company’s employees should be classified “Company Only”; and,

· E-mail between Company’s employees and non-Company employees should be regarded as “Unclassified”.

Classifications: Roles and Responsibilities

· Responsibility of the user to:

· Know one’s own clearance level and to understand what are the rights and limitations associated with that clearance

· Ensure all the data one’s going to work on is correctly classified;

· Ensure one is familiar with the restrictions associated with the data one’s working on and

· ensure all the data one works with is protected properly.

· Responsibility of all system owners and system administrators to:

· determine the security level for all users.

· proper verification of the equipment user is going to work with.

· installation of the equipment.

· Responsibility of each divisional manager is:

· Getting approval on clearance for employees.

· Clarifying the classification of data on systems.

· Clarifying the classification of equipment.

· Understanding and implementing the policy.

· Responsibility of the Security Officer to:

· approving all classifications

· Maintaining a list of all classifications

· Approving the final layout of the company’s network.

· controlling and managing all trusted points

Compliance

· Any unauthorized user accessing data, device, equipment or a location with insufficient privileges can face disciplinary action.

· Any user who is allowed to access a system that he/she controls on behalf of someone else with insufficient clearance can face disciplinary action.

· Any person who is trying to connect to an equipment for which one is not classified to access the network with an inappropriate part of the network can face disciplinary action,

· Any person who is transmitting data over the network without specific privileges can face disciplinary action.

Project Deliverable 5 Network Infrastructure and Security

With the parameters set forth at the onset of the project, present the infrastructure and security policy that will
support the expected development and growth of the organization. The network solution that is chosen should
support the conceived informatio
n system and allow for scalability. The network infrastructure will support
organizational operations; therefore, a pictorial view of workstations, servers, routers, bridges, gateways, and
access points should be used. Since the company will be merging wit
h a multinational company, virtualization
and cloud technology should be taken into consideration. In addition, access paths for Internet access should be
depicted. A narrative should be included to explain all the nodes of the network and the rationale fo
r the design.
Lastly, using the Confidentiality, Integrity and Availability (CIA) Triangle, define the organizational security
policy.

Section 1: Infrastructure Document Write a five to ten (5
–
10) page infrastructure document in which you:

Identify possibl
e network infrastructure vulnerabilities. Address network vulnerabilities with the appropriate
security measures. Ensure that consideration is given to virtualization and cloud technology. Design a logical
and physical topographical layout of the planned n
etwork through the use of graphical tools in Microsoft Word
or Visio, or an open source alternative such as Dia. Explain the rationale for the logical and physical
topographical layout of the planned network. Note: The graphically depicted solution is not
included in the
required page length. Illustrate the possible placement of servers, including access paths to the Internet and
firewalls. Note: facility limitations, workstations, printers, routers, switches, bridges, and access points should
be considered

in the illustration. Create and describe a comprehensive security policy for the company that will:

Protect the company infrastructure and assets by applying the principals of CIA. Note: CIA is a widely used
benchmark for evaluation of information systems

security, focusing on the three (3) core goals of
confidentiality, integrity, and availability of information. Address ethical aspects related to employee behavior,
contractors, password usage, and access to networked resources and information.

ANSWER

For a data collection and analysis company, the data is their most valued asset.
Hence its security should be of utmost importance to the company.

The overall
value of the data depends on its context i.e., how it is used, how often it is used,
what value
it derives for the company and so on. The value of Information
Technology to any company is its ability to store, present, manage, analyze and
protect the data to support the company do its business operations with the help
of it. Some types of data have i
nherent value for example profiles of a large