DMZ Design and LAN-to-WAN Security Solution
Henry Cherry
IS 3220
Mr. Clark
July 26, 2014
Lab #6 Design Your DMZ and LAN-to-WAN Security Solution
1. Describe how creating zones is helpful in the design of a DMZ and security solution for the LAN-to-WAN Domain. The purpose of a DMZ is to add an additional layer of security to an organization's local area network. An external attacker only has direct access to equipment in the DMZ, rather than any other part of the network.
2. How many zones does your design incorporate? Do you think an additional zone may be needed if the e-commerce server was implemented? Explain why or why not. 2 zones, I would implement a zone due to the costly nature of the e-commerce server I would want the added security.
3. While supporting IP-SEC VPNs provides a secure, remote-access solution for mobile employees, it does not scale and requires stringent security operations and management procedures. What alternatives would you recommend for a scalable remote-access VPN solution for your design? SSL because almost all web browsers support ssl it provides extra security without any additional software needed. 4. As per the functional and technical requirements, where must you terminate the VPN tunnels for remote-access users?
Terminate the VPN in a DMS and locate the Web front end in the DMZ. 5. Where would you put an e-mail filter and quarantine system in place to scan and monitor e-mails and e-mail attachments? Explain why. Antivirus software in place to scan in realtime , also enable scanning on the email provider options
6. Where would you put a content filter system in place to prevent employee from non-business use of the Internet connection? Explain why. At the firewall because it can intercept specific content in a packet before it reaches its destination.
7. Explain how your IDS/IPS positioning and solution achieves the C-I-A goals of the internal network.
An IDS is a software or hardware tool which allows to detect and warn about an attack or
IS 3220
Mr. Clark
July 26, 2014
Lab #6 Design Your DMZ and LAN-to-WAN Security Solution
1. Describe how creating zones is helpful in the design of a DMZ and security solution for the LAN-to-WAN Domain. The purpose of a DMZ is to add an additional layer of security to an organization's local area network. An external attacker only has direct access to equipment in the DMZ, rather than any other part of the network.
2. How many zones does your design incorporate? Do you think an additional zone may be needed if the e-commerce server was implemented? Explain why or why not. 2 zones, I would implement a zone due to the costly nature of the e-commerce server I would want the added security.
3. While supporting IP-SEC VPNs provides a secure, remote-access solution for mobile employees, it does not scale and requires stringent security operations and management procedures. What alternatives would you recommend for a scalable remote-access VPN solution for your design? SSL because almost all web browsers support ssl it provides extra security without any additional software needed. 4. As per the functional and technical requirements, where must you terminate the VPN tunnels for remote-access users?
Terminate the VPN in a DMS and locate the Web front end in the DMZ. 5. Where would you put an e-mail filter and quarantine system in place to scan and monitor e-mails and e-mail attachments? Explain why. Antivirus software in place to scan in realtime , also enable scanning on the email provider options
6. Where would you put a content filter system in place to prevent employee from non-business use of the Internet connection? Explain why. At the firewall because it can intercept specific content in a packet before it reaches its destination.
7. Explain how your IDS/IPS positioning and solution achieves the C-I-A goals of the internal network.
An IDS is a software or hardware tool which allows to detect and warn about an attack or