IS3220 Project Network Design Chris Wig
IS3220 Project Part 2: Network Design
Chris Wiginton, Jose Rosado
ITT Technical Institute, Tampa FL
Instructor: Sherman Moody
28 October, 2014
The best network design to ensure the security of Corporation Techs internal access while retaining public Web site availability consists of several layers of defense in order to protect the corporation’s data and provide accessibility to employees and the public.
The private-public network edge is considered particularly vulnerable to intrusions, because the Internet is a publicly accessible network and falls under the management purview of multiple network operators. For these reasons, the Internet is considered an untrusted network. So are wireless LANs, which-without the proper security measures in place-can be hijacked from outside the corporation when radio signals penetrate interior walls and spill outdoors.
The network infrastructure is the first line of defense between the Internet and public facing web servers. Firewalls provide the first line of defense in network security infrastructures. They accomplish this by comparing corporate policies about users' network access rights to the connection information surrounding each access attempt. User policies and connection information must match up, or the firewall does not grant access to network resources; this helps avert break-ins.
Network firewalls keep communications between internal network segments in check so that internal employees cannot access network and data resources that corporate policy dictates are off-limits to them. By partitioning the corporate intranet with firewalls, departments within an organization are offered additional defenses against threats originating from other departments.
In computer networks, a DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. It prevents outside users from getting direct access to a server that
Chris Wiginton, Jose Rosado
ITT Technical Institute, Tampa FL
Instructor: Sherman Moody
28 October, 2014
The best network design to ensure the security of Corporation Techs internal access while retaining public Web site availability consists of several layers of defense in order to protect the corporation’s data and provide accessibility to employees and the public.
The private-public network edge is considered particularly vulnerable to intrusions, because the Internet is a publicly accessible network and falls under the management purview of multiple network operators. For these reasons, the Internet is considered an untrusted network. So are wireless LANs, which-without the proper security measures in place-can be hijacked from outside the corporation when radio signals penetrate interior walls and spill outdoors.
The network infrastructure is the first line of defense between the Internet and public facing web servers. Firewalls provide the first line of defense in network security infrastructures. They accomplish this by comparing corporate policies about users' network access rights to the connection information surrounding each access attempt. User policies and connection information must match up, or the firewall does not grant access to network resources; this helps avert break-ins.
Network firewalls keep communications between internal network segments in check so that internal employees cannot access network and data resources that corporate policy dictates are off-limits to them. By partitioning the corporate intranet with firewalls, departments within an organization are offered additional defenses against threats originating from other departments.
In computer networks, a DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. It prevents outside users from getting direct access to a server that
References: Cisco. (n.d.). (Cicso) Retrieved 10 26, 2014, from Cisco ASA 5500-X Series Next-Generation Firewalls: http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/index.html HP Support document - HP Support Center. (n.d.). Retrieved October 10, 2014, from http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?sp4ts.oid=412144&spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c02480766-2%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken HP Support document - HP Support Center. (n.d.). Retrieved October 10, 2014, from http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay?docId=bps53634&ac.admitted=1413144875821.876444892.199480143 Network Access Control. (n.d.). Retrieved 10 26, 2014, from Wikipedia: http://en.wikipedia.org/wiki/Network_Access_Control Pascucci, M. (2013, August 06). Security Management at the Speed of Business. Retrieved October 25, 2014, from algosec.com: http://blog.algosec.com/2013/08/the-ideal-network-security-perimeter-design-part-1-of-3.html Vaughan-Nichols, S. (2013, January 30). How to fix the UPnP security holes | ZDNet. Retrieved from http://www.zdnet.com/how-to-fix-the-upnp-security-holes-7000010584/ Wodrich, M. (2009, November 10). Vulnerability in Web Services on Devices (WSD) API - Security Research & Defense - Site Home - TechNet Blogs. Retrieved from http://blogs.technet.com/b/srd/archive/2009/11/10/vulnerability-in-web-services-on-devices-wsd-api.aspx