Project 1
Bryan Kelly
02/09/2014
NW 306 Project 1 Deliverables: Two Diagrams, One Summary
Bryan Kelly
02/09/2014
NW 306
“Intro to Network Security”
Project 1: Network Diagram with Security Features Defense in Depth and Web Security Summary Report
The purpose of this summary is to explain the changes made in the to-be diagram from the previous as-is diagram. Also, to note the protective hardware added, and the justification for the changes made. The to-be diagram has been changed or altered to reflect a defense in depth approach. This diagram is upgraded with the addition of multiple security layers. This diagram has the removal of its wireless access points and the addition of VLAN subnetting for improving network performance and reducing network congestion.
Creating layers of firewalls and subnetting prevents other compromised devices from being used as an attack platform against the entire network. An additional firewall security layer is added to the two firewalls from the as-is diagram. This is a storage firewall to protect the back-up server. The back- up storage layer is an added layer of security that’s more controlled and will be less likely to security breaches from the other layers.
A DMZ network has been set up to add another layer of security. A DMZ is layered defense created to limit access deeper into the network. Connected to that particular firewall is the addition of a storage router, that makes it now three routers in the network diagram as oppose to the two routers in the as-is diagram. To ensure software countermeasures, the deployment of anti-virus and firewall software for servers and computers are implemented. Anti-virus software for servers would operate at the database layer while other antivirus and software firewalls would operate at the client layer. The use of a personal firewall protects each of the client machines, creating a virtual layer.
02/09/2014
NW 306 Project 1 Deliverables: Two Diagrams, One Summary
Bryan Kelly
02/09/2014
NW 306
“Intro to Network Security”
Project 1: Network Diagram with Security Features Defense in Depth and Web Security Summary Report
The purpose of this summary is to explain the changes made in the to-be diagram from the previous as-is diagram. Also, to note the protective hardware added, and the justification for the changes made. The to-be diagram has been changed or altered to reflect a defense in depth approach. This diagram is upgraded with the addition of multiple security layers. This diagram has the removal of its wireless access points and the addition of VLAN subnetting for improving network performance and reducing network congestion.
Creating layers of firewalls and subnetting prevents other compromised devices from being used as an attack platform against the entire network. An additional firewall security layer is added to the two firewalls from the as-is diagram. This is a storage firewall to protect the back-up server. The back- up storage layer is an added layer of security that’s more controlled and will be less likely to security breaches from the other layers.
A DMZ network has been set up to add another layer of security. A DMZ is layered defense created to limit access deeper into the network. Connected to that particular firewall is the addition of a storage router, that makes it now three routers in the network diagram as oppose to the two routers in the as-is diagram. To ensure software countermeasures, the deployment of anti-virus and firewall software for servers and computers are implemented. Anti-virus software for servers would operate at the database layer while other antivirus and software firewalls would operate at the client layer. The use of a personal firewall protects each of the client machines, creating a virtual layer.