Description
Imagine you are an Information Systems Security Officer for a medium-sized financial services firm that has operations in four (4) states (Virginia, Florida, Arizona, and California). Due to the highly sensitive data created, stored, and transported by your organization, the CIO is concerned with implementing proper security controls for the LAN-to-WAN domain. Specifically, the CIO is concerned with the following areas: Protecting data privacy across the WAN, Having an area designed to trap attackers in order to monitor attacker activities, Filtering undesirable network traffic from the Internet, Filtering the traffic to the Internet that does not adhere to the organizational acceptable use policy (AUP) for the Web, Allowing a means to monitor network traffic in real time as a means to identify and block unusual activity, Having a zone that allows access for anonymous users but aggressively controls information exchange with internal resources, Hiding internal IP addresses, Allowing operating system and application patch management.
The CIO has tasked you with proposing a series of hardware and software controls designed to provide security for the LAN-to-WAN domain.Question: The CIO anticipates receiving charts or diagrams created in Visio or an equivalent such as Dia or OpenOffice
Explanation & Answer
Hello studentAttached the complete work
Network LAN to WAN Project
A topology is a map of a network that indicates network segments (Layer 2 networks),
interconnect points, and user communities
We want to design the network logically and not physically
Networks, interconnection points, the size and reach of networks and the type of
interconnection devices are identified.
We do not (yet) deal with specific technologies, specific devices, or cabling considerations
Our goal is to design a secure, redundant and scalable network
Hierarchical design of a network
In the past, a very structured network called Collapsed Backbone
All wiring goes from the tips to a central place (star connection)
The number of wires was not problematic when the tips used "shared bandwidth" with coaxial
cable instead of hubs or switches
Offers ease of maintenance
Still quite used
Today, with larger networks, we are increasingly using a hierarchical structure
A hierarchical model helps to develop a network into pieces, each piece focused on a different
goal
An example of a hierarchical network appears below
The 3 layers shown:
Core Layer: High-performance routers and switches and availability
Distribution layer: routers and switches that implement policies
Access layer: connects users with hubs and switches
1
Why use a hierarchical model?
An unstructured network (spaghetti) creates many adjacencies between equipment
Bad for route propagation
A flat network (layer 2) is not scalable because of the broadcast
Minimizes costs, since the equipment of each layer will be specialized for a certain function
Example: Uses fast switches in the core block, without additional features
Simpler to understand, test and fix
2
Facilitates changes, since interconnections are simpler
Replication of elements makes it simpler
Lets you use routing protocols with "route summarization"
Comparison of Hierarchical and Flat Framework for the WAN
You can use a router loop
OK for small networks
For large networks, traffic crosses many hops (higher delay)
Any break is fatal
Redundant routers in a hierarchy give:
▪
▪
▪
More scalability
More availability
Lower delay
3
Comparison of hierarchical structure with flat for LAN
The basic problem is that a large broadcast domain significantly reduces performance
With a hierarchical network, the appropriate equipment is used in each place
Routers (or VLANs and Layer 3 switches) are used to delimit broadcast domains
High-performance switches are used to maximize bandwidth
Hubs are used where cheap access is required
Full-mesh and hierarchical mesh topologies
Full-mesh offers excellent delay and availability but is very expensive
A cheaper alternative is a partial mesh
A partial mesh type is the hierarchical mesh, which has scalability but limits the adjacencies of
routers
For small and medium-sized businesses, the hub-and-spoke topology is widely used
4
Full Mesh Topology
Partial Mesh Topology
5
hub-and-spoke topology
The classic 3-tiered hierarchical model
It allows the aggregation (junction) of traff...
Review
Review
