CNS paper PPT

timer Asked: Apr 26th, 2017

Question description

I have the CNS paper done. Can you please do the ppt for this paper.

Every thing should be in format. Don't put more information in slides,, put the bullet points and then give the explanation for that bullet points in the next slide to that.

Running head: CNS PAPER 1 CNS Paper CNS PAPER 2 Abstract By now each and every one in the world that is connected knows what exactly a network is. It is a system of interconnected devices and computers that share information among them. Network enables the access to resources and also connect to the people who are geographically distant. In different areas, there are larger and smaller networks but the security aspect is equally important in all the networks irrespective of the size of the networks. Data protection is very important in any organization as it is the key asset that decides the fate of the organization. As the network is the main area that is prone to allow the viruses and worms to attack the organization's data base it is important to secure the network and to prepare a robust plan that provides the maximum security. As the Internet technologies are emerging day after day, these attacks have become more common. This paper provides a design for a network that provides good security to the company Lincoln law firm. CNS PAPER 3 CNS Paper Lincoln partners Esq is a law firm, which have headquarters in Philadelphia and its other location such as Cherry Hill, Wilmington, Harrisburg and Princeton. I would like to propose a plan for the Wide Area Network that would ease the connectivity among the different branches of the organization. As per the plan the Philadelphia office consists of the different departments such as the Legal Group which consists of sub-sections such as partners, Associates, Paralegals and other cabin for office manager and IT admin separately. There are three partners in the Philadelphia office along with 10 associates and 15 paralegals who are under an office manager. All these people are supported technically by an IT admin. Rest of the branches have only three associates and one paralegal person. The proposed WAN connections use different protocols such as the Frame Relay, MPLS, ATM, SONET/SDH etc. and we would be concentrating only on the two mostly used protocols i.e. Frame Relay and MPLS. (Murthy, 2009) Frame Relay: This protocol is used for communication between different computer networks. Frame Relay establishes connection using a virtual circuit creating VPNs (Virtual Private Network). The connection among different routers of different branches are connected physically and then the virtual connection is established among different branches. The edge router of the virtual network receives the packet and analyses different possible routes to the packet using different logical connections and provides several paths depending upon the bandwidth and the speed that is opted by the user. These different routes established in the frame relay network are called as the VPNs and the packet finally reaches the destination edge router and then directed towards the requested system of the network. (Murthy, 2009). MPLS: It stands for Multiple label switching protocol. MPLS is also another mostly used WAN protocol. It is similar to a frame relay protocol but the difference lies in the labelling of CNS PAPER 4 packets. (Perez, 2014). When the packet is transmitted from the edge router of the branch network to the MPLS network, the edge router of the MPLS network tags a label to the packet about the to and from addresses and it is no more a normal IP packet but a labelled packet. Just like frame relay protocol it selects best possible logical path to reach the destination router and is directed to the required system. (Perez, 2014). 1: Design a Secure Network using either Visio, Paint, Word, etc. showing all locations. Below is the network that is being designed in order to show all the locations, the data connectivity, head office and the branch offices along with the remote offices that are all connected to the Internet. As Head office is main location to store all data and most of the users are present in head office so therefore network design in head office is little bit different as compared to other branch offices. CNS PAPER 5 All the computers, printers and all other network components are connected to the switch in every segment of the network. In between the router and the switch, the firewall is connected which provides security over unwanted packets. The firewall actually manages the traffic between the servers and the local networks. There are different types of firewalls that can be connected to the networks, such as packet firewall, stateful firewall, application layer firewall etc. These firewalls provide the security checks that are usually basic to the level. Any unwanted packets are avoided in by this firewall so that the servers and other systems. CNS PAPER 6 2: Design and provide the IP Scheme for the network Philadelphia Office Subnet Address IP Address Device Type Router Firewall - In Firewall – Switch (Lan) Switch Network Printers IT Admin System Paralegals (15- nos) - Attorneys (3-nos), – Associate (10-nos) – Desktop Printer (5-nos) – Laptop (4-nos) Firewall to Switch (DMZ) Switch Database server CNS PAPER 7 Fileserver Web server Communication Server SMTP Email Server Windows Server VPN Server Office Manager Router Cherry Hill Windows Server Office Paralegals (1- number) – Associate (3-nos) – Desktop Printer (4-nos) Router Wilmington Windows Server office Paralegals (1- number) – Associate (3-nos) – Desktop Printer (4-nos) CNS PAPER 8 Router Harrisburg Windows Server Office Paralegals (1- number) – Associate (3-nos) – Desktop Printer (4-nos) Router Princeton Windows Server Office Paralegals (1- number) – Associate (3-nos) – Desktop Printer (4-nos) 3: Establish a VPN between all offices and allow the ability to work from home. VPN is client server architecture which provides the service between clients and the servers. There are two types of VPN. Let’s discuss in detail about the two types called site to site and remote access virtual private networks. Remote Access VPN: This offers communication for the users to their respective organizations from a different location using the public infrastructure as the traverse medium such as the internet services. In this procedure, the VPN client needs to authenticate himself to get access to the VPN gateway of the organizations network. Once the authentication is CNS PAPER completed, the internal components of the network can be accessed. A remote access VPN usually relies on either IPsec or other layers like SSL to establish the connection. sometimes it requires layer 2 protocols such as PPTP and L2TP protocols. Site to site VPN: Uses a gateway device to connect a system from one location to the organizational network which is in another location. As discussed earlier they mostly use frame relay networks or MPLS clouds. 9 CNS PAPER 10 Remote access VPN from Home users helps to connect the individual hosts to private networks i.e. the attorneys, paralegals and other associates who need to access the head office’s network. Using the VPN, the client is said to access the database and the network of the organization for which he has to prove and authenticate his identity. This VPN encrypts the traffic and sent to the target network. Separate VPN client software have been used in client side to connect with organizational network. IP security (IPsec): IPsec will provide secure Internet communications and can operate in two modes. Transport mode used for gateway and end station, which also encrypts the data packet message itself while Tunneling mode used between gateways, which encrypts the entire data packet. Layer 2 Tunneling Protocol (L2TP)/IPsec: The L2TP and IPsec protocols combine their best individual features to create a highly secure VPN client. Since L2TP isn't capable of encryption, it instead generates the tunnel while the IPsec protocol handles encryption, channel security, and data integrity checks to ensure all of the packets have arrived and that the channel has not been compromised. Secure Sockets Layer (SSL) and Transport Layer Security (TLS): These protocol work utilizing a handshake technique. Toward the start of a SSL session, a SSL handshake is performed. This handshake delivers the cryptographic parameters of the session. These parameters, typically digital certificates, are the methods by which the two frameworks trade encryption keys, validate the session, and make the secure connection. 4: Allow all employees the ability to access servers at the other locations The users who are working in both the office and also in remote locations will be able to access all the servers that are located in DMZ zone using the VPNs. For the purpose of security and concerns the monitoring capability will be accessed only by the administrator. VPN client software from user can create a tunnel for encrypted connection between user and server. All the CNS PAPER 11 remote user first creates a connection to head office VPN server, from there it redirects the authorized to user to access the branch office which is located in various places. Brach offices does not separate firewall as like headquarters. In the branch office, router works like firewall, which helps to protect the network from unauthorized access or malicious programs. Name VPN Server Port # Source Destination Action Track 80,443,9 192.168.20.X, Allow Log 93,465,, 20,21,, Site to Site VPN 80,443,9 Any 192.168.20.X, Allow Log Any 192.168.20.X, Allow Log 93,465, 20,21 Remote Access 80,443,9 93,465, 20,21 5: Show and/or document all necessary security controls and its configuration. The network design consists of multiple branch offices and external users connected through VPN over internet and also the users present in local head office. It is very important to prevent an unauthorized access to any information resides in servers. All servers are placed in DMZ zone so firewall will handle all the security related issues, it will perform filtration of requests originated from different applications & users to specific servers in specific times. If CNS PAPER 12 anything looks suspicious Firewall will send alerts to preset notification email address for administrators. All Users from local office will have strict policy to access the servers, for this Administrator had to add them in desire Access control list based on the request. All servers will have Virus scanning schedule in night shift and if any virus found, it will send alerts email to administrator. As servers are in DMZ and can be accessible through internet so they are more vulnerable and attackers may try to get an unauthorized access to servers to steal the information. Only Users from VPN either Remote office or working from home will have access to specific servers based on their nature of job, every activity done on server by any users will be logged with Time & Date for future auditing and logging. By default, each computer within the office can communication & share information between them, but only the users or administrator will be able to share information between head office computers with remote office servers and computers, this is how administrator will be able to monitor the services and network of remote sites as well, because all sites are connected to Head office using site to site VPN. 6: Update the firewalls to ensure security policy is enforced A detailed Firewall Access Control List is defined in below mentioned table, only matches source & destination will allow to pass the traffic from Firewall and rest of the traffic will discarded based on the specific rule in the end of this table. In this policy all users from local head office & remote offices will be able to access servers placed in DMZ zone and will be able to communicate each other as well. Furthermore, the users working from home will connect using VPN and those VPN users will also be able to access the servers and can do their work as if they working in office. CNS PAPER 13 Name Port # Source IP Destination IP Action Track IT Admin Any Any Access Log Manager Any Any Allow Log Access Control Any Any Deny Alert to IT Access Control Any Any Deny Alert to IT Access to VPN Any Any Deny Alert to IT VPN Server 80,443,9 192.168.20.X, Allow Log 93,, 465,3306, .20,21, Local User 80,443,9 Access 93, 192.168.10.X 192.168.20.X Allow Log 192.168.10.X, Allow Log Allow Log 465,3306 .20,21 Local User to 80,443,9 Remote Access 93,, 465,3306, .20,21 Branch office 80,443,9 192.168.30.X 192.168.20.X, User Access 93,, (Cherry Hill) 465,3306, .20,21 CNS PAPER 14 Branch office 80,443,9 192.168.40.X User Access 93,, (Wilmington) 465,3306, .20,21 192.168.50.X 192.168.20.X Branch office 80,443,9 User Access 93,, (Harrisburg) 465,3306, .20,21 Branch office 80,443,9 User Access 93,, (Princeton) 465,3306, .20,21 Server 80,443,9 Communication 93,20,21 192.168.60.X 192.168.20.X 192.168.20.X 192.168.20.X Allow Log Allow Log Allow Log Allow Log Allow Log Allow Log,, Server 80,443,9 Communication 93,20,21 192.168.20.X, (Cherry Hill), Server 80,443,9 Communication 93,20,21 (Wilmington) 192.168.20.X,, CNS PAPER 15 Server 80,443,9 Communication 93,20,21 192.168.20.X Allow Log Allow Log Deny Alert/Log, (Harrisburg), Server 80,443,9 Communication 93,20,21 192.168.20.X, (Princeton), Clean up Any Any Any 7: Show the DMZ on the diagram and placement of servers and Eliminate Outsourcing Demilitarized Zone is place in network where all Servers and important equipment is configured. So that it will not affect the security policy & access control lists implemented for all other computers in office. Servers and Equipment in DMZ zone have minimal security configurations and can be accessible directly from Internet. Access from Internet is available for few servers based on its nature & applications, for example Web Server & Email server will have access to everyone from internet While for Application, Database servers only specified users, remote offices and VPN clients will be allowed to access. It will not accept any request from other than these specified addresses. CNS PAPER 16 DMZ zone has its own range of IP address and subnet. Every server will be configured with unique IP Address and it will not change automatically. Similarly, users from local office will also have permission to access these servers but with different security policies & access control lists. By placing the servers in secure DMZ zone we would be able to eliminate the outsourcing services like email hosting & web hosting. Both servers will be configured and place in DMZ zone and will available to access from any person around the globe connected to Internet. CNS PAPER 17 References Murthy, C. (2009). Data Communication and Networking. Mumbai, IN: Himalaya Publishing. House. Retrieved from Perez, A. (2014). Network Security. London: ISTE.

Tutor Answer

(Top Tutor) Studypool Tutor
School: Purdue University
Studypool has helped 1,244,100 students
flag Report DMCA
Similar Questions
Hot Questions
Related Tags
Study Guides

Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors