Please no duplication other students, especially Grantham University Designing a Network Complete the project on page 289 of the textbook by researching all the components needed to design a network that meets the project’s specifications. Next, write a paper in current APA format that lists each device that will be required, its primary functions and capabilities, a current cost estimate for all hardware, and the amount of personnel that will be required to maintain the network. Project A medium size company needs to know what components they will need to establish a LAN. They plan to have 1,200 users with e-mail, file and print and internet services. They also plan to have 20 servers used as LAN, proxy, and database services. Four department will need sufficient bandwidth and access applications from a database server. They are also going o expand to eight branch offices located in different states, two with only 10 users needing just a single Internet. What hardware components does the company need to build the LAN for all areas? Grading Criteria AssignmentsMaximum Points Meets or exceeds established assignment criteria40 Demonstrates an understanding of lesson concepts20 Clearly presents well-reasoned ideas and concepts30 Uses proper mechanics, punctuation, sentence structure, spelling and APA structure.10 Below is the lecture for the week Defense in DepthDefending a network can be a busy job, especially if the network you are defending is a large one with a lot of users. This lecture will focus on some of the most common defense in depth measures that are available, and maybe even provide a few other perspectives you haven’t heard before. One of the most daunting tasks we face as network defenders is that there are so many avenues of potential attack that it can become overwhelming trying to keep track of all the methods designed to keep the bad guy out. Fortunately, history has shown us that there are some tried and true methods that do a great job at protecting the network. When they are all used in combination with each other, the odds of a successful network penetration drops significantly. We also see that if we all had an unlimited budget, we could spend enough on these technologies to make the hacker’s mission almost impossible. There are dangers that lurk around every corner of the network. Anyone who thinks otherwise simply doesn’t understand the reality of this fight. All of the methods discussed in this lecture can be combined to create a proactive defensive posture that eliminates most risks and keeps the enemy at bay. Enemy is a strong word, but it is the mindset all network defenders must take if they are serious about their job. Leaving just one of these methods off of the list will strip away your situational awareness and leave your network vulnerable to someone who wants the information you have. Applying layers of security is the commonly held belief that will keep a network the most secure, and it has worked up to this point.For more information, please read the following articles:Ray, L. (2013). A matrix model for designing and implementing multi-firewall environments. International Journal of Information Security Science. 2(4), 119-128.Hunter, P. (2013). Cyber security’s new hard line. Engineering & Technology, 8(8), 68-71.LECTURE SLIDE SHOW SCRIPTIS696 Week 5 – Defense in DepthSlide 2Defending a network can be a busy job, especially if the network you are defending is a large one with a lot of users. And one of the most daunting tasks we face as network defenders is that there are so many avenues of potential attack that it can become overwhelming trying to keep track of all the methods designed to keep the bad guy out. Fortunately, history has shown us that there are some tried and true methods that do a great job at protecting the network and when they are all used in combination with each other, the odds of a successful network penetration drops significantly. And I also tend to think that if we all had an unlimited budget we could spend enough on these technologies to make the hackers mission almost impossible. So this week’s lecture will contrast the one from last week by focusing on some of the most common defense in depth measures that are available and maybe even provide a few other perspectives you haven’t heard before.Slide 3Right up front, we need to recognize the importance of network situational awareness. As we think about defensive measures that provide the information to ensure administrators are aware of the traffic that is traversing their networks, we also need to consider how they will maintain a solid awareness of all the data that will be coming to them. So the areas that we’ll cover this week are concepts of defense in depth, physical security, firewall configuration, antivirus, we’ll also talk about user authentication, encryption, host and network based intrusion detection systems, log analysis, digital forensic analysis, and we’ll wrap things up with intrusion investigations and insider threats. Today’s networks face a slew of security risks that, until now, has not been in computing history. From script kiddies running randomly downloaded code against your machines, to state sponsored warriors busting through the cyber door, and worst of all, the insider threat in the form of a disgruntled system administrator; the threat is real and the potential loss is huge. These threats pose a risk that cannot be defeated by simply throwing a few firewalls into the mix. These threats require a well thought out methodical approach at defending each layer of the network to ensure the bad guys can’t get into your systems. Defense in depth is the best method to keep the bad guy out of your systems. So we need to cover a wide range of defense in depth strategies starting and physical security is a great place to start. Slide 4Physical security is integral in the defense in depth model. What good is a firewall if your servers are sitting in an unlocked room that everyone is able to access? Just as a bank locks away their valuable assets in a vault away from the hands of a thief, organizations should also lock away their valuable systems. Servers, firewalls, routers, and any other core network devices should have physical access controls applied. Doors with deadbolt locks should be used at a minimum. Cipher locks or RFID badged entry is more optimal and allows a physical barrier as well as limiting access to system administrators. Add human guards to the equation and you have a pretty sound physical posture. If a hacker can gain physical access to any of your systems, then the game is already lost. This can’t be overstated. It doesn’t take much skill or creativity to destroy something when you can physically hold it in your hands. So the physical security aspect should be the first thing considered. And once the physical perimeter is locked down you can move on to the electronic perimeter. Firewalls are used as a first line of defense on the outer edge of the network perimeter. Many organizations think they are protected by simply adding a firewall to the equation but there is so much more that is required. Firewalls can be configured in many different ways depending on the needs of the network. Some good baselines to employ are deny by default and white listing. Deny by default, as its name suggests, denies all traffic that is not explicitly allowed. White listing is the formation of a list of known good IP addresses and ports that are allowed to communicate with the internal network. This list can be broad enough to encompass normal internet sites internal users routinely access or strict enough to only allow access to other company networks. Both of these postures greatly limit the potential for nefarious activity. All networks, of course, cannot be so strict that it hinders productivity so a demilitarized zone should be established for public facing servers. It has often been said that our networks resemble cookies with a crunchy outer shell and a soft gooey section in the middle. This analogy is very accurate because we tend to think that if the firewalls are locked down we are safe from all forms of network attack. Unfortunately, the potential for risk is still very high. Virus’ and phishing attempts can be sent through email, or unknowingly accessed on websites and these are two services that are always allowed to traverse the firewall. These files can take advantage of system vulnerabilities and potentially provide a foothold to an attacker. It is imperative that antivirus and malware protection software is installed on each client system and users are educated about these risks. Updating antivirus signature files on a regular basis is also necessary to continue to be protected from new and emerging vulnerabilities. Systems should be patched to the most current level to limit the risk even further. How users access the system and what level of access they have adds additional security to the internal network. Slide 5User’s access should be restricted to the lowest level needed to accomplish their tasks. This is not indented to say users can’t be trusted but rather to protect the network from unintended actions. If all users have admin access and a successful phishing attempt occurs, then the malicious code will run with administrative rights; an action that can quickly cripple a network. However, this same phishing attempt would not get very far if it had to run at a much lower privilege level. Password requirements should also be set to require a combination of uppercase and lowercase letters, numbers, special characters, and a long enough length to ensure brute force methodologies will fail. Encrypting files or even complete hard drives can also go a long way to maintain local level security as well as ensure data integrity. Many open source programs exist that provide the strongest encryption available on planet earth. These methods will keep your systems safe from some of the common methods of attack but as sure as there are cyber criminals, there will always be a new method that we have to monitor. Monitoring devices placed on the perimeter, as well as inside of the network, provide security analysts with data to determine what is happening under the surface. These intrusion detection systems, or IDS for short, can be placed in a variety of locations around the network including host based versions that run on the user’s systems. The IDS captures network traffic by sniffing on the line and compares the captured data to a list of signatures. If any of the signatures are matched an entry is placed in a log for analysis. The signatures for a host based IDS differ from those used on a network based IDS but both are designed to find potential inbound or outbound hacker activity. Depending on the size of the network, the log files can quickly go out of control so it is important to have dedicated analysts who can review, and more importantly, interpret the data to determine if its potential risk.Slide 6 All of this without some form of log analysis will make an IDS and other similar devices worthless. There is no point in collecting the data if there is no one to determine positive and negative alerts. More importantly, even an analyst is worthless without the proper training. Logs should be analyzed at least every 24 hours or more often if the network traffic levels warrant it. IDS’ aren’t the only devices on the network that generate logs. Firewalls, routers, and system logs all need to be monitored and reviewed as well. If anything nefarious is detected, an investigation should be launched to determine the depth of the intrusion. Digital forensic analysis can go a long way to determine the attacker’s modus operandi and the target they are trying to gain. Results of the investigation can lead to better IDS signature development and more robust firewall rules. And this cycle will continue in perpetuity as long as the bad guys keep trying to break in. But the biggest threat of all comes not from the outside, but the inside. All experts agree that the most dangerous threat to any network is from someone who already has authorized access. Whether it’s a disgruntled system administrator wreaking havoc after being fired, or an angry average user purposefully responding to phishing attempts, the threat is almost always undetectable. Even more dangerous is the insider who plays the role of a corporate espionage agent selling company secrets to the competition. Insiders cannot be monitored or controlled like a network device and so we are relegated to cleaning up the mess that they leave behind. And I tend to think that many of the major hacking activities of the last few years probably had an insider component. The OPM hack, for example, moved so much data that it seems impossible no one would have noticed it was happening. I suspect an insider was at work in that operation but I don’t have access to that investigation so I have no way to confirm my suspicions. Slide 7 Ok, so here’s the deal, there are dangers that lurk around every corner of the network and anyone who thinks otherwise simply doesn’t understand the reality of this fight. All of the methods discussed in this lecture can be combined to create a proactive defensive posture that eliminates most risks and keeps the enemy at bay. Enemy is a strong word, but it is the mindset all network defenders must take if they are serious about their job. Leaving just one of these methods off of the list will strip away your situational awareness and leave your network vulnerable to someone who wants the information you have. Applying layers of security is the commonly held belief that will keep a network the most secure and it has worked up to this point.