Assignment
Nb7524
Cis498ProjectDeliverable4InfrastructureandSecurity.pdf
RUNING HEAD: Infrastructure and Security 1
Project Deliverable 4: Infrastructure and Security
Hana Abebe
Reddy Urimindi, PhD, PMP
Monday, March 1, 2021
RUNNING HEAD: Infrastructure and security 2
Infrastructure
Physical layout: This is the diagram of the physical layout because it only shows the position of
network devices. Diagram A
The below image is the diagram of the logical layout because it contains Internet protocols (IP
address). Diagram B
RUNNING HEAD: Infrastructure and security 3
Servers are very important for handling clients. Without servers, we can't handle our
involving computers. These are specialized computers for handling the networks. These provide
reliability for the network. They maintain and improve the network itself. They are internal
machines of any network, while clients can be connected from the outside of the org. A server can
handle multiple clients (Platzer, 2018). There are different topologies for connecting a server to
another server or server to the client of clients. For better and secure working of a, there are needed
some security mechanism. There is a different security mechanism. Sometimes a firewall can be
used. A firewall is not software but a part of the hardware, and this is not being a router, but a
router itself can be configured. Rather than this, a unified security device can also be used if
required. This device can also perform the functions of a firewall. The following is an explanation
of the server's placement.
Edge protection- the architecture ensures routine protection, gateway network
synchronization, and IP spoofing that do not permit traffic to flow, allowed access control, and
unauthorized traffic blocking.
Management and detection of threat - In detecting and minimizing the threat, the
Component is responsible for vulnerability scanning and infrastructure dependent on telemetry.
Initial shield of the network- To ensure optimum resilience, the hardness of systems,
aircraft maintenance safety and control exist throughout any infrastructure.
Availability enhancement and resiliency - The hardened devices positioned in
compliance with the diagram can be used to ensure that the enterprise has the best service access,
including eliminating any interaction with the system, particularly durability dependent.
RUNNING HEAD: Infrastructure and security 4
Internal access to the devices is arranged to ensure email-web security, stateful firewall
prevention, granular access control, and correlation of global.
Public service DMZ-the section is responsible for device placement, facilitating endpoint
server protection prevention of intrusion, stateful firewall inspection, intrusion prevention, deep-
packet application inspection, and denial of service prevention.
Secure mobility- the VPN act as a priority for people who use mobile devices in the
organization. It performs a persistent and consistent enforcement policy independent and
responsible for locating staff in an organization. It integrates systems that defend against malware
and web security.
The above diagram A contains a small client-server model. It contains a server, firewall,
router and clients. It is a small network that can be used in a small org. These are the simplest
network in terms of infrastructure. It is a good idea for small org because there is less security
requirement or sometimes no security OS required if you are using it for yourself. But this will not
be sufficient for big org (Platzer, 2018, p. 20) because there can be needed a greater number of
servers. After all, there can be a greater number of clients. Also, there will be a huge amount of
security because a big org will connect to its outside environment.
When we are using more than two servers, the network will need to separate into several
subnets. A router or a firewall can provide much simpler access control. When designing access
control, the probability of screwing up will be lower when our network is divided into segments.
Then we can consider every segment for the category in which it fits. These servers are easy to
design, but this isn't easy to monitor for security (Platzer, 2018, p. 23). There will become traffic;
for handling this between the User and our server, the server has to work as a checkpoint.
RUNNING HEAD: Infrastructure and security 5
Detail of layout:
Key Considerations – Most of the network router (wired) but not mandatory for all are connected
using an ethernet cable.
Optional Components - Connecting the router for Internet access, printers, access points and
other devices is not needed for the remaining network to functioning.
Limitations – If the ethernet router is not supporting other ethernet connection, then there is a need
for another device to expand the layout. The device may be a network switch.
The rationale for logical and physical layout:
Current network layout –before being upgraded, the network is normal, like any other
business layouts that exist (Platzer, 2018, p. 21). Database, mail server and firewall are all
contained in the physical and logical layout of the elements that form the backbone of a company
that deals with data collection.
Planned network layout-unlike the current network layout, and the planned network has the
company moving to the third flow from the first floor. Every floor has a logical and physical layout
RUNNING HEAD: Infrastructure and security 6
remaining identical. All the wiring is tied after being gathered in the hub. The heavy-loading router
is important for facilitating Wi-Fi types of equipment. To avoid unauthorized access and easy
access, the server should be moved to a third flow (Platzer, 2018, p. 22). Besides, some other
rationales include:
The number of clients
The number of servers.
Range of servers (How many clients can be controlled by server).
Several routers.
The number of bridges.
The number of access points.
Size of org (small or large)
Security Policy:
CIA is the Central Intelligence Agency that provides a security mechanism for securing the
company data (Zaffar, 2019). It provides three components of security.
Confidentiality
The term confidentiality means privacy. It involves measures to ensure the data of a
company does not fall into the wrong hands while ensuring that the right people get access to the
information with ease. Access to private data must also be restricted to authorized people to data
whose view is in question (Sohrabi Safa et al., 2016, p. 71). Data in a company should be put in
categories known to measure the amount of damage when unauthorized people access them.
Measures can be implemented to protect data according to its categories. To ensure data
confidentiality, training of people privy to those data is recommended. The training will include
RUNNING HEAD: Infrastructure and security 7
information security risks. Training also helps authorized people to understand the security risk
factors and how they can be avoided. The use of complex encryption and social engineering, data
compression, two-factor identification, biometric verification and soft tokens are other credentials
that must be given to approved staff. Consumers use another approach to guarantee secrecy to
minimize the number of locations of sensitive data. Other steps include holding only airborne
machines and disconnection of storage units.
Integrity
Integrity means the act in where the trustworthy, consistency and accuracy of data is
maintained through the life cycle. Transit change of data must be avoided; hence procedures must
be geared to avoid data alteration by unauthorized people. Approached measures include access
control and file permission. Errors resulted from changes or accidental deletion by authorized
people may be prevented using version control. Server crush or electromagnetic pulse may be used
to detect changes that occur not from human efforts. Backups are necessary for data restoration and
bringing data to its exact state (Sohrabi Safa et al., 2016, p. 73). In the case of verification integrity,
some data such as checksums may be included.
Availability
For data to be continuously available, the following must be adhered to; the hardware must
be maintained rigorously, immediate hardware maintenance when necessary and ensure operating
system maintenance so as to avoid software conflicts. Necessary system upgrades should be done
to ensure the availability of data. Bandwidth communication which is adequate should be
enhanced, including bottlenecks occurrences prevention in the database. RAID, redundancy, and
the high-availability cluster can lead to serious consequences in case hardware issues arise.
RUNNING HEAD: Infrastructure and security 8
Disaster recoveries which are adaptive and fast are important in case of the worst scenarios. The
capacity of damage will depend on the size of the disaster recovery plan. Interruption of connection
which might lead to data loss as a result of the occurrence of natural disaster and fire, may be
prevented by the installation of backups that are stored in a geographically isolated place and
comprises of features such as waterproof and fireproof (Sohrabi Safa et al., 2016, p. 74). Security
features such as proxy servers and firewalls can be used to secure it from harmful actions such as
DoS attack and intrusions of the network.
Ethical aspects related to employee
Employee's behavior
All employees should follow the ethical procedures in the company which includes;
ensuring all customers data being worked on is correctly classified, ensure the data being operated
on is well secured, no employee owns any level clearance hence employees must understand the
rights and limitation associated with it (Kamal et al., 2018, p. 301). Employees who directly or
indirectly introduce malicious programs to the system stand to be penalized; the company
copyright must be protected with all means possible hence no unlicensed software should be
introduced to the system.
Contractors
Contractors are advised not to share any statement of warranty while outside the company.
They are also required to design all users' security levels. (Kamal et al., 2018, p. 303).
Password usage
All system users must keep their respective passwords secret, and any case of password
sharing, which lead to fraud, may lead to penalties and punishment. All the passwords are
RUNNING HEAD: Infrastructure and security 9
recommended to be changed on a routine basis. Passwords should be strong as much as possible.
Avoid the use of a password that resembles the job title and personal information. In an attempt to
develop strong passwords, many corporations use guiding principles for their usernames and
passwords. In weak passwords, policies should preclude such functionality (Sohrabi Safa et al.,
2016, p. 76). Any personally identifying details such as account numbers, children's names or
favorite sports teams, for example, should not be included in the password and in any word or
sentence in a Blacklist password.
Solid login policies also have a device password time limit. It ensures that credentials fail
after a defined time – such as 90 or 180 days – and people are coerced into modifying their
password so that the few passwords do not re-use them. The policy will also ask the User in the last
six to 12 months to create a new password from every other one they have used. Although secure,
users sometimes forget about strong passwords. Consequently, the recovery methods for
passwords can differ depending on the program, website or computer access. Methods may include
answering some questions about protection, verifying emailed information asking if users wish to
restore their password or entering numerical security codes sent to a cell phone using text to
authenticate users who have to restore or retrieve their initial passwords.
Networked Resources and information access
Unauthorized users may face disciplinary action in data access, equipment or device and
position without any privilege. The users who access system controls of other people in the
organization must face disciplinary action unless equipped with sufficient clearance from
authorities concerned (Sohrabi Safa et al., 2016, p. 75). Employee and any person who connect to a
device, network, and equipment that is not at his/her level of privilege or classified may face
RUNNING HEAD: Infrastructure and security 10
disciplinary action as a result. Any person found transmitting data through the organization's
network without privileges incur disciplinary action.
RUNNING HEAD: Infrastructure and security 11
References.
Kamal, N., Samdani, H., & Yameen, A. (2018). Engaging employees through ethical
leadership. Global Social Sciences Review, III(III), 300-
316. https://doi.org/10.31703/gssr.2018(iii-iii).17
Platzer, A. (2018). Cyber-physical systems: Overview. Logical Foundations of Cyber-Physical
Systems, 1-24. https://doi.org/10.1007/978-3-319-63588-0_1
Platzer, A. (2018). Logical foundations of cyber-physical systems. https://doi.org/10.1007/978-3-
319-63588-0
Settle, B., Otasek, D., Morris, J. H., & Demchak, B. (2018). Copycat layout: Network layout
alignment via Cytoscape automation. F1000Research, 7,
822. https://doi.org/10.12688/f1000research.15144.1
Sohrabi Safa, N., Von Solms, R., & Furnell, S. (2016). Security policy compliance model in
firms. Computers & Security, 56, 70-82.
Zaffar, E. (2019). Cybersecurity. Understanding Homeland Security, 399-
439. https://doi.org/10.4324/9780323296243-8
