FOR COMPUTER SCIENCE ONLY

cftins69

ProjectDeliverable5NetworkInfrastructureandSecurity.docx

Home >Computer Science homework help >FOR COMPUTER SCIENCE ONLY

Running head: NETWORK INFRASTRUCTURE AND SECURITY

NETWORK INFRASTRUCTURE AND SECURITY 9

Project Deliverable 5: Network Infrastructure and Security

Charles Tinsley

Dr. Mark Cohen

CIS 599

August 25, 2019

Introduction

The company is on an upward growth trajectory and requires information technology infrastructure to support this expansion. The solution will need to be one that takes scalability into consideration to ensure the company does not have to spend more funds in the future to upgrade. With the growing threat of cyberattacks, security will need to be another important consideration for the development team, with tools to anticipate and respond to security incidents built into the system.

Network Vulnerabilities

In the everyday operations of an information system, traffic will move in and out of the network, with users sending and receiving data. However, within this traffic is the possibility of malicious content attempting to gain entry into the network to cause damage to it. To avoid this, a network administrator will implement a variety of intrusion detection measures to ensure the security of the system. These solutions can, however, fail, and malware can make its way into the network. The biggest reason for this is usually the poor configuration of the security solutions that make easy conduits for malicious content. Intrusion prevention systems like firewalls often work by screening traffic against a database of known threats, blocking any piece of traffic that matches any of these threats. But newer threats that have yet to be included in the database might pass through the security tool uninhibited. It is crucial to carry out regular system scans that will discover weaknesses within the system that should be fixed and updated to reflect emerging threats and vulnerabilities (Cranor, & Garfinkel, 2015).

The adoption of cloud technology tools allows the company to implement a variety of progressive solutions to its workplace like telecommuting, where users can work from home or away on vacation and so forth. There are however issues with such a solution where threats can be introduced into the network from the devices used to access the cloud resources Without these security requirements; these employee devices can be the conduits through which malicious content is introduced into the company network. To amend this situation, it is vital to implement a veritable bring your device (BYOD) policy that will guide how employees will use their devices to access company resources. It should include fundamental security requirements for the devices, as well as recommended tools (Cranor, & Garfinkel, 2015).

Employee turnover is a normal part of the operations of any company, with employees coming in and leaving depending on the needs of the company. Given that each employee is issued with credentials that they use to access the company’s systems, these might be misused. It could be the employee can continue accessing company resources after they have left, or their. Company policy is ideally meant to require that the credentials of a departing employee be deactivated the moment their departure is effective. Leaving the credentials dormant becomes a point of vulnerability for the network since anyone that uses the account might appear legitimate even when they are not (Cranor, & Garfinkel, 2015).

While virtualization allows for the creation of multiple virtual environments that are independent of each other, these are still located within a single server. The failure of such a server will mean the loss of the virtual machines it hosts and all the company processes and applications hosted within those virtual machines. It is vital to have multiple servers that will enable failover solutions for the servers in cases of disaster or downtimes. Offsite backups should also be considered as another measure to lessen the vulnerability of the system (Rittinghouse, 2015).

Logical and Physical Topographical Layout

The physical network will use a star topology solution where network devices will be converging on a central hub. On this hub, they will be able to receive various network resources like access to the cloud, bandwidth, and network security. The star topology will make it easier for these resources to deploy effectively and for network administrators to manage the system more efficiently (Shinde, 2014).

The logical network will be developed under the bus topology, different from the physical topology since their operations are implemented independently of each other. The bus topology is a solution where computers in a network are connected to a central line that acts as a backbone. The computers can then request for resources from this backbone (Shinde, 2014).

Figure 1 - Physical Layout

$C:\Users\Bones\Documents\Mark\Write\babaaeda24aa3798f67ae3548e58bd94e306f661.gif$

Figure 2 - Logical Layout

$C:\Users\Bones\Documents\Mark\Write\lin_bus.gif$

Security Policy

Data confidentiality is when access to a computer resource is limited only to the user with express authorization to do so. The company data with different levels of sensitivity, and therefore, the access controls will differ depending on the data that is accessed. On the other hand, with different users with permissions to access resources within the network, they will have different levels of access granted to them, which will largely depend on the user’s roles and responsibilities within the organization making confidentiality a smooth operation, it will be necessary to classify the data within the company and the employees as well. Data classification will ensure each piece of data has been provided with its level of sensitivity that will determine the kind of access controls to be placed on them. Employee classification will give all users a security profile that will take their job description and provide with varying access privileges within the network. When deciding on privileges to be granted to employees, the principle of least privilege should be used. This is where a user is provided only with the minimum access privileges to network resources that are required to perform their responsibilities. This will ensure the number of users with unlimited access privileges remains the administrators that need them to effectively manage the network (Cranor, & Garfinkel, 2015).

Data integrity is the state of a piece of data remaining safe from undue modification while is being transmitted. A piece of data is said to have retained its integrity if it remains in the same state when it reaches the final recipient as it was when sent by the original sender. The company transmits information daily, whether among the employees of the company, to external partners, customers, and so forth. This information needs to be safe from any actions or situations that would lead to the recipients receiving tainted data. This unauthorized modification of data can be from cyber-attackers that intercept the data while it is being transmitted to their final recipients. They can then distort the data to have it that the recipients get a different message or have access to sensitive information like business secrets.

The information shared by a company, internally or externally is vital to its interests. Some of this is used by senior executives for critical decision making that will influence the company’s strategic vision. As such, any undue modification to the data will lead to these decisions being based on untrustworthy data, with the repercussions going throughout the company. To avoid threats to data integrity, it is necessary to institute actions that will secure the transmission process. One the best ways to do this will be through encryption, where the data is converted to code before being sent. The legitimate is then provided with a key they will use to decrypt the information when it reaches them. This ensures that even the data is intercepted, the unauthorized user will have no way accessing the data without the corresponding key (Cranor, & Garfinkel, 2015).

Availability is the state where a system remains accessible and sufficiently operable to its users. This is important for both employees to access these resources to carry out their responsibilities and the company’s customers access its products and services. For the company to conduct its operations as effectively as possible, it will be necessary that it maintains the availability of these operations. An e-commerce solution where customers shop on its site requires that these customers can access the site at all times and conduct all the activities they need to without downtime or drag. If downtime occurs, the company will lose hours of productivity as well as missed business opportunities in term of sales. It will also damage the company’s reputation by making customers view its services as unreliable, which will hurt future earning potential.

Availability of computer resources can be caused by among others, power failures, system outages, natural disasters, as well as cyberattacks like distributed denial of service (DDoS) attacks. As such, it is crucial to implement a regime of system resilience for the network that will make strong enough to withstand a variety of threats to it without resulting in damages or downtime. Activities like penetration tests can be used to gauge just how much the network can withstand an attack before breaking down. The results of the tests will then be used to implement a variety of upgrades to strengthen the system. But even with tools to ensure the resilience of the network, it will be necessary to provide tools that take into account the possibility of disaster happening. Even with all measures taken, there is still the possibility for catastrophe to occur. In that case, there needs to be a disaster recovery and business continuity plan in place that will act as a response strategy for the event disaster strikes. Regular backups will ensure that the most recent version of the data is available to be accessed in case of disaster (Cranor, & Garfinkel, 2015).

Network Components

Figure 3 - Network Components

$C:\Users\Bones\Downloads\netwk placmnt.jpeg$

Ethics in the Network

Ethics within the network will take the form of an enforced confidentiality clauses in contracts as well as non-disclosure agreements. Once signed, the party will be bound to keep all of the company’s information they interact with confidential. Failure to do so will result in legal proceedings against the offending party (Patrignani, & Whitehouse, 2015). Employees will be required to implement strong passwords that are difficult to hack. This will be after they have been provided with credentials unique to them that should not be shared by any other employee. Strong passwords need to use both alphanumeric and special characters to be effective, with a reasonable length also (Cranor, & Garfinkel, 2015).

References

Cranor, L. F., & Garfinkel, S. (2015). Security and usability: Designing secure systems that people can use. Beijing: O'Reilly.

Patrignani, N., & Whitehouse, D. (2015). Slow tech: bridging computer ethics and business ethics. Information Technology & People, 28(4), 775-789.

Rittinghouse, J. W. (2015). Cloud Computing: Implementation, Management, and Security. Hoboken: CRC Press

Shinde, S. S. (2014). Computer network. New Delhi: New Age International Ltd.