Introduction
In this three-part assignment, you will apply the various concepts you have learned throughout this course to the design of the single most secure network possible, capable of supporting three IT services: e-mail, file transfer (centralized), and VPN. After you have fully designed your network, you will need to provide three data flow diagrams explaining how your designed network handles three different transactions:
- The first datapath diagram should show an internal user sending an e-mail with their corporate e-mail address to a user on the Yahoo domain with an arbitrary address of [email protected].
- The second datapath diagram should show a user initiating an FTP session from inside your network to the arbitrary site of ftp.netneering.com.
- The third datapath diagram should show an externally located employee initiating a VPN session to corporate, in order to access files on the Windows desktop computer DT-Corp534-HellenS at work.
The specific course learning outcome associated with this assignment is:
- Recommend solutions, products, and technologies to meet business objectives.
Instructions
Part 1
Use Microsoft Visio or an open-source alternative to:
- Create a diagram showing the overall network you have designed, from the user or endpoint device to the Internet cloud; following the access, core, and distribution layer model; depicting at least four-fifths of the necessary network components; and citing specific, credible sources that support the design. Include the following, at a minimum:
- An authentication server (Microsoft Active Directory).
- Routers.
- Switches and/or hubs.
- Local users.
- Remote users.
- Workstations.
- File share (CIFS).
- Mail server.
- Web servers (both internal and external).
- Firewalls.
- Internet cloud.
- Web proxy.
- E-mail proxy.
- FTP server (for internal-to-external transport).
Part 2
Use Microsoft Visio or an open-source alternative to:
- Create a datapath diagram for the following e-mail transaction:
- A local (corporate) user, with the e-mail address [email protected], sends an e-mail to a Yahoo recipient at [email protected].
- Document and label the diagram showing the protocols and path of the data flow as data traverses through your network from source to destination.
- Show user authentication when necessary.
- Cite specific, credible sources that support the diagram.
- A local (corporate) user, with the e-mail address [email protected], sends an e-mail to a Yahoo recipient at [email protected].
- Create a datapath diagram for the following file transfer transaction:
- A local user, Jonny Hill, transfers a file, using FTP, through the Internet to another company’s site (ftp.netneering.com). He has to access the secure shell, using his active directory credentials, to authenticate the FTP server (Linux running Redhat) on the DMZ. He needs to transfer files from his desktop across the Internet to ftp.netneering.com.
- Document and label the diagram showing the protocols and path of the data flow as data traverses through your network from source to destination.
- Show user authentication when necessary.
- Cite specific, credible sources that support the diagram.
- A local user, Jonny Hill, transfers a file, using FTP, through the Internet to another company’s site (ftp.netneering.com). He has to access the secure shell, using his active directory credentials, to authenticate the FTP server (Linux running Redhat) on the DMZ. He needs to transfer files from his desktop across the Internet to ftp.netneering.com.
- Create a datapath diagram for the following VPN transaction:
- A remote user, Hellen Stover, connects, via VPN, from home through the Internet to her corporate desktop, DT-Corp534-HellenS. Hellen uses a browser to initiate her VPN connection. By going to https://VPNaccess.corp534.com, she arrives at a login page where she needs to authenticate using her Active Directory credentials before the VPN tunnel is built.
- Document and label the diagram showing the protocols and path of the data flow as data traverses through your network from source to destination.
- Show user authentication when necessary.
- Cite specific, credible sources that support the diagram.
- A remote user, Hellen Stover, connects, via VPN, from home through the Internet to her corporate desktop, DT-Corp534-HellenS. Hellen uses a browser to initiate her VPN connection. By going to https://VPNaccess.corp534.com, she arrives at a login page where she needs to authenticate using her Active Directory credentials before the VPN tunnel is built.
Part 3
Write a 6–10 page paper in which you:
- Explain the function and configuration of at least four-fifths of all required network devices, citing specific, credible sources.
- Authentication server (Microsoft Active Directory).
- Routers, switches, and/or hubs.
- Local and remote users.
- Workstations.
- File share (CIFS).
- Mail server.
- Web servers (both internal and external).
- Firewalls.
- Internet cloud.
- Web proxy.
- E-mail proxy.
- FTP server (for internal-to-external transport).
- Explain how the overall network design protects the organization from both inside and outside attacks, addressing all required network design features and considerations and citing specific, credible sources that support your assertions and conclusions. Address:
- Physical and virtual access.
- Logging requirements.
- Security policy.
- Firewalls.
- Proxy servers.
- The VPN tunnel.
- DMZ isolation.
- User authentication.
- Distribution of layer routers and switches.
- Explain how your layered design compensates for possible device failures or breaches in network security, addressing all key design features and considerations and citing specific, credible sources that support your assertions and conclusions. Include:
- Load balancing.
- Swappable devices.
- Standby backup devices.
- QoS prioritization.
- Vendor support for core and services.
- Explain how to make the file transfer process more secure, fully addressing FTP security risks and how specific FTP replacement devices add protection, clearly delineating the features of each device, and citing specific, credible sources that support one’s assertions and conclusions.