Company Is a Reputable Organization

¶ … company is a reputable organization that offers payroll services to 600 businesses across the United States, and our clients are connected to our Data Center via dedicated circuits. Based on the nature of our business, we are required to deliver a secured data transmission and security boundary to our payroll system within our data center and to the router of each client's network system.

Objective of this paper is to design various techniques to develop a high level Data Center that would consist of security architecture baseline. Information system security is a measure to reduce various threats susceptible to the network and information devices. The network and information security systems that our company intends to design are to protect electronic information transmitted across the network. Thus, the report designs high-level security devices to protect to our architectural systems.

High Level Security Devices

The layout of our Data Center architecture consists of four server farms, which include:

Mail Server Farm

Web Server Farm

Application Server Farm, and Database Server Farm.

The servers require high-level security to protect our sensitive information and client's information. Our organization will employ the following security devises to protect our Data Center:

Firewall

IDS (Intrusion Detection System)

IPS (Intrusion Prevention System )

Firewall is one of the security mechanisms to protect an organizational network. "Firewall is a gateway that enforces a boundary between two networks and that is used to isolate, filter, and protect local system resources from external connectivity by controlling the amount and kinds of traffic that may pass between the two." (Communication Security, 2007 P. 5). A firewall prevents unauthorized individual to have access to the organizational network resources. Typically, firewall uses different strategies to protect organizational network resources. First, firewall blocks a suspicious network that attempts to penetrate into a company's network resources. Moreover, firewall has ability to filter outgoing and incoming data to protect the company network resources.

Our company will take the advantages of firewall security platform to protect our Application Server, Web Server Farm, Mail Farm and Database Server Farm. To enhance effective security protocol of our network resources, our company also integrates intrusion detection system. Our firewall will assist us to filter the traffic, and "filter or block traffic based on properties of the data communications stream including Traffic Control Protocol (TCP) state, source and destination, conformance with authorized communications protocols, data types embedded within the data communications stream, and contents of the data communications stream. For example, filters may be used to block traffic to or from prohibited IP or MAC addresses or TCP ports." (Communication Security 2007 P. 12).

Intrusion Detection System

Detection control is the second line of security defense for our architectural system. Detection control is critical to our security system to detect whether the security incidents have actually occurs in our information systems.

Prevention control is also very critical for the enhancement of security system. The prevention control such as IPS is an effective tool to prevent an unauthorized access to the company architectural devises. The IPS is used to prevent unauthorized access to it to enhance confidentiality, availability and integrity of the data within the company's information systems.

As being revealed in our company architectural diagram, our company will be connected to the internet that would assist in transmitting and receiving data across the network system. To protect out our system from the negative impact of the internet traffic, the IDS will be installed near the internet network to detect unauthorized network incident. Moreover, the firewall will be used to protect the Mail Server Farm and Web Server Farm. The second IDS will be used to detect unauthorized incidents in the Application Server Farm and Database Server Farm.

Apart from the Firewall and IDS for the network security, the company will also integrate encryption system to protect the company network devices.

Encryption

Encryption is very effective for enhancing security devices of our information systems. The encryption system will assist in enhancing confidentiality and integrity of our information systems. More importantly, encryption will be effective in enhancing our network security because it will protect our system from network-based attacks such as eavesdropping and replaying messages. Typically, the encryption solutions will be integrated at application layer because encryption will assist the integrity of data transmitted across our information system. The encryption will change the data transferred across the information system into unreadable texts so that an unauthorized individual will not have access to our data. With the public key system, we will be able to decrypt the text to have access to the data. (Data Center Fabric, 2013).

3. Identification of the Boundary of the Data Center and the client's boundary location

Representation

The company will set an IP address range that we will use as the boundary for the Data Center. The IP address range will be combination of IP addresses of our staff and our clients. Our system will also allow the IP addresses of all the trusted external parties into our data Center. To enhance maximum protection of our information system, we will assign unique IP addresses to:

Mail Server Farm

Web Server Farm

Application Server Farm, and Database Server Farm.

We will also assign unique IP address to each of the computer of our staff, which will assist us to set the boundary of our Data Center. All our boundaries will be configured in the System Center 2012 Configuration Manager, and the boundary will be configured in the Configuration Manager console. We will use site assignment to find appropriate site to join and this is based on the client's current network locations. (Microsoft (2012).

To protect our information systems, there will be access control to limit access to our sensitive resources that would assist in limiting communication protocol used within our location. The access control will also be used limit the impact of network failures. To ensure boundary protection of our network and manage the risks associated with our network backdoors. We will ensure that: