Network Security for Vonnie's Distribution Services
Objective of this project is to design network solution and security system for the Vonnie's Distribution Services. The company is considering expanding from the first floor to the third floor within the next few years and the management asks the company Chief Information Officer (CIO) to design a stable, scalable and reliable network security and infrastructure. However, justification of the relationships between security and infrastructure is very critical for the design of the network system.
Justification and Support of the Relationship between Security and Infrastructure
In the network environment, organizations are faced two security problems concerning network infrastructure:
Noisy threats and Quiet threats.
Noisy threats are the network threats that interfere with a company network infrastructure, which could disrupt organizational business operations. On the other hand, quiet threats are the threats that cause real damage to the network infrastructure. The noisy threats include network attack through worms, virus, and spam. This type of attacks causes real damage to the network infrastructures, which could consequently disrupt business operations and productivity. However, the noisy threats can be visible. For example, when a CIO sees hundred of spam messages in his or her mailbox, the solution is to install anti-spam software in the network system.
However, quiet threats are more dangerous than the noisy threats, because this type of threats could involve data theft, which can go undetected for years. Network intruders can use different techniques such as unauthorized access attacks, network sniffing, and eavesdropping, when eventually discovered, an organization may not be able to calculate the material damages from the threats. In many cases, the data theft can include theft of customers' credit card information and theft of other sensitive information that could reach millions or billions of dollars depending on the size of an organization. The only solution to prevent both quiet and noisy threats from our network infrastructure is to integrate effective and efficient security systems into our network system to protect our organization from loss of data. (Verma, Sharma, & Mishra, 2012).
Intruders could gain access into our network infrastructures through our routers and servers. Thus, our organization is required to invest in the data and network security to enhance a secured and scalable network infrastructure. Typically, network security is very critical for our network infrastructures because integrating of security tools will enhance our risk management technique. Integration of risk management tool will assist our organization to limit the risk to our network systems.
Essentially, our business operation will require our organization to collect customer data such as credit card information, and other sensitive information such as bank account information, and our top policy is to protect our database from external intruders who may take advantages of our network upgrading to steal sensitive information. Our organization could lose large number of customers if we allow intruders to steal customers' data. Apart from the loss of revenue, and market advantages, our organization could face lawsuits for failing to protect customer's data. Thus, it is our obligation to design a scalable and secured network system using effective security systems to protect our network infrastructures.
Meanwhile, effective network security design is critical to enhance security of network system. The next section discusses the rational of physical and logical layout of our network infrastructures.
Rational for Physical and Logical Topography of our Network
A network is defined as group of software components and hardware devices necessary to enhance network connection within our organization. Our hardware component will consist of switches, hubs, cabling, phone lines and printer, and these devices are very critical for our networking environment. On other hand, software components will enhance effective communication system among our hardware devices. However, logical and physical layout of our network infrastructure is vey critical for our network system. The physical topography of our network refers to the physical design of our network infrastructures. Effective design of network topology will assist effective communication among users of our network system. Moreover, logical infrastructure of our network will consist of all software components required to enable network connectivity among the hardware devices, which will enhance effective network security system. Our network logical infrastructure will consist of:
Network services end protocols.
Essentially, the logical component of our network typology will define number of important elements in our network infrastructure, which include:
Security system of our network
Speed of network connectivity, and Type of connection that will be established.
Design a Physical and Logical topographical Layout of the Planned Network Security System
The Fig 1 reveals our physical and network topology of our network infrastructure that also reveals the security configuration of our network system which focuses on high scalability, reliability, availability, feasibility and low latency.
Fig 1: Design a Physical and Logical topographical Layout of the Planned Network Security System
Typically, the system design provides the following security system:
Device hardening and Computer hardening.
Network security system includes the integration of network security infrastructures such as firewall, IDS (Intrusion Detection System), IPS (Intrusion Prevention System) and integration of network protection equipment such as routers and switches. On the other hand, the physical security will be designed to limit the access of people to the company hardware location. There will a physical restriction to devices such as the control panels, control rooms, network devices, and the cabling. Only the authorized persons will be allowed to get access to the company network devices. Computer hardening is another security device, which include integration of antivirus software and patch management for our security system. The security system will include removal of unused protocols, application and services. Application security will also be integrated and this includes authorizations, authentication, and software auditing. Finally, device handling will include restrictive access and change management.
As being revealed in the network diagram, the firewalls are installed to protect the company network infrastructure from the external intruders who may want to use the internet to penetrate into our company network infrastructure. The intrusion detection system will be installed to detect unauthorized access into our network system. Similarly, intrusion prevention system will be installed to prevent an authorize access to the company network infrastructure. As part of the network security system, we will make available for the data backup in case of the human and natural disaster that could cause damage to our data. The back-up system will assist our organization to continue operations few days after the disaster.
Added to the integration of the security system into our network infrastructure, we will also need to design a comprehensive' security policy that will enhance maximum security of our network system.
Comprehensive Security Policy
Apart from series of security system discussed in the previous section, we will need to design a comprehensive security policy to protect our network system. "A security policy comprises a set of objectives for the company, rules of behavior for users and administrators, and requirements for system and management that collectively ensure the security of network and computer systems in an organization." ( Paquet, 2013, p 1).
As part of our comprehensive policy, there will an "acceptable use policy (AUP) that defines the acceptable use of equipment and computing services, and the appropriate security measures that employees should take to protect the corporate resources and proprietary information." ( Paquet, 2013, p 1). For example, it will be mandatory for all our employees not to share their passwords with external parties. (NCHICA, 2013). Moreover, it is mandatory for all employees to protect their computer system with strong password with combination of capital letter, small letters and numbers. All employees must be obliged to change their password every quarter to enhance effective security system. Thus, our policy is to enhance confidential of our data to ensure that unauthorized individuals do not share our data and information.
This section provides the project plan that reveals the project:
Customize network security policy,
Network security testing.
Based on the project plan in the Appendix 1 and II, the project will take approximately 3 months to complete starting from February and finish in May.
Verma, P. Sharma, P. & Mishra, S.K.(2012). Dropping of Call Due to Congestion in Mobile Network. Journal of Computer Applications (JCA), V,(1): 26-30.
Paquet, C. (2013). Network Security Concepts and Policies, Cisco Press.
NCHICA, (2013).Sample Information Security Policy, North Carolina Healthcare Information & Communications Alliance, Inc.
Appendix 1: Project Plan
Appendix 2: Project Plan
Prepare project goals and objectives
Project manager, IT staff
Review project goals and objectives
Project manager, IT staff
Review and recap proposals and contracts
Assess opportunities and risks
Identify constraints and other obstacles
Project manager, IT staff
Identify required nonhuman resources
Review scope of project
Identify the procedure for monitoring and evaluation of the project