This paper presents a high-level security architecture design for a payroll services company managing dedicated network connections for 600 business clients. It identifies and evaluates key security mechanisms — including firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), and encryption — deployed to protect four server farms within the company's data center. The paper also addresses boundary identification, IP address assignment, and access control strategies used to separate and secure the data center perimeter from client networks. Together, these measures form a layered defense strategy aimed at ensuring the confidentiality, integrity, and availability of transmitted payroll data.
Our company is a reputable organization that offers payroll services to 600 businesses across the United States. Our clients are connected to our data center via dedicated circuits. Based on the nature of our business, we are required to deliver secured data transmission and a security boundary to our payroll system within our data center and to the router of each client's network system.
The objective of this paper is to design various techniques to develop a high-level data center with a security architecture baseline. Information system security is a measure to reduce various threats susceptible to the network and information devices. The network and information security systems our company intends to design are meant to protect electronic information transmitted across the network. This report therefore designs high-level security devices to protect our architectural systems.
The layout of our data center architecture consists of four server farms:
The servers require high-level security to protect sensitive company and client information. Our organization will employ the following security devices to protect our data center: Firewall, IDS (Intrusion Detection System), and IPS (Intrusion Prevention System).
A firewall is one of the primary security mechanisms used to protect an organizational network. "Firewall is a gateway that enforces a boundary between two networks and that is used to isolate, filter, and protect local system resources from external connectivity by controlling the amount and kinds of traffic that may pass between the two" (Communication Security, 2007, p. 5). A firewall prevents unauthorized individuals from accessing organizational network resources. Typically, a firewall uses different strategies to achieve this: it blocks suspicious network activity that attempts to penetrate company resources and filters both outgoing and incoming data.
Our company will leverage the firewall security platform to protect our Application Server Farm, Web Server Farm, Mail Server Farm, and Database Server Farm. To further enhance network security, our company also integrates an intrusion detection system. Our firewall will assist in filtering traffic and will "filter or block traffic based on properties of the data communications stream including Traffic Control Protocol (TCP) state, source and destination, conformance with authorized communications protocols, data types embedded within the data communications stream, and contents of the data communications stream. For example, filters may be used to block traffic to or from prohibited IP or MAC addresses or TCP ports" (Communication Security, 2007, p. 12).
Detection control is the second line of security defense for our architectural system. It is critical to our security posture to detect whether security incidents have actually occurred in our information systems.
Prevention control is also very critical for enhancing our security system. The IPS is an effective tool for preventing unauthorized access to company architectural devices, and it is used to enhance the confidentiality, availability, and integrity of data within the company's information systems.
As shown in our company's architectural diagram, our company will be connected to the internet to facilitate transmitting and receiving data across the network. To protect our system from the negative impact of internet traffic, the IDS will be installed near the internet connection to detect unauthorized network incidents. The firewall will be used to protect the Mail Server Farm and Web Server Farm. A second IDS will be used to detect unauthorized incidents in the Application Server Farm and Database Server Farm.
Apart from the firewall and IDS for network security, the company will also integrate an encryption system to protect company network devices.
Encryption is highly effective for enhancing the security of our information systems. The encryption system will assist in ensuring the confidentiality and integrity of our data. More importantly, encryption will strengthen our network security by protecting our systems from network-based attacks such as eavesdropping and message replay. The encryption solutions will be integrated at the application layer, where they will protect the integrity of data transmitted across our information systems. Encryption converts transferred data into unreadable text so that unauthorized individuals cannot access it. With a public key infrastructure, we will be able to decrypt the text when authorized access is required (Data Center Fabric, 2013).
"IP addressing, boundary configuration, and access control policies"
Integration of effective security systems is very critical to enhancing data integrity. This report demonstrates the strategy that will be employed to protect our information systems from unauthorized access. The paper identifies IDS as an effective tool to detect unauthorized activities in our network system. We will integrate IDS to detect activities that are not authorized, and we will use a firewall to block all undesirable traffic from our system. Using the high-level security devices discussed in this paper, we will be able to achieve a robust, layered security posture for our data center and client-facing systems.
You’re 70% through this paper. Sign up to read the remaining 1 section.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.