This paper presents a proposed security solution for a multi-location organization's LAN-to-WAN domain. It examines how firewalls serve as the first layer of traffic filtering, how a demilitarized zone (DMZ) isolates untrusted external traffic, and how a public key infrastructure (PKI) ensures encrypted and confidential data transmission across all four facilities. The paper also addresses the importance of regular operating system updates and the procedures for minimizing service disruption during maintenance windows. Together, these components form a layered security architecture designed to enforce organizational policy and protect network integrity.
In order to ensure compliance within the LAN-to-WAN domain, it is vital to have protective and security layers in place. Firewalls, intrusion detection systems, virus scanners, and other protective software provide assurance that an organization's security policies are implemented and adhered to. With multiple locations, large amounts of data are transmitted between all four sites, and this transmission must remain uninterrupted so that employees can perform their duties effectively. Therefore, the security solutions implemented should also incorporate a public key to encrypt and decrypt data. Securing the four locations and enabling reliable data transmission requires an innovative and secure network layout at each site. Compliance across all four locations ensures that the facilities are secure and operating within the established security policy.
The firewall acts as the first layer of protection and filtering for all network traffic and data transmitted at any of the four locations. Firewalls have certain parameters defined within them that are used to analyze all traffic passing through the network (Kaur, Kaur, & Gupta, 2016). A properly configured firewall ensures that any undesirable network traffic is filtered out and not allowed to reach the LAN. All organizational rules and policies are configured into the firewall to protect against network traffic leaving the organization that does not adhere to established policy. This guards against employees sending or transmitting data without following correct procedures, ensuring that all data sent from the organization is properly encrypted. In order to properly configure the firewall, it is first necessary to identify the network components and evaluate the risks they pose. The router also has the capability of blocking internal IP addresses, ensuring that any external network node will only see the public IP address configured on the router.
All data transmitted by a node within the LAN is first scanned by the firewall to ensure that it meets the organization's Acceptable Use Policy (AUP) before it can be transmitted (Budka, Deshpande, & Thottan, 2014). This guards against an internal attacker being able to corrupt or infect other computers within the network or WAN. All endpoints within the organization are uniquely identified by the firewall, and when they are transmitting data, the firewall checks to ensure that the data is not infected before allowing transmission. Once the data has been transmitted, the receiving location's firewall checks to confirm that the data has not been interfered with during transit. Only after the data has passed this analysis will it be allowed to enter the LAN and reach the required endpoint.
Any unwanted network traffic from the WAN is blocked from entering the LAN and directed to the DMZ zone. DMZ stands for demilitarized zone, which is essentially a physical subnetwork that contains and exposes the organization's external-facing services to an untrusted network such as the internet. A DMZ adds an additional layer of security to the organization's LAN, as an external network node will only be able to access what is placed in the DMZ (Nagendra, Yegneswaran, & Porras, 2017). By using a DMZ, the organization is able to trap attackers and monitor their activities in order to determine the intentions behind their attacks. Any untrusted outside traffic is directed to the DMZ, where it can access certain organization services. The applications placed within the DMZ then access the trusted internal network, preventing outside parties from directly reaching the internal network.
"PKI encrypts data across all four locations"
"Scheduled OS updates minimize downtime and data loss"
You’re 53% through this paper. Sign up to read the remaining 2 sections.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.