Policy Management For Security Solutions
NETWORK DESIGN 2
Grand Canyon University
CYB 535—0500 Policy Management for Security Solutions
August 10, 2021
Running head: NETWORK DESIGN 2
The Network Diagram explains how Firewalls, IDS/IPS, DMZ, Vlans, Border and Gateway routers, private IP addressing, Isolated Server Subnets, Network Access Control, and VPN concentrators are designed. It is critical to have each of these devices and know where to place them within the organization. Also, explain and justify the secure network design of the elements and provide details of the “layered security” in the diagram. I have created a network diagram that explains how to make the design by knowing where to place devices like corporate firewalls, routers, the IPS, and others in the network. As usual, it is paramount to have every device placed in its correct and respective places in the network designed for the enterprise.
The security for the network design has been explained, and how the layered security has been implemented in the system. In the network diagram that I have drawn, the cloud will be included to start with, in which we have two routers connected to it. One Router will be given an IP address to connect to the security device that is DMZ as subnet 1 in our case. Router number two associated will be given an IP address but in this case for connecting to the VPN, which acts as the second subnet. We will have a firewall in the VPN concentrator and other various devices in which each device will have a private IP address set as class B and will be made on every device. In the DMZ device, we shall include a corporate firewall and an IPS after that firewall. This helps in detecting data that is coming through the DMZ security device. We will also have layer(3) switches in the DMZ consisting of different servers.
The servers will have a web server, and as well there will be another firewall after the servers and another IPS subnet after the corporate firewall. When out of the DMZ area, we will have gateway Routers that will help send packets within the autonomous system. The second Router will connect another switch layer that will connect to different departments same case to the other routers. Each department after that will have a wireless access network design.
The elements in the diagram It will be within the DMZ where the data is stored. The next element would be using the presentation layer of data encryption that translates the application to the network. Users will send a MPEG, JPEG, and TIFF data encryption within the DMZ. Another element would be the session layer that manages the connection. This is provided in the DMZ, which will have to deal with a SQL program. The Transport layer is another element in the diagram, and it would be part of the Border Gateway Router.
The Network Layer’s next element, all the routing in the Border Gateway Router (BGR), will connect and send packets. The data link will have the packets in the BGR from the physical layer. The next element is the Physical Layer which would have all the mechanical devices send to the DMZ. The transport layer is another session that usually acts as a border and gateway in Router through the packet sent in the network. The packet layer is where the packet is contained and is usually from the physical layer. The physical layer is usually the last layer which deals which all mechanical devices
Enterprise network framework based on NIST
· Identification: In this part, the enterprise network implements a risk assessment strategy.
· Protection: The enterprise executes the network access control to ensure that access is denied for unknown or known attackers and only authorized devices can access the network. The network has a firewall, DMZ, to protect from intrusion.
· Detection: The IPS enabled in the network is used to perform detection during an intrusion
· Respond: In this part of the framework, the enterprise makes the response plan by analysis and mitigation.
· Recovery: It includes communication, recovery planning such that the enterprise can improve its current situation.
This network system has been implemented to support and improve security in the enterprise’s network. Some of the various security devices used in the system are DMZ, the corporate firewall, and three-layer switches. These devices ensure the security required by the network implemented in this enterprise and its various departments.
Below is the implementation diagram of our network
Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., & Chandramouli, R. (2001). Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), 4(3), 224-274.
Shen, L. (2014). The NIST cybersecurity framework: Overview and potential impacts. Scitech Lawyer, 10(4), 16.