lawrence cis590 assign 5

8/13/2019 Lawrence CIS590 Assign 5

1/11

1Network Infrastructure and Security

Network Infrastructure and Security

Directed Research Project CIS 590

Dr. a!es ". #ukira

$awrence #u%inda

une& 0'& (01)

1


2/11

( Network Infrastructure and Security

justify and support the relationship between infrastructure and security as it relates to this

data-collection and analysis company.

*or a data co%%ection and ana%ysis co!+any& the data is their !ost ,a%ued asset. -ence its security

shou%d e of ut!ost i!+ortance to the co!+any. /he o,era%% ,a%ue of the data de+ends on its

contet i.e.& how it is used& how often it is used& what ,a%ue it deri,es for the co!+any and so on.

/he ,a%ue of Infor!ation /echno%oy to any co!+any is its ai%ity to store& +resent& !anae&

ana%y2e and +rotect the data to su++ort the co!+any do its usiness o+erations with the he%+ of it.

So!e ty+es of data ha,e inherent ,a%ue for ea!+%e +rofi%es of a %are nu!er of custo!ers.

So!e data ha,e deri,ed ,a%ue for ea!+%e3 %are a!ount of data re%atin to custo!er4s uyin

eha,ior ana%y2ed usin socia% !edia too%s durin the +eriod of %ack *riday. So!e data !iht

e worth !ore and so!e data wou%d e of %esser ,a%ue. Data co%%ected and ana%y2ed fro! ,arious

sources re%ated to custo!er satisfaction and feedack& sa%es entice!ents& co!+etiti,e

differentiation etc a%% ha,e ,a%ue. -owe,er the u%ti!ate ,a%ue of the data is uite co!+%icated as

it4s ui%t fro! a co!+osite of a%% these su6dates. 7hen !ore and !ore +eo+%e within the

co!+any access the data and deri,e infor!ation out of it& !akes the data !ore ,a%ua%e.

-ow ood the data is secured& de+ends on ,arious factors and one of the iest factors is he I/

infrastructure of the orani2ation. *o%%owin are so!e reasons throuh which we can deter!ine

the re%ation etween infrastructure and data security 8

a $oss of data confidentia%ity8 /he data which is ein trans!itted o,er a network is a%ways at a

risk of ein ea,esdro++ed y an unauthori2ed +arty. /he weak contro%s o,er access to the

co!+any network !iht resu%t in data stored on the co!+any:s ser,ers and workstations suject

to unauthori2ed access.

$oss of data interity8 If the network nodes are not setu+ +ro+er%y and secured& the data in

(


3/11

)Network Infrastructure and Security

transit etween these network nodes !ay e !odified de%ierate%y or otherwise. /his wou%d

resu%t in the Data !ay e !odified in transit etween network nodes& de%ierate%y or

otherwise. /his !iht resu%t in the syste! recei,in the data +rocess it incorrect%y or +erha+s

!a%icious data !iht et trans!itted. -owe,er the end resu%t is a %oss for the co!+any.

c Denia% of Ser,ice8 /he network infrastructure of the co!+any re%ies on the continued

functiona%ity of a%% the network %inks that connects to its co!+onent codes. /he disconnection of

a network or s%owdown of a network %ink !ay +re,ent the syste! fro! +ro,idin necessary

ser,ices for the data ana%ysis and co%%ection +rocess to effecti,e%y continue.

d Syste! co!+ro!ise8 /he network infrastructure inc%udes routers& #ode!s& DNS Ser,ers&

other co!!unication and connecti,ity de,ices are at risk of ein co!+ro!ised and their

resources ein used y unauthori2ed +arty for i%%eiti!ate +ur+oses as denia%6of6ser,ice ;DoS

attacks or andwidth theft occurs.

Present the rationale for the logical and physical topographical layout of the planned

network.

Current 6


4/11

> Network Infrastructure and Security

Design a logical and physical topographical layout of the current and planned network.

Current 6 Physica% %ayout

>


5/11


$oica%

P%anned Physica%

$oica% is !ore or %ess sa!e %ike that of current4s %oica% diara! which !ore nu!er of de,ices and

wirin.

5


6/11

' Network Infrastructure and Security

Illustrate the possible placement of servers.

?nhanced a,ai%ai%ity and resi%iency 6 -ardened de,ices are +%aced as shown in the fiure so as

!ake sure that co!+any has o+ti!a% ser,ice a,ai%ai%ity and re!o,e any syste! and interface6

ased redundancy.

Network *oundation Protection 6 @s shown in the fiure& de,ice hardenin& and contro% and

!ana!ent +%ane +rotection is ensured throuhout the entire infrastructure to !ai!i2e

a,ai%ai%ity and resi%iency.

Pu%ic Ser,ices D#A 6 /his +ortion de+icts the +%ace!ent of de,ices to ensure end+oint ser,er

+rotection& intrusion +re,ention& statefu% firewa%% ins+ection& a++%ication dee+6+acket ins+ection

and DDoS +rotection.

Secure !oi%ity 6 Bnder this& PN +rotection is a +riority for !oi%e users. It +erfor!s the

+ersistent and consistent +o%icy enforce!ent inde+endent of %ocation of staffs. It interates we

security and !a%ware defense syste!s.

Interna% @ccess 6 /he eui+!ents are arraned as shown in fiure to ensure e!ai%6we security&

statefu% firewa%% +re,ention and %oa% corre%ation and ranu%ar access contro%.

/hreat detection and !anae!ent 6 this +art ensures intrusion +re,ention and infrastructure

ased te%e!etry so as to identify and !itiate threats.

?de +rotection 6 /his +%ace!ent ensures traffic fi%terin& routin security& firewa%% interation

and IP s+oofin +rotection to discard ano!a%ous traffic f%ows& +re,ent unauthori2ed access and

%ock i%%eiti!ate traffic.

Create and describe a comprehensive security policy for this data-collection and analysis

company.

'


7/11

Network Infrastructure and Security

C%assification of Data

@ny co!+any4s user ha,in authoritati,e access to data of the co!+any !ay& !odify data4s

c%assification. /he user !ay e in a +osition to chane c%assification of data if there are sufficient

and justifia%e reasons of doin so. Resources doin so wi%% e he%d strict%y res+onsi%e for their

chanes. 7hen a new data is created& it shou%d e c%assified as ECo!+any =n%yF data ti%% it user

rec%assifies it as +er one4s !odifications. Bsers are he%d strict%y for any chane in c%assification

they do.

C%assifications for eistin co!+any4 data are i,en e%ow8

Co!+any4s usiness infor!ation ;!e!os& financia% docu!ents& +%annin docu!ents etc

shou%d e c%assified as GCo!+any =n%yG3

Co!+any4s custo!er data ;contact detai%s& contracts& i%%in infor!ation etc shou%d e

c%assified as GCo!+any =n%yG3

Network !anae!ent data ;IP addresses& +asswords& confiuration fi%es& etc. shou%d e

c%assified as GConfidentia%G3

-u!an resources infor!ation ;e!+%oy!ent contracts& sa%ary infor!ation& etc. shou%d e

c%assified GConfidentia%G3

Pu%ished infor!ation ;+a!+h%ets& +erfor!ance re+orts& !arketin !ateria%& etc. shou%d

e c%assified GSharedG3

?6!ai% etween Co!+any4s e!+%oyees shou%d e c%assified GCo!+any =n%yG3 and&

?6!ai% etween Co!+any4s e!+%oyees and non6Co!+any e!+%oyees shou%d e rearded

as GBnc%assifiedG.


8/11

H Network Infrastructure and Security

C%assifications8 Ro%es and Res+onsii%ities

1. Res+onsii%ity of the user to8

o "now one4s own c%earance %e,e% and to understand what are the rihts and

%i!itations associated with that c%earance

o ?nsure a%% the data one4s oin to work on is correct%y c%assified3

o ?nsure one is fa!i%iar with the restrictions associated with the data one4s

workin on and

o ensure a%% the data one works with is +rotected +ro+er%y.

(. Res+onsii%ity of a%% syste! owners and syste! ad!inistrators to8

o deter!ine the security %e,e% for a%% users.

o +ro+er ,erification of the eui+!ent user is oin to work with.

o insta%%ation of the eui+!ent.

). Res+onsii%ity of each di,isiona% !anaer is8

o ettin a++ro,a% on c%earance for e!+%oyees.

o C%arifyin the c%assification of data on syste!s.

o C%arifyin the c%assification of eui+!ent.

o Bnderstandin and i!+%e!entin the +o%icy.

>. Res+onsii%ity of the Security =fficer to8

H


9/11


o a++ro,in a%% c%assifications

o #aintainin a %ist of a%% c%assifications

o @++ro,in the fina% %ayout of the co!+any4s network.

o contro%%in and !anain a%% trusted +oints

Co!+%iance

1. @ny unauthori2ed user accessin data& de,ice& eui+!ent or a %ocation with insufficient

+ri,i%ees can face disci+%inary action.

(. @ny user who is a%%owed to access a syste! that heJshe contro%s on eha%f of so!eone

e%se with insufficient c%earance can face disci+%inary action.

). @ny +erson who is tryin to connect to an eui+!ent for which one is not c%assified to

access the network with an ina++ro+riate +art of the network can face disci+%inary

action&

>. @ny +erson who is trans!ittin data o,er the network without s+ecific +ri,i%ees can

face disci+%inary action.

9


10/11

10 Network Infrastructure and Security

References

1. @!ies& @%e3 S%ui!an& -ar! ;(01(. GInfrastructure as a Ser,ice C%oud Conce+tsG.

De,e%o+in and -ostin @++%ications on the C%oud. I


11/11


). !urban" #$ %ing" D &'(()*. +Chapter , uilding #-Commerce /pplications and

Infrastructure+. #lectronic Commerce / 0anagerial Perspective. Prentice-1all.

p. '2.

>. oors%uys& 7i%%ia! &'(,,*. +Introduction to Cloud Computing+. In R. uyya" 3.

roberg" /.4oscinski. Cloud Computing Principles and Paradigms. 5ew 6ork"

78/ 9iley Press. pp. ,:;;. I85 2)-(-;2(-))2-).

11

lawrence cis590 assign 5

Documents