DESIGN AND IMPLEMENT A SECURE INFORMATION AND NETWORK INFRASTRUCTURE

Part A

For this part you are required to design and implement a secure information and network infrastructure that ensures high availability, reliability, scalability, performance and security to support the City of Yule current and new services. This requires:

1.In line with Yule’s aspirations, redesign the network to cater for the needs of a smart city.

2.Delivery of a comprehensive network security plan.

3.Security technology implementation

4.Proof of concept.

The following is the breakdown of the tasks for part A.

Part A - 1. Network Redesign

The new network proposal should be justified in terms of traffic, reliability, performance, availability, and scalability that best cater for the needs of business and services operations

Specifically for this redesign, take into account the following:

1.Traffic generated by the hosts: clients, servers and backup devices.

2.Appropriateness of WAN links to support current traffic and forecasted growth.

3.Appropriateness of WANs. What WAN protocols would you use?

4.Appropriateness of wired LANs and Wireless LANs to support future growth.

5.Would you use VPNs? Why?

6.The specifications of networking devices including routers and switches at each site or location (wired and wireless).

7.IP address allocation of each network and main network devices. Use CIDR format (x.y.z.t/n).

8.Sub-netting to separate traffic including IP address allocation.

9.Firewalls positioning and strategy. Would you use separate packet filtering and routing?

10.Would you consider Proxy servers? Why?

11.DMZ configuration.

12.Firewalls Access Control Lists.

13.Network diagram for both logical and physical topologies showing devices; and IP addresses for the main clients, hosts, servers and network devices.

14.Provision of data encryption to secure data travelling between internal and external networks.

Part A - 2. Comprehensive Network Security plan

The network security plan should contain an executive summaryand as minimumthe following items:

1. Introduction outlining theimportance of the plan and its purpose. Your introduction should also provide a brief description of the components of the proposed network security plan in terms of the City of Yule’s needs.

2. Scope outlining the areas of the City that the Plan applies. The scope also relates to the breakdown of the tasks that are needed to make sure that the network is secure.

3. Assumptions documenting any assumptions you have made in order to prepare the plan. There are things that might not be clear from the case study, hence you have either to consult with the mentor or assume them in a reasonable way with a clear justification.

4. Clear and concise statementsabout what the Security Plan is designed to achieve. This statement must relate the business and technical goals of the City.

5. Summary and analysisof the City’s risks, highlighting the current threats, challenges and vulnerabilitiesalong with an assessment of current security environment and treatments in place. This is perhaps the most important component of the security plan. It

includes the complete assessment of each of the network assets (computer hardware, PCs, servers, application and system software, network devices, employees, partners and the like) and its importance for the normal operation of the network services. The analysis also investigates the vulnerabilities of each asset and its associated threat that might exploit those vulnerabilities.

6. Network Security policiesto address all possible network attacks and vulnerabilities. Note that these policies address the likely issues that might occur during the transmission of the data through the network.

7. Information Security policies to address unauthorized and misappropriate use of City’s data and software applications. Note that these policies address the likely issues that might occur during the storage and processing of the data.

8. Disaster recovery and Business continuity plans.

9. Security Strategiesand Recommended controlsincluding security policies. The recommended controls are the action points you are to put in place to mitigate the risks you uncovered as part of your risk analysis.

10.In practice, achieving total information and network security in the City is impossible. Residual risksthat remain after all possible (cost-effective) mitigation or treatment of risks should be taken into account. Your security plan should estimate, describe and rate these residual risksto guide the priorities for ongoing monitoring of risks.

11.Resources for implementing the recommendation. This should include any type of resources like humans, communities of practice, quality audit groups, and the like.

Part A - 3. Security Technology Implementation

As part of the security technology implementation and in line with the recommended controls mentioned above in the network security plan (item 9), you need to provide the complete design of the following:

1.Data backup and recovery technology including the procedures for backup and recovery. You need to provide the strategy of the backup, technical details, specifications and functionalities of the recommended backup technology.

2.A proper authentication and authorisation system that takes care of highly secured roles and permissions to access, share, download, upload files and folders. This should include authentication for wireless and mobile services as well (work at home - WAT and bring your own device - BYOD). You need to provide the complete details of the recommended technology including the product and vendor specifications.

3.File, Web (and secure Web), Mail (and secure Mail including spam email prevention), DHCP, DNS and Domain Controllers. Make sure you address all these services. For example, you may suggest Apache HTTT Server as the Web server software. If that is the case, then you must describe the full configuration of the Apache HTTP Server and the application architecture used including the load balancer, replica web server, and data server (if you

Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity

7

opt for a three-tier architecture for example). Again you need to provide details of the software vendor and recommended hardware to run the service.

4.Hardening of servers described above in section 3. All the services need to be hardened with products as recommended in the network security plan.

5.Network security including DMZs, Firewalls, Intrusion Detection and Prevention Systems (IDSs and IPSs) fully configured

For the five (5) items above, you need to justify your recommendations (chosen technology) in terms of cost, reliability, maintainability, performance and scalability. As mentioned, for each technology, make sure to provide details of the vendor, and the version of hardware and software.

Part A - 4. Proof of concept

As part of the project requirements, you are required to implement and test at least three of the recommended controls suggested in the security technology implementation section above. The solution should address current City of Yule needs, including the installation of the software, configuration of the system, and developing of test cases to check the complete functionality of the system. Discuss with your mentor all the possible options as soon as possible. Do not wait until the end of the term to do this task.

For the proof of concept, it is mandatory that you include the documented results (procedures and screen dumps) of various network security attacks tests (such as Network Penetration Tests) as part of your final project report. You may use your choice of security software/tools (including freeware open software systems) and operating systems (Windows, Linux, or Ubuntu) in a virtualised environment to build and simulate the security tests. You are required to demonstrate your implementations at the end of the term using your own equipment.

Part B

For Part B, your task is to write two separate short reports (1000 words each) to recommend the City of Yule Council on:

1.Automation of Car Parking Revenue Control System

2.Council Elections via Online Electronic Voting

For 1 and 2 above, you need to provide a feasibility study, focusing primarily in security. The reports should include: a) requirement analysis, b) cost-benefit analysis, c) risk analysis, and d) final recommendation.

In researching about 1 and 2, take into account these applications deal with critical infrastructure, that is to say, assets that are essential for the functioning of a society and economy. These applications are likely to be the target of sophisticated and powerful cyber attacks, therefore it is essential you address these cybersecurity issues in the two reports.