IntroductionIn this three-part assignment, you will design a secure network infrastructure.The...

Question

IntroductionIn this three-part assignment, you will design a secure network infrastructure.The specific course learning outcome associated with this assignment is:	Plan a deployment of software and/or hardware, including implementation and testing considerations.InstructionsPart 1Use Microsoft Visio or an open-source alternative to:	Create a network infrastructure diagram, incorporating the following devices needed for a secure corporate network, placed where they will work, and citing specific, credible sources that support the design.Note:A web search will provide multiple examples of network infrastructure diagrams.			Web server.			FTP server.			VPN server.			Authentication server.			Anti-virus server (client-based and server-based).			Edge firewall.			Firewall.			Vulnerability scanner.			Intrusion detection system (IDS).			Web proxy.			Edge router.			Core router.			Switch.			Distribution router.				Note:All client-and server-based devices work where a client is installed on a workstation, which has bi-directional communication with a corresponding server.Part 2Write a 6-10 page paper in which you:	Determine the specific devices you will use in the network, including the following information for each device:			Make or vendor's name (for example, Microsoft, Redhat, Cisco, Juniper, Netgear, 3Com).			Model (for example, Windows 7, ASA 5500, Cisco 3500, Squid).			IP address assigned to all devices.				Determine the basic configuration of each network device, citing specific, credible sources that support the configuration.			Research each of the devices you chose and provide a basic configuration you would use in your network.			Use IP addresses to describe your configuration.			Identify the operating system.			Highlight at least five security features and the administrative controls incorporated into each device, including devices in the network diagram.			Explain the impact that each of your configurations has on the security of the entire network.				Explain the elements that must be addressed for planning and testing a network, citing specific, credible sources that support your assertions and conclusions.			Organizational requirements and expectations.			Budget.			Modularity for security and testing.			Naming conventions that facilitate layering and growth.			Determination of required network speed and data capacity.			Vendor support.			Determination of risk and redundancy.			Uptime requirements.			Continuous data monitoring for fault, failure, or security-induced changes.			Load balancing.			Testing for latency.			Bandwidth.			Throughput.			Specific software and tools.				Support your main points, assertions, arguments, or conclusions with at least four specific and credible academic sources synthesized into a coherent analysis of the evidence.			Cite each source listed on your source page at least one time within your assignment.			For help with research, writing, and citation, access thelibraryor reviewlibrary guides.			This course requires the use of Strayer Writing Standards (SWS). The library is your home for SWS assistance, including citations and formatting. Please refer to theLibrary sitefor all supports. Check with your professor for any additional instructions.Part 3Use Microsoft Visio or an open-source alternative to:	Update your initial diagram to create a final network diagram, incorporating at least four-fifths of the devices needed for a secure corporate network and citing specific, credible sources that support the design. Be sure to include vendor information, model information, and IP addresses. In addition, ensure that:			VPN sessions (from a laptop) are only allowed to access the desktops in the IT department by IT department employees.			All VPN connections from the Internet cloud into the corporate network terminate at the VPN server.			Users from Engineering and Finance and Accounting cannot communicate.			Vulnerability scans occur daily, with all desktops scanned at least once per day.			Submission RequirementsAll diagrams and charts you create for the assignment should be included in the paper.

Shubham · Accepted Answer

Introduction
Network planning and testing are considered as phases in creating robust and secure infrastructure. Organizations are relying on interconnected systems and consideration of elements like organizational requirements, budget, modularity, and vendor support becomes essential. This introduction provides with comprehensive exploration of key factors that influence effective network planning and testing. It ensures networks that are efficient and scalable along with resilient against potential threats and disruptions.
Part 1
Part 2
Specific devices use in the network
	Device Name
	Make/Vendor
	Model
	IP Address
	Function
	Web Server
	Apache Software Foundation
	Apache httpd
	10.0.0.10
	Delivers web content to users.
	FTP Server
	ProFTPD
	proftpd-1.3.9
	10.0.0.11
	Enables file transfer using the File Transfer Protocol.
	VPN Server
	OpenVPN Technologies Inc.
	OpenVPN 2.5.5
	10.0.0.12
	Provides secure remote access to the network.
	Authentication Server
	Microsoft
	Active Directory Server 2022
	10.0.0.13
	Verifies user identities and grants access to resources.
	Anti-virus Server (Client-Based)
	ESET
	ESET Endpoint Security
	10.0.0.14 (Management Server)
	Protects client devices from malware threats.
	Anti-virus Server (Server-Based)
	Sophos
	Sophos Central Server
	10.0.0.15
	Scans server traffic and files for malware.
	Edge Firewall
	Palo Alto Networks
	PA-2200
	10.0.1.1 (External Interface)
	First line of defense against external network threats.
	Firewall (Internal)
	Fortinet
	FortiGate 60F
	10.0.1.254 (Internal Interface)
	Controls traffic flow within the network.
	Vulnerability Scanner
	Tenable
	Nessus Professional
	10.0.0.16
	Identifies security weaknesses in systems and applications.
	Intrusion Detection System (IDS)
	Cisco
	Snort 3.1.2.0
	10.0.0.17
	Detects suspicious network activity and potential intrusions.
	Web Proxy
	Squid Software Foundation
	Squid 5.1.21
	10.0.1.2 (External Interface)
	Filters and caches web traffic for improved performance and security.
	Edge Router
	MikroTik
	RouterOS (CCR1009-7G-1C-1S+)
	10.0.1.1 (External Interface), 192.168.1.1 (Internal Interface)
	Connects the network to the internet and other external networks.
	Core Router
	Cisco
	IOS-XE (ISR 4451)
	192.168.0.1 (Internal Interface)
	Routes traffic between different internal network segments.
	Switch (Managed)
	HPE
	Aruba Instant On 1960
	192.168.0.254 (Management Interface)
	Connects devices within the same network segment.
	Distribution Router
	Juniper Networks
	Junos OS (EX4300)
	192.168.2.1 (Internal Interface)
	Connects different network segments and controls traffic flow between them.
Basic configuration of each network device
Research on device
1. Web Server (Apache httpd):
· Make/Model: Apache Software Foundation / Latest stable version
· IP Address: 192.168.0.10
· Configuration: Install the Apache httpd package and configure basic website files and access permissions.
2. FTP Server (proftpd-1.3.9):
· Make/Model: ProFTPD / 1.3.9 (or latest stable version)
· IP Address: 192.168.0.11
· Configuration: Install proftpd package, define user accounts with secure passwords and configure allowed access directories.
3. VPN Server (OpenVPN 2.5.5):
· Make/Model: OpenVPN Technologies Inc. / 2.5.5 (or latest stable version)
· IP Address: 192.168.0.12
· Configuration: Install OpenVPN package to generate server and client certificates and configure user access and connection parameters.
4. Authentication Server (Active Directory Server 2022):
· Make/Model: Microsoft / Active Directory Server 2022
· IP Address: 192.168.0.13
· Configuration: Join domain members to create user accounts and groups that define access control policies (Mikhalevich and V. A. Trapeznikov, 2019).
5. Anti-virus Server (Client-Based):
· Make/Model: ESET Endpoint Security (example)
· IP Address: N/A (Managed centrally)
· Configuration: Deploy software agents on client devices to configure central management server for updates and policy enforcement.
6. Anti-virus Server (Server-Based):
· Make/Model: Sophos Central Server (example)
· IP Address: 192.168.0.15
· Configuration: Install and configure central server to integrate with network infrastructure for real-time malware scanning.
7. Edge Firewall (PA-2200):
· Make/Model: Palo Alto Networks / PA-2200
· IP Address: 10.0.1.1 (External Interface)
· Configuration: Define security policies to control incoming and outgoing traffic that enable NAT for internal network access to the internet (Fernando, Praveen and Jin Wei, 2020).
8. Firewall (Internal) (FortiGate 60F):
· Make/Model: Fortinet / FortiGate 60F
· IP Address: 10.0.1.254 (Internal Interface)
· Configuration: Define policies to control traffic flow between different network segments.
9. Vulnerability Scanner (Nessus Professional):
· Make/Model: Tenable / Nessus Professional
· IP Address: 192.168.0.16
· Configuration: Schedule periodic scans of network devices and applications to identify potential security vulnerabilities and misconfigurations.
10. Intrusion Detection System (IDS) (Snort 3.1.2.0):
· Make/Model: Cisco / Snort 3.1.2.0 (or latest stable version)
· IP Address: 192.168.0.17
· Configuration: Define rules to detect suspicious network activity, log alerts for further investigation and potential response actions (Winarno et al. 2020).
Use IP addresses to describe configuration
1. Web Server:
· Make/Vendor: Microsoft
· Model: IIS (Internet Information Services)
· IP Address: 192.168.1.10
2. FTP Server:
· Make/Vendor: FileZilla
· Model: FileZilla Server
· IP Address: 192.168.1.11
3. VPN Server:
· Make/Vendor: Cisco
· Model: Cisco AnyConnect
· IP Address: 192.168.1.12
4. Authentication Server:
· Make/Vendor: Microsoft
· Model: Active Directory
· IP Address: 192.168.1.13
5. Anti-virus Server (Client-based and Server-based):
· Make/Vendor: Symantec
· Model: Endpoint Protection Manager
· IP Address (Server): 192.168.1.14
· IP Address (Client): Dynamic assignment
6. Edge Firewall:
· Make/Vendor: Cisco
· Model: ASA 5500
· IP Address (External Interface): 203.0.113.1
· IP Address (Internal Interface): 192.168.1.1
7. Firewall:
· Make/Vendor: Juniper
· Model: SRX Series
· IP Address: 192.168.1.2
8. Vulnerability Scanner:
· Make/Vendor: Nessus
· Model: Tenable Nessus
· IP Address: 192.168.1.15
9. Intrusion Detection System (IDS):
· Make/Vendor: Snort
· Model: Snort IDS
· IP Address: 192.168.1.16
10. Web Proxy:
· Make/Vendor:

IT IS VERY IMPORTANT TO READ THE INSTRUCTIONS!!! THIS IS DOCTORAL WORK. Turnitin and Waypoint are being used to check for plagiarism, and please use APA format. Please pay close attention I NEED...

Introduction

Instructions

Part 1

Part 2

Part 3

Submission Requirements

Solution

Answer To This Question Is Available To Download

Related Questions & Answers

Looking For Homework Help? Get Help From Best Experts!