Redesigning the Fiji National University (FNU) Network Infrastructure
VerifiedAdded on 2019/09/13
|10
|4201
|276
Report
AI Summary
The assignment requires a comprehensive network redesign for the Federation University Network (FNU). The redesign should consider various aspects such as traffic generated by hosts, WAN link support, VLAN configuration, IP address allocation, subnetting, firewalls, proxy servers, and DMZ configuration. Additionally, at least five recommended security controls must be implemented, tested, and documented. These controls include data backup and recovery technology, authentication system, file sharing services, server hardening, and network security features. A proof of concept is also required to demonstrate the implementation of these controls. The assignment uses templates provided by Moodle and references several textbooks on computer networking and information security.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
1
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
The First National University (FNU)
Background
The First National University (FNU) is a major public higher education institution. It was the first
higher education institution in the country to launch distance education and more recently online
programs. Apart from its main Campus, the University has operations in five (5) regional campuses
(RCs) and ten (10) metropolitan campuses (MCs). At present, FNU provides diverse range of
undergraduate and postgraduate programs as well as Vocational and Educational Training (VET)
and short professional programs. More than 45,000 students are currently studying various levels
of programs at FNU as on-campus students. Additionally, around 15,000 students are currently
studying at FNU under the online and distance education programs.
FNU has three (3) major facilities to support its information technology services, namely,
Headquarters, Operations (Data Centre) and Backup. The Headquarters facility is located in the
main Campus. The Operations facility is located 50Kms from the Headquarters in a warehouse the
University owns near an industrial area. The Operations facility houses the back-office technical
functions, the Data Centre, and the IT staff. The Backup facility is located in the country area about
1000km from the headquarters. FNU uses the Backup facility as a warm-site facility that can be
operational within minutes in the event the Operations facility fails.
Apart from the main campus, all regional and metropolitan campuses are very similar in terms of
size, staff, and technologies. Their IT infrastructure uses relatively old and complex technologies.
FNU still uses a number of protocols to enable campus communication to the main server farm
located at the Operations.
Each campus is connected to the university backbone through old Multiservice Platform Routers for
flexible LAN and WAN configurations, easy upgrades, and the handling of various protocols at the
internet and transport layers. The router enables the campus to communicate with different FNU
campuses located in different sites.
To support the day-to-day learning and teaching activities, academics and administrative staff at
FNU also deals with a dozen (12) of external partners including hospitals, research centres, vendor
support, and technology partners in many different ways, non-necessarily compatible each other.
At FNU the current network has consistency, performance, and reliability problems owing to a
growth in enrolments and recent operations expansion. The IT department has been informed
about an increase in student and faculty complaints. Particularly, faculties and academic staff claim
that owing to network problems, they cannot efficiently submit grades, maintain contact with
colleagues at other campuses, keep up with research, and conduct their daily tasks. Similarly,
students say they have submitted student work late due to network problems. Assignments
submission has been problematic since the introduction of the online submission approach.
Students complain that late submissions have impacted their grades badly. Despite the complaints
about the network, faculty, academic staff, and students use of the network has almost tripled in
the last three few years
Another issue at FNU is that there are no BYOD and Work-at-home (WAT) policies. This has become a
focus of contention between the IT department, staff and students. The IT department is concerned
about a number of rogue wireless ad-hoc access points often placed by students within the campus
premises. The vast majority of staff, faculty and students agree that there is a need of implementing
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
The First National University (FNU)
Background
The First National University (FNU) is a major public higher education institution. It was the first
higher education institution in the country to launch distance education and more recently online
programs. Apart from its main Campus, the University has operations in five (5) regional campuses
(RCs) and ten (10) metropolitan campuses (MCs). At present, FNU provides diverse range of
undergraduate and postgraduate programs as well as Vocational and Educational Training (VET)
and short professional programs. More than 45,000 students are currently studying various levels
of programs at FNU as on-campus students. Additionally, around 15,000 students are currently
studying at FNU under the online and distance education programs.
FNU has three (3) major facilities to support its information technology services, namely,
Headquarters, Operations (Data Centre) and Backup. The Headquarters facility is located in the
main Campus. The Operations facility is located 50Kms from the Headquarters in a warehouse the
University owns near an industrial area. The Operations facility houses the back-office technical
functions, the Data Centre, and the IT staff. The Backup facility is located in the country area about
1000km from the headquarters. FNU uses the Backup facility as a warm-site facility that can be
operational within minutes in the event the Operations facility fails.
Apart from the main campus, all regional and metropolitan campuses are very similar in terms of
size, staff, and technologies. Their IT infrastructure uses relatively old and complex technologies.
FNU still uses a number of protocols to enable campus communication to the main server farm
located at the Operations.
Each campus is connected to the university backbone through old Multiservice Platform Routers for
flexible LAN and WAN configurations, easy upgrades, and the handling of various protocols at the
internet and transport layers. The router enables the campus to communicate with different FNU
campuses located in different sites.
To support the day-to-day learning and teaching activities, academics and administrative staff at
FNU also deals with a dozen (12) of external partners including hospitals, research centres, vendor
support, and technology partners in many different ways, non-necessarily compatible each other.
At FNU the current network has consistency, performance, and reliability problems owing to a
growth in enrolments and recent operations expansion. The IT department has been informed
about an increase in student and faculty complaints. Particularly, faculties and academic staff claim
that owing to network problems, they cannot efficiently submit grades, maintain contact with
colleagues at other campuses, keep up with research, and conduct their daily tasks. Similarly,
students say they have submitted student work late due to network problems. Assignments
submission has been problematic since the introduction of the online submission approach.
Students complain that late submissions have impacted their grades badly. Despite the complaints
about the network, faculty, academic staff, and students use of the network has almost tripled in
the last three few years
Another issue at FNU is that there are no BYOD and Work-at-home (WAT) policies. This has become a
focus of contention between the IT department, staff and students. The IT department is concerned
about a number of rogue wireless ad-hoc access points often placed by students within the campus
premises. The vast majority of staff, faculty and students agree that there is a need of implementing
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
2
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
secure wireless and remote access including the WAT and BYOD policies. The evidence is overwhelming
on the need to rethink the way network services are provided at FNU.
The senior management at FNU has identified a number of key business factors that need
immediate attention:
1. Enrolment for both on-campus and distance education is to increase 50% in the next
three years.
2. Improve faculty efficiency and allow academic staff to participate in more research
projects with colleagues at other campuses and partner universities
3. Improve student support efficiency and eliminate problems with assignment online
submission.
4. As part of the BYOD policy, allow students, staff and visitors to the University to access
the campus network and the Internet wirelessly using their mobile devices including
notebooks, smartphones, and tablets.
5. As part of the WAT, allow students and staff to remotely access the campus network
from home.
6. Secure the campus networks from intruders.
In response to the senior management call, the IT department at FNU developed a list of
technical goals that should be implemented as soon as possible:
1. Redesign the current network including provision for wireless services.
2. Overhaul the IP addressing scheme.
3. Increase the bandwidth of the Internet connection to support new applications and the
expanded use of current applications.
4. Provide a secure, private wireless network for students, staff and visitors to access the
campus network and the Internet.
5. Provide a network that offers a response time of less than a second for interactive
applications.
6. Provide a network that is available approximately 99.9 percent of the time and offers an
MTBF (mean-time-between-failure) of 6000 hours and an MTTR (mean-time-to- repair)
of less than 90 minutes.
7. Provide security to protect the Internet connection and internal network from intruders.
8. Provide a network that can scale to support future expanded usage of multimedia
applications including online teaching.
9. Automate the majority of the network tasks and services including plug and play,
network configuration, network management, troubleshooting, network
monitoring, resource sharing, load balancing, updates, and data backups.
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
secure wireless and remote access including the WAT and BYOD policies. The evidence is overwhelming
on the need to rethink the way network services are provided at FNU.
The senior management at FNU has identified a number of key business factors that need
immediate attention:
1. Enrolment for both on-campus and distance education is to increase 50% in the next
three years.
2. Improve faculty efficiency and allow academic staff to participate in more research
projects with colleagues at other campuses and partner universities
3. Improve student support efficiency and eliminate problems with assignment online
submission.
4. As part of the BYOD policy, allow students, staff and visitors to the University to access
the campus network and the Internet wirelessly using their mobile devices including
notebooks, smartphones, and tablets.
5. As part of the WAT, allow students and staff to remotely access the campus network
from home.
6. Secure the campus networks from intruders.
In response to the senior management call, the IT department at FNU developed a list of
technical goals that should be implemented as soon as possible:
1. Redesign the current network including provision for wireless services.
2. Overhaul the IP addressing scheme.
3. Increase the bandwidth of the Internet connection to support new applications and the
expanded use of current applications.
4. Provide a secure, private wireless network for students, staff and visitors to access the
campus network and the Internet.
5. Provide a network that offers a response time of less than a second for interactive
applications.
6. Provide a network that is available approximately 99.9 percent of the time and offers an
MTBF (mean-time-between-failure) of 6000 hours and an MTTR (mean-time-to- repair)
of less than 90 minutes.
7. Provide security to protect the Internet connection and internal network from intruders.
8. Provide a network that can scale to support future expanded usage of multimedia
applications including online teaching.
9. Automate the majority of the network tasks and services including plug and play,
network configuration, network management, troubleshooting, network
monitoring, resource sharing, load balancing, updates, and data backups.
3
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
Wide Area Networks (WANs) at FNU
Currently, FNU supports its wide area network operations using a mesh topology of three (3)
Layer2 VPLS (Virtual Private LAN Service) point-to-point circuits. This mesh guarantees
redundancy between the Headquarters, Operations (Data Centre), and Backup sites.
Each regional and metropolitan campus is also redundantly connected to the major facilities (links
to Headquarters, Operations and Backup respectively) via Frame Relay permanent virtual circuits
(PVC). Similarly, two separate frame relay Internet Service Providers (ISP) are used for redundant
Internet access: one PVC via the main Campus (Headquarters) and the other PVC via the Backup
site. The external partners are connected to FNU via DSL.
Campus Network in FNU (Main, Metro, and Regional Campuses)
Each FNU campus is supported by 100Base-TX Switched Ethernet LANs, and FNU is expecting to
upgrade to more modern Switched Ethernets. Staff at FNU are distributed as follows:
1. 250 employees including academic (x150), administrative (x50) and management staff (x50).
There are about 2,000 on-campus students in each of the regional and metro campuses.
2. The main campus houses around 2,000 employees including academic (x1000);
administrative (x500) and management staff (x500). Nearly 15,000 on-campus
students are studying at the main campus.
The Operations facility is also supported by 100Base-TX Switched Ethernet LANs. In the Operations
facility, there are 100 engineers in charge of technical support of the data centre, networking,
maintenance, and application development. The organisational and operational structure of the
Backup facility is similar to the structure of the Operations facility.
Academic staff at the main campus, regional, and metro campuses teach courses in seven faculties,
namely: arts and humanities, business, social sciences, mathematics, computer science, the physical
sciences, and health sciences. The administrative staff handle admissions, student records, and other
student operational functions. The management staff consists of human resources, senior
management and information technology. Enrolment at FNU has almost tripled in the past three
years; and the faculty and admin staff has doubled in size.
Each campus backbone (including main, regional and metro campuses) supports the operations of
the seven faculties, management, and administrative staff. The following are the details of the IT
infrastructure:
1. A high-end switch in each building is connected to a high-end Campus core switch in the
campus backbone.
2. Within each building, 24-port Ethernet switches on each floor connect end user systems.
3. Floor switches are connected to the high-end building switch.
4. The 100Base-TX switches are layer-2 switches running the IEEE 802.1D Spanning Tree
Protocol.
5. All devices are part of the same broadcast domain. All devices (except public servers) are
part of the 192.168.0.0 internal network
6. Addressing for end-user hosts is accomplished with DHCP. A Windows server in the
cluster located in the Operations facility acts as the DHCP server.
7. A Windows-based network management software package monitors the switches
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
Wide Area Networks (WANs) at FNU
Currently, FNU supports its wide area network operations using a mesh topology of three (3)
Layer2 VPLS (Virtual Private LAN Service) point-to-point circuits. This mesh guarantees
redundancy between the Headquarters, Operations (Data Centre), and Backup sites.
Each regional and metropolitan campus is also redundantly connected to the major facilities (links
to Headquarters, Operations and Backup respectively) via Frame Relay permanent virtual circuits
(PVC). Similarly, two separate frame relay Internet Service Providers (ISP) are used for redundant
Internet access: one PVC via the main Campus (Headquarters) and the other PVC via the Backup
site. The external partners are connected to FNU via DSL.
Campus Network in FNU (Main, Metro, and Regional Campuses)
Each FNU campus is supported by 100Base-TX Switched Ethernet LANs, and FNU is expecting to
upgrade to more modern Switched Ethernets. Staff at FNU are distributed as follows:
1. 250 employees including academic (x150), administrative (x50) and management staff (x50).
There are about 2,000 on-campus students in each of the regional and metro campuses.
2. The main campus houses around 2,000 employees including academic (x1000);
administrative (x500) and management staff (x500). Nearly 15,000 on-campus
students are studying at the main campus.
The Operations facility is also supported by 100Base-TX Switched Ethernet LANs. In the Operations
facility, there are 100 engineers in charge of technical support of the data centre, networking,
maintenance, and application development. The organisational and operational structure of the
Backup facility is similar to the structure of the Operations facility.
Academic staff at the main campus, regional, and metro campuses teach courses in seven faculties,
namely: arts and humanities, business, social sciences, mathematics, computer science, the physical
sciences, and health sciences. The administrative staff handle admissions, student records, and other
student operational functions. The management staff consists of human resources, senior
management and information technology. Enrolment at FNU has almost tripled in the past three
years; and the faculty and admin staff has doubled in size.
Each campus backbone (including main, regional and metro campuses) supports the operations of
the seven faculties, management, and administrative staff. The following are the details of the IT
infrastructure:
1. A high-end switch in each building is connected to a high-end Campus core switch in the
campus backbone.
2. Within each building, 24-port Ethernet switches on each floor connect end user systems.
3. Floor switches are connected to the high-end building switch.
4. The 100Base-TX switches are layer-2 switches running the IEEE 802.1D Spanning Tree
Protocol.
5. All devices are part of the same broadcast domain. All devices (except public servers) are
part of the 192.168.0.0 internal network
6. Addressing for end-user hosts is accomplished with DHCP. A Windows server in the
cluster located in the Operations facility acts as the DHCP server.
7. A Windows-based network management software package monitors the switches
4
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
using SNMP and RMON. The software runs on a server in the cluster located in the
Operations Centre.
8. FNU email and web servers use public addresses assigned by AARNET (Discuss with
your mentor the allocation of these public addresses). The system also provides a DNS
server that the FNU uses. All these public servers are located in the Operations facility.
9. The Multiservice Platform router in each campus has a default route to the WAN and
does not run a routing protocol.
10. Campus servers support for local file storage (students and staff) and data backups that
are periodically transferred to the main data centre at the Operations Facility
The logical topology of the Operations facility is similar to the Campus backbone. The main
difference is that the server farm with the public services (Web, email and file services) are
housed in the Data Centre of this facility. The Multiservice Platform router at the Operations
facility acts as a NAT-Firewall.
Application and Enterprise Services
The following table provides a summary of the main network applications and enterprise
services currently running in all FNU campuses.
Application / Service Description Users
Students and academics’ work On-campus students use the
network to write assignments
and other documents.
Computer Science academics
and students use the network
to develop code. They can save
their work to file servers in the
campus servers and print their
tasks on printers within the
campus and other buildings.
Students and academic staff
Electronic Mail (SMTP) Email is used campus-wide (MS
Outlook Desktop).
Students and University staff
Web services (HTTP and
HTTPS)
Use of web browsers to access
information, participate in chat
rooms, and other typical
Web services.
Students and University staff
University Library The University has a main
library at the main campus
and smaller library facilities at
each regional and metro
campuses. Students and staff
access the online library
catalogue.
Students and University staff
HPC Higher Performance Computing
Cluster located in the
Operations building. This
system is part of the nation’s
scientific research program.
Students and faculty in
collaboration with
external partners
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
using SNMP and RMON. The software runs on a server in the cluster located in the
Operations Centre.
8. FNU email and web servers use public addresses assigned by AARNET (Discuss with
your mentor the allocation of these public addresses). The system also provides a DNS
server that the FNU uses. All these public servers are located in the Operations facility.
9. The Multiservice Platform router in each campus has a default route to the WAN and
does not run a routing protocol.
10. Campus servers support for local file storage (students and staff) and data backups that
are periodically transferred to the main data centre at the Operations Facility
The logical topology of the Operations facility is similar to the Campus backbone. The main
difference is that the server farm with the public services (Web, email and file services) are
housed in the Data Centre of this facility. The Multiservice Platform router at the Operations
facility acts as a NAT-Firewall.
Application and Enterprise Services
The following table provides a summary of the main network applications and enterprise
services currently running in all FNU campuses.
Application / Service Description Users
Students and academics’ work On-campus students use the
network to write assignments
and other documents.
Computer Science academics
and students use the network
to develop code. They can save
their work to file servers in the
campus servers and print their
tasks on printers within the
campus and other buildings.
Students and academic staff
Electronic Mail (SMTP) Email is used campus-wide (MS
Outlook Desktop).
Students and University staff
Web services (HTTP and
HTTPS)
Use of web browsers to access
information, participate in chat
rooms, and other typical
Web services.
Students and University staff
University Library The University has a main
library at the main campus
and smaller library facilities at
each regional and metro
campuses. Students and staff
access the online library
catalogue.
Students and University staff
HPC Higher Performance Computing
Cluster located in the
Operations building. This
system is part of the nation’s
scientific research program.
Students and faculty in
collaboration with
external partners
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
5
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
Online and Distance Education All faculties have online
teaching programs that require
video streaming via Blackboard
Collaborate.
Students and Academic staff
Moodle Learning Management
System
Management of learning
resources
Students and Academic staff
ERP Human Resource Management
and SAP Enterprise Resource
Planning
Administrative and
Management staff
Student Information System The University administration
staff uses this system to keep
track of class registrations,
enrolments and student
records.
Administrative and academic
staff
Data Analytics Business intelligence Platform
to find, explore, and share
data-driven insights within
FNU.
University Senior
Management
GoogleDocs Online word processor to
create and format documents
and work collaboratively.
University staff
Office 365 To access Microsoft Office apps
on Windows, macOS, iOS,
Android, and Windows mobile.
It also provides webmail and
social networking services via
the Exchange Server
Students and University staff
Adobe Creative Cloud To access Adobe apps including
Photoshop, Illustrator, InDesign
and Premiere Pro.
Students and University staff
Academic Information
Management System
Academic workflow support Academic staff
Video Conferencing System For Online meetings. Each
campus has at least two virtual
rooms fully configured.
Students and University staff
Laboratory Software All computer labs are equipped
with Microsoft Office and a
wide range of software
development tools (both
proprietary and open source)
Students and University staff
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
Online and Distance Education All faculties have online
teaching programs that require
video streaming via Blackboard
Collaborate.
Students and Academic staff
Moodle Learning Management
System
Management of learning
resources
Students and Academic staff
ERP Human Resource Management
and SAP Enterprise Resource
Planning
Administrative and
Management staff
Student Information System The University administration
staff uses this system to keep
track of class registrations,
enrolments and student
records.
Administrative and academic
staff
Data Analytics Business intelligence Platform
to find, explore, and share
data-driven insights within
FNU.
University Senior
Management
GoogleDocs Online word processor to
create and format documents
and work collaboratively.
University staff
Office 365 To access Microsoft Office apps
on Windows, macOS, iOS,
Android, and Windows mobile.
It also provides webmail and
social networking services via
the Exchange Server
Students and University staff
Adobe Creative Cloud To access Adobe apps including
Photoshop, Illustrator, InDesign
and Premiere Pro.
Students and University staff
Academic Information
Management System
Academic workflow support Academic staff
Video Conferencing System For Online meetings. Each
campus has at least two virtual
rooms fully configured.
Students and University staff
Laboratory Software All computer labs are equipped
with Microsoft Office and a
wide range of software
development tools (both
proprietary and open source)
Students and University staff
6
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
Current ICT infrastructure Summary
ICT infrastructure at Metro and Regional campuses
Hardware
Staff equipped with Desktop PCs running Windows 7 (dual monitors)
Staff PCs equipped with first generation headsets and webcams
4 networked Laser Printers in each faculty
10 computer labs, each equipped with 24 PCs running Windows and a printer
One Network Attachment Storage for local storage
100Base-TX Switched Ethernet
ICT infrastructure at Headquarters (main campus)
Hardware
Staff equipped with Desktop PCs running Windows 10 (dual monitors)
Staff PCs equipped with latest generation headsets and webcams
20 networked Laser Printers (also capable of scanning and photocopying)
50 computer labs, each equipped with 24 Desktop PCs running Windows 10 and a printer
One Network Attachment Storage (NAS) for local storage
Staff equipped with VoIP video phones
100Base-TX Switched Ethernet
ICT infrastructure at Operations site
Operating systems: Combination of Windows and Linux servers
Staff equipped with Desktop PCs running Windows 8
All operational servers including file, web, mail, DHCP, DNS, Authentication, Blackboard, Domain
Controllers, Database, SAN, Load Balancing and video streaming servers are concentrated in this
facility. The Operations facility also contains the infrastructure to support FNU’s learning
management and student information systems; and ERP services.
ICT infrastructure at Backup site
As mentioned, the Backup is a warm-site facility that can take over within minutes in the event that
the Operations facility fails. The backup site infrastructure mirrors the Operations facility.
Problem Statement
FNU business processes rely on a combination of systems and services with a very complex ICT
infrastructure. FNU academic board acknowledges this as major issue that could compromise
FNU’s growth and sustainability. The senior executive argues that currently the University is
spending a huge amount of money to maintain and integrate disparate and cumbersome
systems, with little room to expand and improve services. FNU needs to change and re-provision
the ICT infrastructure to provide high quality learning and teaching in the most cost-effective
way.
As part of this change, the transition to interoperability should be achieved in a smooth manner
while leveraging the latest advancements in network and information security infrastructure to
guarantee “zero” problems. This might also include the migration of key university applications and
services to the Cloud.
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
Current ICT infrastructure Summary
ICT infrastructure at Metro and Regional campuses
Hardware
Staff equipped with Desktop PCs running Windows 7 (dual monitors)
Staff PCs equipped with first generation headsets and webcams
4 networked Laser Printers in each faculty
10 computer labs, each equipped with 24 PCs running Windows and a printer
One Network Attachment Storage for local storage
100Base-TX Switched Ethernet
ICT infrastructure at Headquarters (main campus)
Hardware
Staff equipped with Desktop PCs running Windows 10 (dual monitors)
Staff PCs equipped with latest generation headsets and webcams
20 networked Laser Printers (also capable of scanning and photocopying)
50 computer labs, each equipped with 24 Desktop PCs running Windows 10 and a printer
One Network Attachment Storage (NAS) for local storage
Staff equipped with VoIP video phones
100Base-TX Switched Ethernet
ICT infrastructure at Operations site
Operating systems: Combination of Windows and Linux servers
Staff equipped with Desktop PCs running Windows 8
All operational servers including file, web, mail, DHCP, DNS, Authentication, Blackboard, Domain
Controllers, Database, SAN, Load Balancing and video streaming servers are concentrated in this
facility. The Operations facility also contains the infrastructure to support FNU’s learning
management and student information systems; and ERP services.
ICT infrastructure at Backup site
As mentioned, the Backup is a warm-site facility that can take over within minutes in the event that
the Operations facility fails. The backup site infrastructure mirrors the Operations facility.
Problem Statement
FNU business processes rely on a combination of systems and services with a very complex ICT
infrastructure. FNU academic board acknowledges this as major issue that could compromise
FNU’s growth and sustainability. The senior executive argues that currently the University is
spending a huge amount of money to maintain and integrate disparate and cumbersome
systems, with little room to expand and improve services. FNU needs to change and re-provision
the ICT infrastructure to provide high quality learning and teaching in the most cost-effective
way.
As part of this change, the transition to interoperability should be achieved in a smooth manner
while leveraging the latest advancements in network and information security infrastructure to
guarantee “zero” problems. This might also include the migration of key university applications and
services to the Cloud.
7
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
In terms of network and information security, the ICT infrastructure should safeguard appropriate
access and use of resources; and ensure unauthorised and malicious internal and external network
attacks are properly blocked. Network redundancy is currently achieved with the mesh topologies
(VPLS and Frame Relay); however, nothing has been done in terms of security plans for both
disaster recovery (DRP) and business continuity (BCP).
Statement of Works
Your task is to plan and implement a project to help FNU re-provision its ICT infrastructure in
accordance with its rapidly changing needs. The project consists of three parts: network security plan,
network redesign, and technology implementation.
Part 1: Network Security plan
The network security plan should include as minimum the following items:
1. Introduction outlining the importance of the plan and its purpose. Your introduction should
also provide a brief description of the components of the proposed network security plan in
terms of the First National University needs.
2. Scope outlining the areas of the organisation that the Plan applies. The scope also relates to
the breakdown of the tasks that are needed to make sure that the network is secure.
3. Assumptions documenting any assumptions you have made in order to prepare the plan.
There are things that might not be clear from the case study, hence you have either to
consult with the mentor or assume them in a reasonable way with a clear justification.
4. Clear and concise statements about what the Security Plan is designed to achieve. This
statement must relate the business and technical goals of FNU.
5. Summary and analysis of the organisation’s risks, highlighting the current threats,
challenges and vulnerabilities along with an assessment of current security environment
and treatments in place. This is perhaps the most important component of the security
plan. It includes the complete assessment of each of the network assets (computer
hardware, PCs, servers, application and system software, network devices, employees,
partners and the like) and its importance for the normal operation of the network services.
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
In terms of network and information security, the ICT infrastructure should safeguard appropriate
access and use of resources; and ensure unauthorised and malicious internal and external network
attacks are properly blocked. Network redundancy is currently achieved with the mesh topologies
(VPLS and Frame Relay); however, nothing has been done in terms of security plans for both
disaster recovery (DRP) and business continuity (BCP).
Statement of Works
Your task is to plan and implement a project to help FNU re-provision its ICT infrastructure in
accordance with its rapidly changing needs. The project consists of three parts: network security plan,
network redesign, and technology implementation.
Part 1: Network Security plan
The network security plan should include as minimum the following items:
1. Introduction outlining the importance of the plan and its purpose. Your introduction should
also provide a brief description of the components of the proposed network security plan in
terms of the First National University needs.
2. Scope outlining the areas of the organisation that the Plan applies. The scope also relates to
the breakdown of the tasks that are needed to make sure that the network is secure.
3. Assumptions documenting any assumptions you have made in order to prepare the plan.
There are things that might not be clear from the case study, hence you have either to
consult with the mentor or assume them in a reasonable way with a clear justification.
4. Clear and concise statements about what the Security Plan is designed to achieve. This
statement must relate the business and technical goals of FNU.
5. Summary and analysis of the organisation’s risks, highlighting the current threats,
challenges and vulnerabilities along with an assessment of current security environment
and treatments in place. This is perhaps the most important component of the security
plan. It includes the complete assessment of each of the network assets (computer
hardware, PCs, servers, application and system software, network devices, employees,
partners and the like) and its importance for the normal operation of the network services.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
The analysis also investigates the vulnerabilities of each asset and its associated threat that
might exploit those vulnerabilities.
6. Network Security policies to address all possible network attacks and vulnerabilities. Note
that these policies address the likely issues that might occur during the transmission of the
data through the network.
7. Information Security policies to address unauthorized and misappropriate use of FNU data
and software applications. Note that these policies address the likely issues that might occur
during the storage and processing of the data.
8. Disaster recovery and Business continuity plans.
9. Security Strategies and Recommended controls including security policies. The
recommended controls are the action points you are to put in place to mitigate the risks you
uncovered as part of your risk analysis.
10. In practice, achieving total security in an organisation is impossible. Residual risks that
remain after all possible (cost-effective) mitigation or treatment of risks should be taken into
account. Your security plan should estimate, describe and rate these residual risks to guide
the priorities for ongoing monitoring of risks.
11. Resources for implementing the recommendation. This should include any type of resources
like humans, communities of practice, quality audit groups, and the like.
You are advised to use the network security plan template posted in the Moodle site to ensure you
address all required items (refer to the marking criteria).
Part 2: Network Redesign
The redesign should be justified in terms of scalability, availability, network performance, security,
manageability, usability, adaptability, and affordability. To do this, you need to make a number of
assumptions. For example, assume that a great number of University services operate 24/7. Other
services are to operate from 6:00am to 8:00pm Monday to Friday. Other aspects to consider are
user’s behaviour, type of applications and services, bandwidth requirements, and the like. Make
sure you discuss this further with your team mates, mentor, and teacher.
Specifically, for this redesign take into account the following:
1. Traffic generated by the hosts: clients, servers, and backup devices.
2. Appropriateness of WAN links to support current traffic and forecast growth.
3. Appropriateness of wired LANs and Wireless LANs to support future growth.
4. VLAN configuration.
5. Network devices including routers and switches at each site (wired and wireless); and
the respective network protocols and quality of service
6. IP address allocation of each network and main network devices.
7. Sub-netting to separate traffic.
8. Firewalls positioning and strategy.
9. Proxy servers.
10. DMZ configuration.
11. Firewalls Access Control Lists.
12. Network diagram (logical and physical topologies).
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
The analysis also investigates the vulnerabilities of each asset and its associated threat that
might exploit those vulnerabilities.
6. Network Security policies to address all possible network attacks and vulnerabilities. Note
that these policies address the likely issues that might occur during the transmission of the
data through the network.
7. Information Security policies to address unauthorized and misappropriate use of FNU data
and software applications. Note that these policies address the likely issues that might occur
during the storage and processing of the data.
8. Disaster recovery and Business continuity plans.
9. Security Strategies and Recommended controls including security policies. The
recommended controls are the action points you are to put in place to mitigate the risks you
uncovered as part of your risk analysis.
10. In practice, achieving total security in an organisation is impossible. Residual risks that
remain after all possible (cost-effective) mitigation or treatment of risks should be taken into
account. Your security plan should estimate, describe and rate these residual risks to guide
the priorities for ongoing monitoring of risks.
11. Resources for implementing the recommendation. This should include any type of resources
like humans, communities of practice, quality audit groups, and the like.
You are advised to use the network security plan template posted in the Moodle site to ensure you
address all required items (refer to the marking criteria).
Part 2: Network Redesign
The redesign should be justified in terms of scalability, availability, network performance, security,
manageability, usability, adaptability, and affordability. To do this, you need to make a number of
assumptions. For example, assume that a great number of University services operate 24/7. Other
services are to operate from 6:00am to 8:00pm Monday to Friday. Other aspects to consider are
user’s behaviour, type of applications and services, bandwidth requirements, and the like. Make
sure you discuss this further with your team mates, mentor, and teacher.
Specifically, for this redesign take into account the following:
1. Traffic generated by the hosts: clients, servers, and backup devices.
2. Appropriateness of WAN links to support current traffic and forecast growth.
3. Appropriateness of wired LANs and Wireless LANs to support future growth.
4. VLAN configuration.
5. Network devices including routers and switches at each site (wired and wireless); and
the respective network protocols and quality of service
6. IP address allocation of each network and main network devices.
7. Sub-netting to separate traffic.
8. Firewalls positioning and strategy.
9. Proxy servers.
10. DMZ configuration.
11. Firewalls Access Control Lists.
12. Network diagram (logical and physical topologies).
10
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
You are advised to use the network redesign template posted in the Moodle site to ensure you
address all required items (refer to the marking criteria).
Part 3: Security Technology Implementation
As part of the security technology implementation, and in line with the recommended controls
mentioned above in the network security plan (item 9), you are required to document, implement,
and test at least five (5) recommended controls. The following are some suggestions of security
technologies you could implement:
1. Data backup and recovery technology including the procedures for backup and recovery.
Note that there are NASs at the campuses to back up the data generated locally,
however the vast majority of data is backed up to the File Servers in each campus and
ultimately to the Operations facility through the WAN. You need to provide the strategy
of the backup, technical details, specifications and functionalities of the recommended
backup technology.
2. A proper authentication system that takes care of highly secured roles and permissions
to access, share, download, upload files and folders. This should include authentication
for wireless and mobile services as well (according to WAT and BYOD policies). You need
to provide the complete details of the recommended technology including the product
and vendor specifications.
3. Services like File, Web (and secure Web), Mail (and secure Mail including spam email
prevention), DHCP, DNS, Domain Controllers. For example, you may suggest Apache
HTTT Server as the Web server software. If that is the case, then you must describe the
full configuration of the Apache HTTP Server and the application architecture used to
include the load balancer, replica web server, and data server (if you opt for a three-
tier architecture for example). Again, you need to provide details of the software
vendor and recommended hardware to run the service.
4. Hardening of servers described mentioned in section 3. All the services need to be
hardened with products as recommended in the network security plan.
5. Network security including DMZs, Firewalls, Intrusion Detection and Prevention Systems
(IDSs and IPSs).
Security technologies 1 to 5 mentioned above are suggestions only. Discuss with your mentor and
teacher any other options of your interest.
Proof of concept
As part of the project requirements, you are required to implement and test the recommended
controls suggested in the security technology implementation section above. The solution should
address current needs of FNU, including the installation of the software, configuration of the system,
and developing of test cases to check the complete functionality of the system.
For the proof of concept, it is mandatory that you include the documented results (procedures and
screen dumps) of various network security attacks tests (such as Network Penetration Test) as part
of your final project report. You may use your choice of security software/tools (including freeware
open software systems) and operating systems (Windows, Linux, or Ubuntu) in a virtualized
environment to build and simulate the security tests. You are required to demonstrate your
implementations at the end of the term.
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
You are advised to use the network redesign template posted in the Moodle site to ensure you
address all required items (refer to the marking criteria).
Part 3: Security Technology Implementation
As part of the security technology implementation, and in line with the recommended controls
mentioned above in the network security plan (item 9), you are required to document, implement,
and test at least five (5) recommended controls. The following are some suggestions of security
technologies you could implement:
1. Data backup and recovery technology including the procedures for backup and recovery.
Note that there are NASs at the campuses to back up the data generated locally,
however the vast majority of data is backed up to the File Servers in each campus and
ultimately to the Operations facility through the WAN. You need to provide the strategy
of the backup, technical details, specifications and functionalities of the recommended
backup technology.
2. A proper authentication system that takes care of highly secured roles and permissions
to access, share, download, upload files and folders. This should include authentication
for wireless and mobile services as well (according to WAT and BYOD policies). You need
to provide the complete details of the recommended technology including the product
and vendor specifications.
3. Services like File, Web (and secure Web), Mail (and secure Mail including spam email
prevention), DHCP, DNS, Domain Controllers. For example, you may suggest Apache
HTTT Server as the Web server software. If that is the case, then you must describe the
full configuration of the Apache HTTP Server and the application architecture used to
include the load balancer, replica web server, and data server (if you opt for a three-
tier architecture for example). Again, you need to provide details of the software
vendor and recommended hardware to run the service.
4. Hardening of servers described mentioned in section 3. All the services need to be
hardened with products as recommended in the network security plan.
5. Network security including DMZs, Firewalls, Intrusion Detection and Prevention Systems
(IDSs and IPSs).
Security technologies 1 to 5 mentioned above are suggestions only. Discuss with your mentor and
teacher any other options of your interest.
Proof of concept
As part of the project requirements, you are required to implement and test the recommended
controls suggested in the security technology implementation section above. The solution should
address current needs of FNU, including the installation of the software, configuration of the system,
and developing of test cases to check the complete functionality of the system.
For the proof of concept, it is mandatory that you include the documented results (procedures and
screen dumps) of various network security attacks tests (such as Network Penetration Test) as part
of your final project report. You may use your choice of security software/tools (including freeware
open software systems) and operating systems (Windows, Linux, or Ubuntu) in a virtualized
environment to build and simulate the security tests. You are required to demonstrate your
implementations at the end of the term.
10
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
You are advised to use the security technology implementation template posted in the Moodle site
to ensure you address all required items (refer to the marking criteria).
References
1. Ciampa, M. (2015). CompTIA Security+ Guide to Network Security Fundamentals (5th
Edition). Clifton Park, NY: Course Technology.
2. Forouzan, B. (2009). TCP/IP Protocol Suite (4th edition). Boston: McGraw-Hill Education.
3. Oppenheimer, P. (2011). Top-Down Network Design (3rd Edition). Indianapolis, In: Cisco
Press
4. Panko, R., & Panko, J. (2010). Business Data Networks and Telecommunications. (8th
edition). Prentice Hall Press Upper Saddle River, NJ, USA.
5. Weaver, R., Weaver, D., & Farwood, D. (2013). Guide to Network Defense and
Countermeasures (3rd edition). Boston, MA, USA: Course Technology.
6. Whitman, M. E., Mattord, H. J., & Green, A. (2012). Guide to Firewalls and VPNs (3rd
edition). Boston, MA: Delmar Cengage Learning.
Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
You are advised to use the security technology implementation template posted in the Moodle site
to ensure you address all required items (refer to the marking criteria).
References
1. Ciampa, M. (2015). CompTIA Security+ Guide to Network Security Fundamentals (5th
Edition). Clifton Park, NY: Course Technology.
2. Forouzan, B. (2009). TCP/IP Protocol Suite (4th edition). Boston: McGraw-Hill Education.
3. Oppenheimer, P. (2011). Top-Down Network Design (3rd Edition). Indianapolis, In: Cisco
Press
4. Panko, R., & Panko, J. (2010). Business Data Networks and Telecommunications. (8th
edition). Prentice Hall Press Upper Saddle River, NJ, USA.
5. Weaver, R., Weaver, D., & Farwood, D. (2013). Guide to Network Defense and
Countermeasures (3rd edition). Boston, MA, USA: Course Technology.
6. Whitman, M. E., Mattord, H. J., & Green, A. (2012). Guide to Firewalls and VPNs (3rd
edition). Boston, MA: Delmar Cengage Learning.
1 out of 10
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.