Network Security and Information Project - FNU University

Verified

Added on 2021/06/17

AI Summary

This project report details a comprehensive network security plan for First National University (FNU). It begins with an introduction to the project's scope, focusing on network redesign, security planning, and technology implementation. The report analyzes network traffic, proposes a new network design, and includes a trade-off model and IP addressing schema. A detailed network security plan is presented, outlining objectives, assumptions, and a thorough risk analysis. Security policies covering communication, network access, workstation use, antivirus measures, DMZ, and extranet access are defined. The project further addresses disaster recovery, business continuity, and access control strategies. Technology implementations are discussed, including DMZ configuration, test plans and results, Radius server setup, and IDS deployment. The report also covers switching and routing protocols, including IEEE 802.11 for RSTP, OSPF, and VLAN configuration. Finally, the project concludes with a summary of the FNU network, business and technical objectives, and a bibliography of cited sources.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

NETWORK SECURITY AND
INFORMATION PROJECT
NAME OF THE STUDENT
NAME OF THE UNIVERSITY
AUTHOR’S NOTE

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

INTRODUCTION
• The project report is prepared after the evaluation of the case
study on First National University. A report is prepared
consisting of the concepts used for redesigning the network,
Security planning and the different technologies used for
increasing the security of the network. A work schedule is
followed for proceeding with the network assignment and a
RACI matrix is created for the analysis of the risk and
application of the security control measures for the
development of the network framework.

NETWORK REDESIGN
• Analysis of the network traffic
Application Flow Users Bandwidth
Speed
Quality Of
Service(QOS)
Email Client/Server Staff 25Mbps 4-7 Sec
Web Page Client/Server Customers, Staff 60Mbps 7-10 Sec
HD Image Client/Server Customers, Staff 15Mbps 7-15 sec
Video
streaming
Client/Server Customers 65Mbps 10-15 sec to load
Data Backup Server/Server Staff 750Mbps Depends on the
size

NETWORK REDESIGN (CONTD.)
• Trade-off modelTechnical Trade-Off Percentage
Scalability 20
Availability 20
Network Performance 10
Security 20
Manageability and Usability 5+5
Adaptability and Affordability 10+5
Characterizing the network infrastructure 5
Total: 100

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

NETWORK REDESIGN (CONTD.)
• IP addressing Schema
Subnet Name Needed
Size
Allocated
Size
Address Mask Assignable
Range
Dec Mask Broadcast
Accounts
dept
15000 16382 192.168.0.0 /18 192.168.0.1 -
192.168.63.254
255.255.192.0 192.168.63.255
It
department
15000 16382 192.168.64.0 /18 192.168.64.1 -
192.168.127.254
255.255.192.0 192.168.127.255
Server
Network
15000 16382 192.168.128.0 /18 192.168.128.1 -
192.168.191.254
255.255.192.0 192.168.191.255
management
Department
15000 16382 192.168.192.0 /18 192.168.192.1 -
192.168.255.254
255.255.192.0 192.168.255.255
Backup
network
50 62 192.169.0.0 /26 192.169.0.1 -
192.169.0.62
255.255.255.192 192.169.0.63
DMZ network 50 62 192.169.0.64 /26 192.169.0.65 -
192.169.0.126
255.255.255.192 192.169.0.127

NETWORK REDESIGN (CONTD.)
• Logical Network Design

NETWORK REDESIGN (CONTD.)
• Physical Network Design
Servers Workgroup Switch
Workgroup Switch
Workstations
Workstations
Remote access router
Workgroup Switch
Workstations
Workgroup Switch
Workgroup Switch
Workstations
Dial Up user with VPN client
software
Internet
Cloud
DMZ
Finance
HR
Publishing Manager
Technical manager

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

NETWORK SECURITY PLAN
Scope
• Development of network of the organization for improving the facilities
that are associated with network communication
• Effective as well as proper deployment of the entire operation that
generally favours the implications of the security within the university
• The implications of security is dependent on various types of
innovative technologies as well as implementation of number of
functional activities within FNU.

NETWORK SECURITY PLAN ( CONTD.)
Objectives
• To improve the communication as well as network connection by utilizing new network
designed that is mainly developed with the help of the concept of engineering design
• To determine the security issues and vulnerabilities that are associated with network
design for ensuring the root causes of the various issues.
• To develop proper policies that is quite helpful in improving the security of the entire
network
• To develop plan for network security that must be favourable for the requirements of FNU
• To implement various types of policies

NETWORK SECURITY PLAN ( CONTD.)
Assumptions
• Security assumptions: The security functions that is mainly implemented is mainly dependent on the assumptions,
which are listed below:
• Physical contact with the various devices will not be created
• The security plan that would be implemented will be feasible
• The network related design that would be developed would be helpful in sustaining various network security tools
• External disturbances will not be present within the network communication
• Design assumptions: The network design development would include number of assumptions that are listed below:
• Effective function implementation including network communication related principle
• Needed routers and switches
• Area, which is mainly covered by the routers.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

NETWORK SECURITY PLAN (CONTD.)
Risk Analysis
Identification of the asset and assessment
Individual asset risk analysis
Threats, challenges and vulnerabilities

NETWORK SECURITY PLAN (CONTD.)
Security Policies
• Communication and Email policy
• Network access and Internet policy
• Workstation policy
• Network security policy
• Antivirus policy
• DMZ policy
• Extranet policy

NETWORK SECURITY PLAN (CONTD.)
Disaster recovery and Business Continuity
• Business Impact Analysis
• Insurance Consideration
• Incident Response Team
• Physical safeguard
• Incident response procedure
• Restoration procedures

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

NETWORK SECURITY PLAN (CONTD.)
Network security access control
• Security strategy
• Specific recommended Controls to mitigate the risks
uncovered

NETWORK SECURITY PLAN (CONTD.)
• Residual risks
Ref No. Description Severity Probability Mitigation
Strategies
Residual Plan
#9540021 Attacks on password Major Likely Reduce The risk can be
mitigated with the
help of biometric
passwords.
#9540022 Exploitation of trust Moderate Possible Transfer The sensitive data
must be properly
managed.
#9540023 Redirection of port Minor Unlikely Accept The hardware must be
successfully handled.
#9540024 Man-In-The-Middle
Attacks
Moderate Likely Avoid Implementation of
security measures
would be helpful in
resolving risks.
#9540025 Social Engineering
Attack
Minor Rare Exploit Should be generally
used for system
benefit.

TECHNOLOGY IMPLEMENTATIONS OF
SECURITY
• NETWORK SECURITY- DMZ ZONE
• Resources Used
• DMZ is mainly configured on router for establishing of DMZ
zone. It needs to be work out configured as per the rules of
DMZ firewall. Various other kinds of resources are needed for
DMZ zone on firewall, Servers.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

TECHNOLOGY IMPLEMENTATIONS OF
SECURITY (CONTD.)
• NETWORK SECURITY- DMZ ZONE
• Test Plan Implementation
• For the proper implementation of test plan the network should be configured in such a way that
various firewall devices are installed in the network. There large number of tools for network
configuration which is mainly used for analysing or checking various kinds of vulnerabilities which
are present in the network and after that proper kind of testing of network must be done.
•
• Test Results and Analysis
• For proper analysis of result of test, it has been concluded that various kinds of networks can be
kept secured from various kinds of external agents and so the vulnerability of the system should be
kept secured from various kinds of solution for network.

TECHNOLOGY IMPLEMENTATIONS OF
SECURITY (CONTD.)
• Network security- Radius server
• Resources Used
• The ultimate resource which has been used for maintaining
and running of radius in various system is all about
understanding the various requirement of the system and as
per that server must be chosen.

TECHNOLOGY IMPLEMENTATIONS OF
SECURITY (CONTD.)
• Test Plan Design
• It mainly describes the various kinds of schedules,
approaches, resources and other kinds of scope which is
needed for the activity. It also adds up some of the features
which are needed for testing large number of activities. The
activity mainly comprises of test and design which is needed.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

TECHNOLOGY IMPLEMENTATIONS OF
SECURITY (CONTD.)
• Network Security – IDS
• Used Resources
Although a large number of methodologies and tools are available at present, the widespread
fundamentals are considered to be important in every kind of security configuration.
Enterprise makes use of IDS (intrusion detection system) and various kinds of associated
firewall. Firewall is mainly used for controlling large number of departments and incoming
traffic depending on large number of policies and procedure. Under the provided network IDPS
has come into action for providing host for the traffic. This has come into action of undertaken
measures of proactive measures for large number of blocks and attacks of log.
Implementation of Snort, Honeypot and other kind of software identification for flow of
network traffic which is used for identification of various kinds of vulnerability in the network.

TECHNOLOGY IMPLEMENTATIONS OF
SECURITY (CONTD.)
• Design of test plan
• First stage is all about implementation of single terminal in
which a category is launched by single kind of service or
equivalent logics. The next kind of phase is all about intruder
multiple kind of terminal.

PROTOCOLS AND QUALITY OF SERVICE
REQUIREMENTS
The Quality of Service of the system can be acquired if a particular engineering is taken
after and the design would incorporate the accompanying:
• The Quality of Service recognizable proof and checking strategies keeping in mind the
end goal to facilitate the Quality of Service from the conclusion to-end between the
system components.
• Quality of Service inside the single system component
• Lastly, the Q
• uality of Service arrangement, administration, and the capacities identified with
bookkeeping to control and regulate all the conclusion to-end movement that would be
in the system of the college.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

SWITCHING AND ROUTING PROTOCOLS
SELECTION
• Switching protocol
• IEEE 802.11 for RSTP is used for the design and including fast union for eliminating the congestion of various
tree from VLANs. The port quick summon is utilized for the sending the information bundles quicker. The uplink
quick order is utilized for interfacing two switches on the appropriation layer and if the connection gest down
the traversing tree convention helps in making a connection with the other switch associated in the system.
The IEEE 802.1 Q is utilized for the making of VLAN and dynamic trunk convention is connected for the
arrangement of the VLAN labels.
• Routing protocol
• The OSPF convention is utilized for making a connection between the distinctive switches and send and get the
information parcels in the system by means of the most brief way. The directing convention is utilized for
keeping away from the circles in the switch and expanding the adaptability in the system. There are diverse
other steering convention, for example, RIP, IS-IS and EIGRP that can be utilized for making a directed
convention in the system.

CONCLUSION
• To start with area of the presentation gives a diagram of the FNU. In this segment a
reasonable and brief depiction about the association has been given which
additionally incorporates the different business spaces, the issues in the system and
what are the activities that are to be taken so as to address every one of the issues
and this for the most part incorporates the new suggested segments for the new
system that will be outlined. The business objectives and the specialized objectives
has additionally been given in this report. The specialized report has been gone for
supporting the different business exchanges and this for the most part incorporates
the versatility, accessibility, and execution of the system, security of the system,
reasonability, convenience, flexibility and moderateness of the systems.

BIBLIOGRAPHY
• Cam-Winget, N., Popa, D., & Hui, J. (2017). Applicability Statement for the Routing Protocol for Low-Power and Lossy
Networks (RPL) in Advanced Metering Infrastructure (AMI) Networks.
• Haseeb, S., Hashim, A. H. A., Khalifa, O. O., & Ismail, A. F. (2017, November). Network Function Virtualization (NFV) based
architecture to address connectivity, interoperability and manageability challenges in Internet of Things (IoT). In IOP
Conference Series: Materials Science and Engineering (Vol. 260, No. 1, p. 012033). IOP Publishing.
• Hu, R., Hu, W., & Chen, Z. (2015, November). Research of smart grid cyber architecture and standards deployment with
high adaptability for Security Monitoring. In Sustainable Mobility Applications, Renewables and Technology (SMART), 2015
International Conference on (pp. 1-6). IEEE.
• Khaturia, M., Belur, S. B., & Karandikar, A. (2018). TV White Space Technology for Affordable Internet Connectivity. In TV
White Space Communications and Networks (pp. 83-96).
• Sinkkonen, H. M., Puhakka, H., & Meriläinen, M. (2018). Adolescents’ internet use in relation to self-esteem and
adaptability in career decision-making. British Journal of Guidance & Counselling, 1-14.
• West, D. M. (2015). Digital divide: Improving Internet access in the developing world through affordable services and
diverse content. Brookings Institution.