Network Security Plan for Corporation Techs: Comprehensive Report

Verified

Added on 2022/12/08

AI Summary

This report provides a comprehensive network security plan for Corporation Techs, addressing key aspects of network design, vulnerabilities, and mitigation strategies. The report begins with an executive summary and an overview of the current network design, highlighting critical points of failure such as switches, connections to administrative offices, and VPN connections. It proposes a GPON network design for improved capacity and future expansion, detailing its features and benefits. The report also outlines hardening strategies, including disabling unnecessary services and patching servers. Furthermore, it identifies various network vulnerabilities, such as malware, unpatched software, weak passwords, and insufficient security training, along with corresponding mitigation strategies like blocking unsafe sites, using vulnerability assessment tools, and implementing multi-factor authentication. Additional mitigation strategies include employing anti-malware software, intrusion detection systems, and strong password policies. The report also discusses mechanisms to secure remote network users, such as firewalls, antivirus software, VPNs, and multi-factor authentication. Finally, the report emphasizes the importance of server registration, security patches, and the use of non-privileged accounts. It concludes by highlighting expectations for redundancy, VLAN isolation, and firewall implementation, along with the benefits of the proposed network security plan. The report includes a works cited section with references to relevant literature.

First name
Student Name
Professor’s Name
Course Name
Date
Network security plan: Corporation Techs Company
Executive summary
The Corporation Tech computer systems share the same class C public IP address which
includes the IP address range. This also includes workstation along with servers. This documents
gives a basic network design for the organization. One of the most essential part of this work is
to reduce the number of public IP addresses needed to support the organization network. The
document also identify some of the hardening strategies. The scope of this document is only
within the Corporation Tech Company and the remote office of the network; some of the tools
utilized to for the analysis of the organization network are WireShark.
Document benefits
 Provide an increased organization network capacity
 Provide future expansion capability
 Identify some critical points of failure
 Recommend which points of failure which the organization needs to address (Blanc and
Cotton 56)
The current network design
Figure one shows the current network design. As shown from the figure the company has
implemented a hierarchical network design. A hierarchical network design is a three-layer
network design which was first proposed by Cisco network. The design divides the network into

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Second Name
three layers which are the access layer, the distribution layer, and the core layer. The access
layer is specifically used to connect to the enterprise layer. The distribution layer is specifically
used for routing, quality of Service and filtering. The core layer is used to manage high-speed
network connection like ten gigabit Ethernet.
Second as shown from figure one, the current network for the organization uses
inexpensive switches which are not manageable. The current network users are connected to a
bus-network using an Ethernet 100Base-T technology. In addition, the organization has utilized a
firewall which is used to prevent unauthorized to the organization network (Vasudevan 113).
Figure 1:

Second Name
Critical points of failure
 Switches which links to the various rooms
 Connection to the administrative offices
 The VPN connection to the remote office
Best network design
The company needs to go for GPON network design. This is a design which involves the
use of Passive Optical Splitters so as to divide one optical connection to server multiple
endpoints. Taking the design in figure one, the company can pass one fiber from Optical Line
Terminal port in the server room and pass to all the workstations and split it off using the 1:32
splitter into the various connections. Each of the various connections has to have an endpoint on
it which is supposed to offer Ethernet connectivity to the endpoint devices in the server room.
Features of the GPON design
 The network design is equipped with fiber optical cabling and wall plates in the various
offices
 Within the organization there various managed switches which gives a more control
managed switches which gives control over the organization LAN traffic. In addition, the
managed switches provides the ability for one to manage, monitor, and configure the
organization LAN.
 A firewall is another device which have been implemented which us designed to either
permit or deny network transmissions based on the organization rules (Tittel 114)

Second Name
Hardening strategies
To harden the current organization network, can start by disabling some of the
unnecessary service. This enables as these unnecessary services robs one server CPU cycle.
Second is the use of patching the Company server. Most are times when hackers or attackers try
to find security holes in the network server operating system. This means that a company needs
to keep the organization software up-to-date.
Examples of network vulnerabilities
Some of the network vulnerabilities are;
 Malware
 Unpatched software
 Weak password implementation
 Lack of physical security
 In sufficient security training and awareness
 Poor firewall deployment
 Lack of the appropriate security policies
 Disgruntled employees
 Lack of implementing intrusion detection systems and IPS
Mitigation strategies for the identified vulnerabilities
One of the ways to is to block the network users from visiting some of the suspected and
confirmed unsafe sites. To the organization website, the company needs to apply what is known
as bandwidth checks and to have a detailed reporting tools to analyze the browsing activities and
demonstrating the effectiveness of the web security. Third, the company needs to have a
vulnerability assessment tool or what are known are scanners to identify weaknesses which may

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Second Name
be found within the organization network. Fifth the organization needs to use a very strong
authentication; in here the organization is supposed to conduct a multi-factor authentication
which combines user Id and passwords with tokens, finger print readers and smart cards. Lastly,
the company needs to use anti-malware software such as Kaspersky’s. Also the company need to
use intrusion detection systems and Intrusion Prevention Systems; this assists in detection of any
form of intrusion into the organization network. In addition, all the Company’s software needs
to up to date and proper systems configuration done.
Other mitigation strategies are:
 Never to use personal information as the password these prevents password hacking
 Deployment of anti-phishing tools
 Conducting employee training once every month; this creates network security awareness
 Checking those computers running promiscuous mode
 All the default passwords to the network devices needs to be changes
Mechanism to secure remote network users
One of the method widely utilized by big organizations is setting up a firewall and anti-
virus which matches the size and scope of the organization. Second, the antivirus needs to have
an in-built antivirus and an anti-malware software. Third, the organization needs to set-up a
VPN. Forth is to use a multi-factor authentication method and limiting information access.
Network security plan
The server ought to be registered with the company IT department with the server owner
contacts and location, hardware and OS version, the MAC address, main functions, and
applications. In addition, the company needs to use the most recent security patches which have

Second Name
to be installed on the systems. Third, one needs not to use administrator when a non-privileged
account can be used.
Expectations and its justification
All possible redundancy needs to be deployed so as to protect the availability of the
operating systems including the redundant cabling and the redundant NICs. The organization
also needs to isolate VLAN so as to protect the administrative staff. Lastly, there should be
firewall in every VPN connection (Kurose and Ross 116).
Captured packets using Wire Shark

Second Name
Persuasive justification and the measurable expectations
The sole router suggested in this paper is designed to manage the organization VLAN so
as to prevent unauthorized people from accessing the organization critical information. The
logical design which have to go line in line with SAFE architecture will implement a secure
network for the organization. Lastly, GPON design will facilitate an in-depth network design
approach which is unified and protect the entire organization network.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Second Name
Works Cited
Blanc, Robert P and Ira W Cotton. Computer networking. New York: IEEE press, 2017.
Kurose, James F and Keith W Ross. Computer networking : a top-down approach . Chicago:
John & Wiley Press, 2018.
Tittel, Ed. Computer Networking. London: McGraw-Hill Press, 2016.
Vasudevan, hriram K. Computer networking. Chicago: Oxford Press, 2015.