Network Security
This report is the answer to a scenario that was provided as the basis for this assignment. The idea is that a security firm has been awarded a contract for a local government agency. As part of that contract, the author is being asked to provide a number of deliverables. These would include an information flow diagram, an equipment list that would be required so as to make up the network security infrastructure, a maintenance plan to keep the network running and operating in optimal fashion, a list of at least four security measures that could be developed, two physical security vendors that could be used and how human resources could and should figure into all of the above. While there are multiple ways to undergo a network security system plan, there are some options and paths that are more required than others.
Analysis
The network information flow diagram that was asked for as part of this assignment is shown in the appendix. Something that should be clear from that diagram is that there is not just a single barrier, software for physical, when it comes to the network. In terms of the network, there are actually three zones. There is the exterior zone and there is the most secure zone. In between, there is a middle zone. The need for the middle zone comes from the fact that just because some devices are allowed past the external firewall does not mean that they should get full access to anything and everything that is beyond that first firewall. For users that are outside of the network that have permission to access the intranet, they will have the credentials to get through the external and internal firewalls. The virtual private network (VPN) that is nestled in between the two firewalls is just one way for external users to get through. For example, if a worker is at a hotel and is connected to the internet, they can access the intranet and the rest of the internal network by accessing the VPN. Conversely, users that are behind both firewalls are able to use the internet, cloud services and so forth so long as they stay within the network security policies. For example, an authorized computer would be given access to the services and information to which they are entitled per the network and user setup. Unauthorized computers, on the other hand, are restricted or blocked from accessing anything important. In short, the information flows back and forth across the length of the network based on what information is allowed to be accessed, what services are allowed to be accessed and so forth. The proper configuration and arrangement of these services,...
In total, there are about four general types. These types would be active devices, passive devices, preventative devices and Unified Threat Management (UTM) devices. Active devices would include firewalls, antivirus scanning devices, content filtering devices and other devices that block surplus traffic on the network. Passive devices would include intrusion detection appliances. These are devices that identify and report on traffic that is unwanted or undesirable. Preventative devices would include penetration testing devices and vulnerability assessment devices, otherwise known as appliance. Those devices scan the networks and help identify potential or verified security problems. The last type, of course, would be the aforementioned UTM devices. These would include firewalls, content filtering, web caching and other sorts of all-in-one security devices. One specific device that would be useful in the case of the local government agency that is the subject of this brief report would be a Cisco ASA 5515-X Firewall Edition Security Appliance. The device has gigabit internet, is rack-mountable and has six ports. That device is a smidge over two thousand dollars. A comparable device to that would be a WatchGuard Firebox M500. Like the Cisco device, it serves as a physical firewall that can protect the network security of the local government agency in question. The device has onboard support for gateways, web content filtering intrusion prevention and other features that are presented and discussed on the network information flow diagram elsewhere in this report. Like the Cisco device, the WatchGuard offering is also in the price range of several thousand dollars, coming in at about $2500 (ITCS, 2017).
Other devices that would be necessary would include end-user computer workstations. Two of the common brands that could be used to meet this end would include Dell and Lenovo. The latter is what used to be the computer division of IBM. Cost per workstation would range from $500 to $2000 per unit, depending on the computing power that is needed. The major things that would drive the price would include the processors in the computers, the amount of RAM, the type and size of hard drive and so forth. Something else that would be necessary is the proper network and patch cabling. So as to keep things as “future-proof” as possible, using Category 7 networking cabling would be the best. If existing infrastructure is present and…
