Network Infrastructure and Security1

Network Infrastructure and Security Directed Research Project CIS 590

Dr. a!es ". #ukira

$awrence #u%inda
une& 0'& (01)

Network Infrastructure and Security (

justify and support the relationship between infrastructure and security as it relates to this data-collection and analysis company. *or a data co%%ection and ana%ysis co!+any& the data is their !ost ,a%ued asset. -ence its security shou%d .e of ut!ost i!+ortance to the co!+any. /he o,era%% ,a%ue of the data de+ends on its conte0t i.e.& how it is used& how often it is used& what ,a%ue it deri,es for the co!+any and so on. /he ,a%ue of Infor!ation /echno%o1y to any co!+any is its a.i%ity to store& +resent& !ana1e& ana%y2e and +rotect the data to su++ort the co!+any do its .usiness o+erations with the he%+ of it. So!e ty+es of data ha,e inherent ,a%ue for e0a!+%e +rofi%es of a %ar1e nu!.er of custo!ers. So!e data ha,e deri,ed ,a%ue for e0a!+%e3 %ar1e a!ount of data re%atin1 to custo!er4s .uyin1 .eha,ior ana%y2ed usin1 socia% !edia too%s durin1 the +eriod of .%ack *riday. So!e data !i1ht .e worth !ore and so!e data wou%d .e of %esser ,a%ue. Data co%%ected and ana%y2ed fro! ,arious sources re%ated to custo!er satisfaction and feed.ack& sa%es entice!ents& co!+etiti,e differentiation etc a%% ha,e ,a%ue. -owe,er the u%ti!ate ,a%ue of the data is 5uite co!+%icated as it4s .ui%t fro! a co!+osite of a%% these su.6dates. 7hen !ore and !ore +eo+%e within the co!+any access the data and deri,e infor!ation out of it& !akes the data !ore ,a%ua.%e. -ow 1ood the data is secured& de+ends on ,arious factors and one of the .i11est factors is he I/ infrastructure of the or1ani2ation. *o%%owin1 are so!e reasons throu1h which we can deter!ine the re%ation .etween infrastructure and data security 8 a9 $oss of data confidentia%ity8 /he data which is .ein1 trans!itted o,er a network is a%ways at a risk of .ein1 ea,esdro++ed .y an unauthori2ed +arty. /he weak contro%s o,er access to the co!+any network !i1ht resu%t in data stored on the co!+any:s ser,ers and workstations su.ject to unauthori2ed access. .9 $oss of data inte1rity8 If the network nodes are not setu+ +ro+er%y and secured& the data in

Network Infrastructure and Security)

transit .etween these network nodes !ay .e !odified de%i.erate%y or otherwise. /his wou%d resu%t in the Data !ay .e !odified in transit .etween network nodes& de%i.erate%y or otherwise. /his !i1ht resu%t in the syste! recei,in1 the data +rocess it incorrect%y or +erha+s !a%icious data !i1ht 1et trans!itted. -owe,er the end resu%t is a %oss for the co!+any. c9 Denia% of Ser,ice8 /he network infrastructure of the co!+any re%ies on the continued functiona%ity of a%% the network %inks that connects to its co!+onent codes. /he disconnection of a network or s%owdown of a network %ink !ay +re,ent the syste! fro! +ro,idin1 necessary ser,ices for the data ana%ysis and co%%ection +rocess to effecti,e%y continue. d9 Syste! co!+ro!ise8 /he network infrastructure inc%udes routers& #ode!s& DNS Ser,ers& other co!!unication and connecti,ity de,ices are at risk of .ein1 co!+ro!ised and their resources .ein1 used .y unauthori2ed +arty for i%%e1iti!ate +ur+oses as denia%6of6ser,ice ;DoS9 attacks or .andwidth theft occurs. Present the rationale for the logical and physical topographical layout of the planned network. Current 6 <efore u+ 1radation& the network is strai1htforward %ike that of any of s!a%% .usiness. <oth %o1ica% and +hysica% %ayout consist of !ai% ser,er& data.ase& firewa%%s& and so on i.e. a%% those e%e!ents which for! a .ack.one of data6co%%ection co!+any. P%anned 6 In +%anned one& the co!+any is !o,in1 fro! 1 f%oor to three f%oors. /o a,oid co!+%e0ity& the %ayout wi%% re!ain the sa!e. =n each of the f%oor the +hysica% and %o1ica% %ayout re!ains identica%. =n%y at the hu. connection& the entire wired are 1athered and tied at one +%ace. *or 7i6*i re%ated e5ui+!ents& router with hea,y6%oadin1 ca+a.i%ity is re5uired. /he entire ser,er wi%% .e shifted to third f%oor& so that it is not easi%y accessi.%e to any c%ient and unauthori2ed +erson.

Network Infrastructure and Security >

Design a logical and physical topographical layout of the current and planned network. Current 6 Physica% %ayout

>

Network Infrastructure and Security5

$o1ica%

P%anned Physica%

$o1ica% is !ore or %ess sa!e %ike that of current4s %o1ica% dia1ra! which !ore nu!.er of de,ices and wirin1.

Network Infrastructure and Security '

Illustrate the possible placement of servers. ?nhanced a,ai%a.i%ity and resi%iency 6 -ardened de,ices are +%aced as shown in the fi1ure so as !ake sure that co!+any has o+ti!a% ser,ice a,ai%a.i%ity and re!o,e any syste! and interface6 .ased redundancy. Network *oundation Protection 6 @s shown in the fi1ure& de,ice hardenin1& and contro% and !ana1!ent +%ane +rotection is ensured throu1hout the entire infrastructure to !a0i!i2e a,ai%a.i%ity and resi%iency. Pu.%ic Ser,ices D#A 6 /his +ortion de+icts the +%ace!ent of de,ices to ensure end+oint ser,er +rotection& intrusion +re,ention& statefu% firewa%% ins+ection& a++%ication dee+6+acket ins+ection and DDoS +rotection. Secure !o.i%ity 6 Bnder this& CPN +rotection is a +riority for !o.i%e users. It +erfor!s the +ersistent and consistent +o%icy enforce!ent inde+endent of %ocation of staffs. It inte1rates we. security and !a%ware defense syste!s. Interna% @ccess 6 /he e5ui+!ents are arran1ed as shown in fi1ure to ensure e!ai%6we. security& statefu% firewa%% +re,ention and 1%o.a% corre%ation and 1ranu%ar access contro%. /hreat detection and !ana1e!ent 6 this +art ensures intrusion +re,ention and infrastructure .ased te%e!etry so as to identify and !iti1ate threats. ?d1e +rotection 6 /his +%ace!ent ensures traffic fi%terin1& routin1 security& firewa%% inte1ration and IP s+oofin1 +rotection to discard ano!a%ous traffic f%ows& +re,ent unauthori2ed access and .%ock i%%e1iti!ate traffic. Create and describe a comprehensive security policy for this data-collection and analysis company.

'

Network Infrastructure and SecurityD

C%assification of Data @ny co!+any4s user ha,in1 authoritati,e access to data of the co!+any !ay& !odify data4s c%assification. /he user !ay .e in a +osition to chan1e c%assification of data if there are sufficient and justifia.%e reasons of doin1 so. Resources doin1 so wi%% .e he%d strict%y res+onsi.%e for their chan1es. 7hen a new data is created& it shou%d .e c%assified as ECo!+any =n%yF data ti%% it user rec%assifies it as +er one4s !odifications. Bsers are he%d strict%y for any chan1e in c%assification they do. C%assifications for e0istin1 co!+any4 data are 1i,en .e%ow8

Co!+any4s .usiness infor!ation ;!e!os& financia% docu!ents& +%annin1 docu!ents etc9 shou%d .e c%assified as GCo!+any =n%yG3

Co!+any4s custo!er data ;contact detai%s& contracts& .i%%in1 infor!ation etc9 shou%d .e c%assified as GCo!+any =n%yG3

Network !ana1e!ent data ;IP addresses& +asswords& confi1uration fi%es& etc.9 shou%d .e c%assified as GConfidentia%G3

-u!an resources infor!ation ;e!+%oy!ent contracts& sa%ary infor!ation& etc.9 shou%d .e c%assified GConfidentia%G3

Pu.%ished infor!ation ;+a!+h%ets& +erfor!ance re+orts& !arketin1 !ateria%& etc.9 shou%d .e c%assified GSharedG3

?6!ai% .etween Co!+any4s e!+%oyees shou%d .e c%assified GCo!+any =n%yG3 and& ?6!ai% .etween Co!+any4s e!+%oyees and non6Co!+any e!+%oyees shou%d .e re1arded as GBnc%assifiedG.

Network Infrastructure and Security H

C%assifications8 Ro%es and Res+onsi.i%ities 1. Res+onsi.i%ity of the user to8

o

"now one4s own c%earance %e,e% and to understand what are the ri1hts and %i!itations associated with that c%earance

?nsure a%% the data one4s 1oin1 to work on is correct%y c%assified3 ?nsure one is fa!i%iar with the restrictions associated with the data one4s workin1 on and

ensure a%% the data one works with is +rotected +ro+er%y.

(. Res+onsi.i%ity of a%% syste! owners and syste! ad!inistrators to8

o

deter!ine the security %e,e% for a%% users. +ro+er ,erification of the e5ui+!ent user is 1oin1 to work with. insta%%ation of the e5ui+!ent.

). Res+onsi.i%ity of each di,isiona% !ana1er is8

o

Iettin1 a++ro,a% on c%earance for e!+%oyees. C%arifyin1 the c%assification of data on syste!s. C%arifyin1 the c%assification of e5ui+!ent. Bnderstandin1 and i!+%e!entin1 the +o%icy.

>. Res+onsi.i%ity of the Security =fficer to8

Network Infrastructure and Security9

a++ro,in1 a%% c%assifications #aintainin1 a %ist of a%% c%assifications @++ro,in1 the fina% %ayout of the co!+any4s network. contro%%in1 and !ana1in1 a%% trusted +oints

Co!+%iance 1. @ny unauthori2ed user accessin1 data& de,ice& e5ui+!ent or a %ocation with insufficient +ri,i%e1es can face disci+%inary action. (. @ny user who is a%%owed to access a syste! that heJshe contro%s on .eha%f of so!eone e%se with insufficient c%earance can face disci+%inary action. ). @ny +erson who is tryin1 to connect to an e5ui+!ent for which one is not c%assified to access the network with an ina++ro+riate +art of the network can face disci+%inary action& >. @ny +erson who is trans!ittin1 data o,er the network without s+ecific +ri,i%e1es can face disci+%inary action.

Network Infrastructure and Security 10

References
1. @!ies& @%e03 S%ui!an& -ar! ;(01(9. GInfrastructure as a Ser,ice C%oud Conce+tsG.

De,e%o+in1 and -ostin1 @++%ications on the C%oud. I<# Press. IS<N 9DH6061)6)0''H>6 5.
(. Strachey& Christo+her ;19599. G/i!e Sharin1 in $ar1e *ast Co!+utersG. Proceedin1s of

the Internationa% Conference on Infor!ation +rocessin1& BN?SC=. +a+er <.(.198 ))' )>1.

10

Network Infrastructure and Security11

). !urban" #$ %ing" D &'(()*. +Chapter ,- .uilding #-Commerce /pplications and Infrastructure+. #lectronic Commerce / 0anagerial Perspective. Prentice-1all. p. '2.
>. Coors%uys& 7i%%ia! &'(,,*. +Introduction to Cloud Computing+. In R. .uyya" 3.

.roberg" /.4oscinski. Cloud Computing Principles and Paradigms. 5ew 6ork" 78/ 9iley Press. pp. ,:;;. I8.5 -2)-(-;2(-))2---).

11