Overview: Now that you’re super knowledgeable about security, let's put your newfound know-how to the test. You may find yourself in a tech role someday, where you need to design and influence a culture of security within an organization. This project is your opportunity to practice these important skillsets.

Assignment: In this project, you’ll create a security infrastructure design document for a fictional organization. The security services and tools you describe in the document must be able to meet the needs of the organization. Your work will be evaluated according to how well you met the organization’s requirements.

About the organization: This fictional organization has a small, but growing, employee base, with 50 employees in one small office. The company is an online retailer of the world's finest artisanal, hand-crafted widgets. They've hired you on as a security consultant to help bring their operations into better shape.

Organization requirements: As the security consultant, the company needs you to add security measures to the following systems:

• An external website permitting users to browse and purchase widgets
• An internal intranet website for employees to use
• Secure remote access for engineering employees
• Reasonable, basic firewall rules
• Wireless coverage in the office
• Reasonably secure configurations for laptops

Since this is a retail company that will be handling customer payment data, the organization would like to be extra cautious about privacy. They don't want customer information falling into the hands of an attacker due to malware infections or lost devices.

Engineers will require access to internal websites, along with remote, command line access to their workstations.

Grading: This is a required assignment for the module.

What you'll do: You’ll create a security infrastructure design document for a fictional organization. Your plan needs to meet the organization's requirements and the following elements should be incorporated into your plan:

• Authentication system
• External website security
• Internal website security
• Remote access solution
• Firewall and basic rules recommendations
• Wireless security
• VLAN configuration recommendations
• Laptop security configuration
• Application policy recommendations
• Security and privacy policy recommendations
• Intrusion detection or prevention for systems containing customer data

Answer:

Introduction:- security infrastructure design document defines how the functional and non- functional requirements are designed based on the given design specifications. It's also provides hardware,software and storage design specifications and interfaces.

Purpose:- the purpose of security infrastructure design document is helpful to define the architecture and system design to built a secure IT environment.

2. overview:- Here, The client requires an IT environment to perform their business tasks of their application and internal access (VPN) for their employees and customers with a proper security.

2.1. Assumptions & Risks & Constraints:-

Assumptions:- Employees are increased by 5% every year so that the network usage and number of devices are connected to the infra is increased.

Constraints:- considerations with security of infrastructure are :-

• Authentication system
• External website security
• Internal website security
• Remote access solution
• Firewall and basic rules recommendations
• Wireless security
• VLAN configuration recommendations
• Laptop security configuration
• Application policy recommendations
• Security and privacy policy recommendations
• Intrusion detection or prevention for systems containing customer data.

Risks:-

The organization is meant to do the E commerce related transactions. So, it may involve any third parties.so, Strict security mechanisms are to be developed to secure the Customer privacy and transaction details. If any attack is done on the organization it may effect it's reputation in the society. If any disaster or any risks are happend. They should maintain the back up for disaster recovery or risk management. Or to provide any attacks by intruders there should be backup process.

2.2.1 Federal Enterprise Architecture:-

The proposed architecture requirements matches with or complies with federal Enterprise architecture. All the protocols, hardware interfaces are complies with industry standards to ensure compatibility of the network. And the security in compliance with CMS Enterprise Architecture (EA)

Design:-

3.1 Goals:-

- a internal vpn or intranet website for employees to use

-a public website to browse and purchase the widgets

-secure remote access for engineering employees

-secure firewalls and wireless coverage

privacy for users and for devices.

3.2 Architectural Strategies:-

Intranet website for employees :- here by, employees can only access the data not the outsiders so, it shouldn't be available for any outsiders to make it private and secure for this,

- make sure that, secure firewall is used and check the intranet access.

- authorized access can reduce the security issues.

Remote access for Engineering employees:-

POP3 protocol doesn't allow users to manipulate the data so it's mandatory to use good protocols for remote access. Should check the devices compatibility, Authentication, location,before accessing the devices with remote access.

- allow only authorized Persons or IP addresses and blocked the unwanted traffic can be done for authorization.

-passwords should be protected and can be provided with  Like 802.11WLAN router with pre shared key with limit access for wireless coverage in the office.

For VLAN configuration :- using dynamic VLAN assignments and access control lists we can control user access based on the conditions.

Systems security configuration:-

The first and foremost thing of the security concern is the devices that the employees use, because by installing unauthorized and irrelevant softwares or any os the systems may effect with any harmful viruses, Trojans or with any worms,and ransomware. By using encryption, whitelisting, using VPN and antivirus can secure the sensitive data of the employees or organizations.

Security and Privacy Policy Recommendations:-

Cookie Policies:- Clear the cache and cookies can secure your privacy.

Make your customers to contact you freely. And make sure that your new customers have easy access to your policies. Third party validation of your privacy and security can enhance trust of security.

IDS & IPS for Systems containing customers data:-

Intrusion detection and prevention is not an easy thing in present society. Because, e- commerce grows massively in this generation and the chances of getting attacked is also high. So implementation of security is quite difficult, but, by doing penetration testing and reverse engineering to detect by signature or by an anomaly. And this can be achieved by a third party IDS system that readily available in the Market.

Conclusion:-

Thus, we Can Conclude the Document of the security infrastructure of the organization has assessed, were made as required for the proposed environment as specified.

Threats to protect against- dateloss

Assets being protected- organization information and customers information

Activities to protect:- transactions, employees sensitive data or data. / payments

Relative ranking:- it's a mandatory process for every organization as a part to mitigate the risks planning process.so the ranking of this project is

CIA - High, High,Medium

(Confidentiality,Integrity,Availability)