question archive 1) The AB&B Business T-1 service terminates at a new Catalyst 6000 series gateway router that was unwrapped and placed on the network
Subject:Computer SciencePrice:3.86 Bought11
1) The AB&B Business T-1 service terminates at a new Catalyst 6000 series gateway router that was unwrapped and placed on the network. The AB&B technicians only configured the static routes back to Visor's corporate network
2. The VPN server is used to allow workers access to the network from home.
3. The Windows 2000 file server houses most of the site's backup files, customer records, and corporate information.
4. Since this is a small network (less than 200 employees) a series of Cisco 2950 switches serves as the network's backbone
5. A generic hub separates all of the site's core services and operational departments. A wireless access point is available for clients who have the need.
6. Since Visor wants to keep personal internet use off the production machines, they have crafted a policy (though never enforced) that states all employees must use the lounge to conduct personal business on the internet.
Please tell me what are the wrongs in this network (issues) and how i can improve it. Please do it in details, state what is the wrong, issues, or what they did wrong to design this network, and also please in detail help me to to understand how that network can be redesign a better network diagram.
The network security is provided is as follow:
1 All the traffic that comes into the company's network comes through the border router which is first level of filtering traffic. It allows only the traffic that is destined to the company's network.
2. At the second level there will be a firewall which decides whether the inbound traffic has to sent into the internal network or not based on the pre-defined rules.
3. Separating the servers which are used for public communication purpose from the internal service servers. The servers which are for the communication will be put in DMZ(demilitarized zone).
4. the rest of the servers are kept in the internal network for which there will be authorized access. this access is only available to authorized personnel. further, the servers which will have sensitive information such as file servers which are used for backup purpose and the servers that hold information such as credit card details are protected by another firewall which would help protecting the insider attacks.
5. Beyond all this, there should be an IDS which can help detect the unknown malicious traffic accordingly.
Please see the attached file for the complete solution