This project provides you an opportunity to solve a comprehensive problem in firewall and virtual private network (VPN) implementation at various levels. You will play the role of an employee participating in network design and planning of a specific business situation.

The following tools and resources are needed to complete this project:

? A web browser and access to the Internet to perform research for the project

? (Optional) A tool for creating basic network diagrams, such as draw.io or Microsoft PowerPoint

Project Part 4: Final Network Design Report

Scenario

You are ready to create and submit a final network design and plan to the senior network architect, who will present it to senior management and other decision makers.

Tasks

For this part of the project, perform the following tasks:

1. Create a final network diagram that includes the basic diagram and all relevant network enhancements.

2. Create a professional report that includes content from each draft report. Include details for all relevant information, persuasive justification for your recommendations, and methods to measure the success of each major network enhancement. Include a 1- to 2-page executive summary.

3. Use simple, clear language that primary stakeholders (non-IT) can understand easily.

Submission Requirements

? Format: Microsoft Word (or compatible)

? Font: Arial, size 12, double-space

? Citation style: MLA

? Length of final report: 10–16 pages, including executive summary and network diagram

Self-Assessment Checklist for Final Report

? I developed a network design that meets the requirements.

? I created a professional, well-developed report with proper documentation, grammar, spelling, and punctuation.

? I described technology recommendations, provided justification for those recommendations, and described methods to measure the success of each major network enhancement.

? I included an executive summary and a final network diagram.

? I included citations for all sources used in the report.

? I followed the submission guidelines.

Answer:

The f?ll?wing re??rt is ?r?du?ed b?sed ?n inf?rm?ti?n ?r?vided by ??r??r?ti?n Te?hs' seni?r netw?rk ?r?hite?t ?b?ut the re?l??ement ?f the ?ld firew?ll.

T??i?: Re?l??ement ?f the firewalls

??rt 1- (Questi?n 1)

F?r the ??r??r?ti?n's te?hni??l netw?rk, there ?re the f?ll?wing firew?lls:

Netw?rk firew?ll

D?t?b?se firew?ll

Web ???li??ti?n firew?ll

?l?ud Firew?lls

UTM

??rt ?):

Netw?rk firew?ll - Tr?diti?n?l netw?rk firew?lls ?revent unw?nted tr?ffi? fr?m entering ? business netw?rk by ???lying ? v?riety ?f se?urity rules th?t de?ide when ???ess sh?uld be refused.

D?t?b?se Firew?lls - ?s the n?me im?lies, ? d?t?b?se firew?ll w?s designed t? s?fegu?rd d?t?b?ses. D?t?b?se firew?lls ?re ?ften ? ty?e ?f web ???li??ti?n firew?ll th?t is inst?lled in fr?nt ?f the d?t?b?se server t? kee? it s?fe, ?r within the netw?rk g?tew?y if ?r?te?ting m?ny d?t?b?ses ??r?ss sever?l servers.

Web ???li??ti?n firew?lls- ?r?xy servers ???e?t in??ming d?t? ?nd est?blish ? ??mmuni??ti?n rel?ti?nshi? with the ???li??ti?n ?n beh?lf ?f the extern?l ?lient.

?l?ud Firew?lls- R?ther th?n building ? firew?ll ?n-?remises in ? ??r??r?te d?t? ?enter, the s?me degree ?f se?urity f?r netw?rks, ???li??ti?ns, ?nd d?t?b?ses m?y be im?lemented ?nline.

UTM- Its ???li?n?es ?re ?ften equi??ed with ? ??nventi?n?l firew?ll, intrusi?n dete?ti?n, ?nd ? se?ure internet g?tew?y th?t ?he?ks in??ming tr?ffi?/em?ils f?r viruses ?nd m?lw?re.

The firew?ll sh?uld be inst?lled ?s f?ll?ws f?r best effe?tiveness:

?ll extern?l tr?ffi? sh?uld g? vi? the firew?ll bef?re it re??hes the netw?rk. This me?ns th?t the firew?ll must be ?l??ed b?th between the internet ?nd the netw?rk.

Intern?l tr?ffi? entering the intern?l netw?rk vi? the DMZ is then re?eived by ? se??nd r?uter, the intern?l firew?ll, whi?h filters it int? the intern?l netw?rk.

Firew?lls ?re ??mm?nly inst?lled ?r?und the ?erimeter ?f ? netw?rk. ? firew?ll is ? devi?e th?t ??ts ?s ? b?rrier between ?n extern?l netw?rk ?nd the netw?rk it is designed t? ?r?te?t. It is inst?lled inline ?l?ng with ? netw?rk ??nne?ti?n ?nd ins?e?ts ?ll ???kets entering ?nd de??rting the ?r?te?ted netw?rk. It uses ? set ?f ?re-??nfigured ?riteri? t? distinguish between m?li?i?us ?nd benign ???kets ?s it ex?mines them.

The ?b?ve-menti?ned firew?lls were ?h?sen f?r the f?ll?wing re?s?ns:

??ntr?l ?nd ???ess t? their ???s.

B?th thre?t defense ?nd thre?t ?reventi?n ?re required.

Thr?ugh?ut ?f ?ne gig?bit.

T? ?r?vide ? ?r?te?tive b?rrier, ? firew?ll is ty?i??lly ?ut between ?n extern?l, ??ssibly untrustw?rthy s?ur?e ?f tr?ffi? ?nd ?n intern?l netw?rk. With th?t b?si? ??n?e?t in mind, ? se?urity ?dministr?t?r sh?uld ev?lu?te where ?nd h?w m?ny firew?lls ?re ne?ess?ry.

Firew?ll s?ftw?re will m?nit?r, limit, ?nd ??ntr?l netw?rk ??nne?ti?ns ?s well ?s inter??ti?ns ?n the b?rder ?f ? ?riv?te netw?rk ?nd ? ?ubli? netw?rk.

Intern?lly, firew?lls ?re ??mm?nly used t? segreg?te tr?ffi? ?r d?t? fl?ws b?sed ?n risk ??teg?riz?ti?n.

??rt b):

Netw?rk ?ddress: ? netw?rk ?ddress is the numeri??l netw?rk ??m??nent ?f ?n I? ?ddress.

Server: ? netw?rk server is ? ??werful ??m?uter th?t ??nne?ts t? the ??m??ny's netw?rk. Netw?rk servers ?r?vide sever?l fun?ti?ns ?nd ?re ?n essenti?l ??m??nent ?f every netw?rk ??nne?ti?n.

W?rkst?ti?n firew?ll: ? firew?ll is ?ften ? ??m?uter ??m??nent ?r se?urity s?ftw?re ???li??ti?n th?t m?y ?id in netw?rk se?urity by limiting tr?ffi? ?nd ?reventing un?uth?rized ???ess t? sensitive inf?rm?ti?n ?n the ??m?uter.

??rt 2): (Questi?n 2)

There is ? ?l?n in ?l??e f?r ??nstru?ting ? demilit?rized z?ne-

? du?l-firew?ll setu?, with the DMZ netw?rk l???ted between the tw? firew?lls, w?uld be ? m?re se?ure ???r???h t? build ? DMZ netw?rk.

The first firew?ll, s?metimes referred t? ?s the ?erimeter firew?ll, is designed t? let ?nly extern?l tr?ffi? int? the DMZ.

The DMZ ?ffers ?n extr? l?yer ?f ?r?te?ti?n t? the ??m?uter netw?rk by ?r?hibiting extern?l ???ess t? intern?l servers ?nd d?t?, b?th ?f whi?h m?y be highly d?m?ging if h??ked.

T? set u? ? DMZ, the firew?ll needs t? h?ve three netw?rk interf??es, whi?h m?st firew?lls ?urrently d?.

?ne interf??e ??nne?ts t? the intern?l netw?rk ?f their netw?rk, ?n?ther t? the untrusted Internet, ?nd the third t? the DMZ.

The DMZ ??nsists ?f servers th?t users must ??nne?t t? fr?m bey?nd the firew?ll.

--In the f?ll?wing res?e?ts, the netw?rk is m?re se?ure:

? DMZ is ? netw?rk subnetw?rk th?t sits between the ?ubli? internet ?nd ?riv?te netw?rks.

It links untrusted netw?rks t? extern?l-f??ing ???li??ti?ns ?nd ?ffers ?n extr? .

The g??l ?f ? DMZ is t? give ?n extr? l?yer ?f se?urity t? ? ??m??ny's L?N.

While the m?j?rity ?f the ?rg?niz?ti?n's netw?rk is ?r?te?ted by ? firew?ll, ? se?ure ?nd regul?ted netw?rk n?de is f??ing ?utside the intern?l netw?rk t? ???ess wh?t is ???essible in the DMZ.

??rt 3): (Questi?n 3)

Ty?es ?f Netw?rk ?uthenti??ti?n-

??ssw?rd-b?sed ?uthenti??ti?n- ??ssw?rds ?re the m?st ?ften used ?uthenti??ti?n meth?d. ??ssw?rds ??n be m?de u? ?f numbers, s?e?i?l ?h?r??ters, ?r ? string ?f letters. T? be s?fe, users must ?h??se str?ng ??ssw?rds th?t ??mbine ? v?riety ?f ?l?usible ??ti?ns.

Multi-f??t?r ?uthenti??ti?n- MF? is ? kind ?f ?uthenti??ti?n th?t requires the use ?f tw? ?r m?re distin?t meth?ds t? ev?lu?te ? user.

?ertifi??te-b?sed ?uthenti??ti?n - T? identify ? user, system, ?r ??nne?ti?ns, this te?hn?l?gy uses digit?l ?ertifi??tes.

Bi?metri? ?uthenti??ti?n - This is ? f?rm ?f se?urity th?t is b?sed ?n ? ?ers?n's unique bi?l?gi??l ?h?r??teristi?s.

T?ken-b?sed ?uthenti??ti?n - It ?ll?ws users t? enter their ?redenti?ls ?nly ?fter they get ?n en??ded string ?f r?nd?m ?h?r??ters in res??nse.

There is ? high-level ?l?n in ?l??e f?r se?uring ???ess t? intern?l netw?rk res?ur?es.

?bt?in the user's l?gin inf?rm?ti?n.

Bef?re submitting the request t? the server, in?lude it in the request f?rm ??r?meters.

The server verifies the user's identity using the l?gin inf?rm?ti?n given.

?fter su??essful v?lid?ti?n, ?re?te ? ???kie ?nd in?lude it in the res??nse.

The ?lient w?uld then utilize this ???kie/sessi?n t? ?erf?rm further requests.

The field ?f ?uthenti??ti?n te?hn?l?gy is ??ntinu?lly ?h?nging. Inste?d ?f merely utilizing ??ssw?rds, businesses sh?uld ??nsider ?uthenti??ti?n ?s ? me?ns t? im?r?ve ?ust?mer ex?erien?e. Bi?metri? ?uthenti??ti?n elimin?tes the need t? remember ??m?lex ?nd lengthy ??ssw?rds. ?tt??kers w?uld be un?ble t? bre?k ??ssw?rds ?s ? ??nsequen?e ?f im?r?ved ?uthenti??ti?n te?hniques ?nd te?hn?l?gy, ?v?iding ? d?t? bre??h.