Vous êtes sur la page 1sur 8

Running head: Designing a Secure Network 1

Designing a Secure Network


Louis F DeWeaver III
Strayer University

CIS534 Week #10 Term Paper Project: Designing a Secure Network


Instructor: Danielle BaBB
December 11th, 2014

Designing a Secure Network 2

Overall network diagram

Designing a Secure Network 3


Explain of each network devices function and the specific configuration of each
The first device I will be describing is the VPN Firewall. This device is responsible for
establishing all of the remote users connections to the internal network and its resources by
allowing the private network to be extended using the internet. Some of the key features of this
VPN is its transparency for Network Address Translators (NATs), proxy servers and firewalls.
This VPN establishes a VPN tunnel through the HTTPS protocol. TCP/IP port 443 is the port the
HTTPS protocol uses as its destination port.
The next device I will be describing is the remote users laptops. The laptops function as
a means for the remote users to access the network. The laptops are configured to signing into
the SSL VPN. The user is required to enter their user ID and password. The VPN is already
configured with static routes to all internal network locations and the particular drive mapping
configurations for each specific user. There is also a two-factor token that is issued by the VPN
Firewall that is required to sign in.
The next device I will be describing is the main router. The main router is responsible for
the connections between networks. It is responsible for securely transmitting packets across the
connected networks to its intended destination. The Main router is located at the network edge
and it is configured to access the Internet and/or configured to send information across the WAN.
The main route acts as a go between LAN and the WAN. In this configuration the Main router is
also connected to the distribution router.
The next device I will be describing is the core router. The core router is connected to the
DMZ in this configuration. The core router is responsible for forwarding packets to and from the
computer hosts within the DMZ network. The core router is configured to isolate a network
segment so that the publicly accessible servers are separate from the internal network. The core

Designing a Secure Network 4


router prevents the publicly accessible servers from contacting other internal network segments.
This offers a secured environment in the event that a server in the DMZ is compromised.
The next device I will be describing is the distribution router. The distribution router is
responsible for supplying an isolation point between the networks access and core layers. The
Distribution router is configured so that it provides boundary definitions. The distribution router
is mainly responsible for routing and it provides the following policy-based network
connectivity: Packet filtering; QoS; Access Layer Aggregation Point; Control Broadcast and
Multicast Application Gateways. The distribution route is also configured to provide
manipulation of packets of the network traffic and also performs queuing.
The next devices I will be describing are the firewalls. The firewalls are
responsible for providing a secured barrier that is used to control network traffic into and out of
the Internet-connected network, and also between the different internal network segments. In this
particular network there are 2 firewalls. The first one is placed between the core router and the
DMZ switch. This firewall allows internal traffic to pass through to the DMZ zone and allows
select pass back to the internal network. The second firewall is located between the distribution
router an internal switch and the authentication server. This firewall is also configured to allow
certain traffic to pass through to the internal network.
The next devices I will be describing are the network switches. The network switches are
responsible for connecting multiple devices on this network together. For example, the network
switches in this network configuration connects the computers, routers, servers and storage
devices that all together creates a network of shared resources. The network switches are all
configured to perform layer 2 switching and they basically receive all the information from all of
the sources connected to them. Once this information is received the switches transfer it to the

Designing a Secure Network 5


appropriate destinations only. There are four network switches in this configuration and they are
all Gigabit switches. They are located in the following locations: The DMZ between the firewall
and the servers that reside there. On the internal network connecting the authentication server
and the IDS server. On the internal network connecting the local users, IDS, Antivirus, database,
file and application servers. The last switch connects the SAN device to the database, file and
application servers.
The next device I will be describing is the Web server. The Web server is responsible for
processes all the requests to access the companys web site via HTTP. The Web server is
configured to store, process and deliver the content of the companys web pages to clients. All
the communication that takes place between client and server is done so using the HTTP
(Hypertext Transfer Protocol). The Web server is also located in the DMZ zone so that it can be
accessed by outside users but those same users are prohibited from access to the internal
network.
The next device I will be describing is the FTP server. The FTP server is responsible for
all of the FTP requests to upload or download files and/or programs that are select from a
particular directory on a FTP server. This FTP server is configured to allow users located on
outside network to connect to this server using an FTP client, so that files can also updated,
deleted, renamed, moved, and copied that are located on that server. The FTP server is also
placed in the DMZ so that files can be accessed by outside users but those same users are
prohibited from access to the internal network.
The next device I will be describing is the mail server. The mail server is responsible for
receiving incoming e-mail and sending outgoing email. The email server is configured to use the
Simple Mail Transfer Protocol (SMTP) for sending e-mail, and for receiving e-mail. The email

Designing a Secure Network 6


server is also located in the DMZ and configured with a SMTP gateway for all external email to
be sent and received.
The next device I will be describing is the DNS server. The DNS server is responsible for
hosting records of a distributed DNS database. The DNS server is configured to use the records
that it hosts to resolve the DNS name queries that are sent by DNS client computers. These
queries include Web site names and computers on the local network and computers connected via
the Internet. The DNS server is also located in the DMZ and this particular server is configured
to handle only the external network DNS request.
The next device I will be describing is the authentication server. The authentication server
is responsible for providing an automated centralized and standardized system for network
management of user security, distributed resources and security. The authentication server is
configured to provided authentication and authorization mechanisms for all local and remote
users. The server is also configured to authorize and allow access to the network from all users
and computers located in the domain.
The next device I will be describing is the IDS server. The IDS server is responsible for
monitoring all the traffic on a network. The IDS is configured to look for suspicious activity,
attacks or unauthorized activity. In addition to monitoring the IDS is also configured to scan
system files to help locate unauthorized activity as well as to maintain file and data integrity. The
IDS server is also configured to detect changes in core server components. This IDS server is
also configured to look for suspicious usage patterns and server log files. The IDS server is also
configured to scan local firewalls and network servers for exploits performing live scanning of
network traffic.

Designing a Secure Network 7


The next device I will be describing are the database servers. The database servers are
responsible for processing database queries. The database servers in this particular configuration
contain the databases for the mail server, the web server and all other systems that require a SQL
database. The database server is configured to perform tasks such as: storage, archiving, data
analysis, data manipulation as well as other non-user specific tasks. In this configuration the
databases are connected to the SAN network switch.
The next device I will be describing is the file server. The file server is responsible for a
providing a central storage and management location for all of the data files. The file server is
configured so that all of the other computers on the internal network can access the files. The file
server is configured to allow the local connected users the ability to share information on the
network without having to actually transfer the files by some other means such as using an
external storage device.
The next device I will be describing is the application server. The application server is
responsible for delivering various applications to another workstations, and servers on the
network. This particular application server is configured so that everyone on the local network
can run software off of this server. The storage space for the application server is located on the
SAN device.
The next device I will be describing is the SAN server. The SAN server is responsible for
storing all of the database, file and application servers information. The SAN is configured with
fiber channels. The fiber channels are directly connected to a fiber switch, and this configuration
supplies fast speeds when data is being retrieved or written.
The next device I will be describing is the Antivirus server. The Antivirus server is
responsible for protecting and scanning all of the servers and workstations from viruses and

Designing a Secure Network 8


malware. The Antivirus server is configured to scan all files that are received and sent from each
network device.