MOD005774 Network Security
Assignment element 011 - Component 1: Case Study
Trimester 1, 2023
This document outlines all the details concerning assessment element 011 in the Network Security module. Please ensure to thoroughly review the entire document and identify any elements that may not be clear. For any inquiries regarding the case study, kindly reach out to the module leader. Please note that questions submitted via email or verbally will not receive a response.
PocoLoco Inc., a recent establishment in London, has extended its presence by opening a branch in Chelmsford. Although the company has crafted its network infrastructure, it acknowledges the presence of multiple security vulnerabilities within the design. In response, they have engaged ARU with a consulting contract. Under this agreement, BSc Computer Networks students will be tasked with devising, implementing, and documenting an effective security solution tailored to meet the company's specific requirements.
This document outlines the existing condition of the network, outlines the security needs of PocoLoco Inc., and concludes by specifying the ultimate deliverables expected for this assignment.
The company is headquartered in London and operates a branch in Chelmsford. The network is structured as follows:
PUBLIC NETWORK: This network operates independently of PocoLoco Inc.'s management and should remain unaltered. It comprises an HTTPS server accessible via the https://google.com/ URL, a computer designated for a teleworker (i.e., an employee working remotely but affiliated with the company), a computer used by an external individual not associated with the company, a DNS server utilized by devices within the PUBLIC NETWORK, and a DHCP server responsible for assigning IP addresses to devices connected to the PUBLIC NETWORK. The ISP router is part of the PUBLIC NETWORK and must not undergo any modifications, assuming proper configuration by the ISP as showing in the figure 1.
LONDON HQ: This area represents the internal network of the London headquarters and is under the direct management of the company. Within this network, you will encounter the server farm housing AAA, Syslog/NTP, and Internal DNS servers as showing in the figure 1.
The following configurations have already been made for you:
Figure 1 and Table 1 show the IP addresses configured in each device interface.
Note that this topology doesn’t represent a real environment, certain protocols, such as NAT, have not been configured, to reduce the complexity and the assessment and to allow you to focus only on the understanding of the topics reviewed within this module.
It is your responsibility to verify that the IP addresses indicated in the table are correct and correspond to the ones configured in the initial topology. Assume that the ones configured in the topology are the correct ones and modify the table if needed.
It is also your responsibility to verify connectivity. Right now there should be full connectivity between all the devices, so you must test that. This is important because when the security mechanisms are implemented you will not know if the traffic was stopped because of the security implemented or because there was no communication from the beginning.
You could use this table later for connectivity tests after security is implemented.
Within the scope of your consulting role, PocoLoco Inc. requires you to conduct a security analysis of their existing network and devise the essential security measures for achieving basic network security. Your task involves composing a technical document outlining these security mechanisms. It is imperative to support your recommendations with references to established best practices and industry guidelines. Please note that references from the Cisco Network Security curriculum or slides from any other security module in your coursework are not permissible. However, you are allowed to cite relevant white papers from Cisco or similar documents to substantiate your recommendations.
Your analysis must consider the following mechanisms:
Students are encouraged to submit the security analysis by week 7 of the teaching semester so they can receive feedback from the module tutor.
The network administrators at PocoLoco Inc. have assigned specific tasks for you to accomplish. If you have successfully completed all the labs and comprehended their objectives, you should be equipped to fulfill these assignments.
Configure all essential security mechanisms for administrative access on routers London and Chelmsford, as well as switches L-S1, L-S2, C-S1, and C-S2. You are responsible for defining the passwords and parameters. Please provide a table detailing the passwords used; without this information, we won't be able to access your devices or evaluate your work.AAA: The materials and labs of week 3 should help with this task. Configure AAA in both LONDON and CHELMSFORD, you must configure local AAA as a backup but server AAA should be the preferred method. The AAA server should be the one in London HQ, and you must not add new ones.
Activate IPS on the LONDON router to scan traffic entering the 18.104.22.168/29 network. Utilize the designated Syslog/NTP server for configuring IPS messages. Configure the router to recognize the Syslog server for receiving logging messages. Ensuring accurate time and date display in Syslog messages is crucial for effective network monitoring. Adjust the router's clock and configure the timestamp service for logging purposes. Lastly, enable IPS to generate alerts and block inline ICMP echo reply packets
Secure all switches in both LONDON and CHELMSFORD by implementing port security, deactivating unused ports, and safeguarding against STP attacks..
All communication between LONDON and CHELMSFORD must be protected using an IPsec VPN.
Finally, you must provide a test plan of the security mechanisms. Your test plan doesn’t need to include screenshots and it should just indicate the test that needs to be done to verify that the security mechanism is working properly. Table 3 shows an example of how to do the test plan, please note that show run must NOT be used as a command to verify a protocol.
Please also refer to the marking scheme of the case study available in Canvas (MOD002774_011_Marking_Scheme.xlsx). Please note that the quality of the report will also be considered as part of the final mark.
Connect with our networking expert to get a customised answer NOW!