Assessment 2 - Network Security

1
 Table of Contents
The Tasks.........................................................................................................................................3

1....................................................................................................................................................3

2....................................................................................................................................................5

3....................................................................................................................................................6

4....................................................................................................................................................8

5..................................................................................................................................................11

References:....................................................................................................................................15

2
The Tasks

1.

a. The shared office building also poses potential security risks to the company. The 3-9 level is
populated by other businesses that pose the risk of unauthorized access or data theft. The 2nd
floor, sometimes entered by reps of business is a physical security issue. The basic network
cannot be properly segmented and without proper access controls thus is vulnerable. These issues
can be addressed through the implementation of strong access controls, network segmentation,
and physical security measures going forward.
b. Minimizing Physical Threats:
Based on countering physical threats, the company should consider incorporating access control
mechanisms. This means securing the entrance points with keycard access or biometric systems,
limiting entry only to authorized personnel. Physical barriers such as secure doors and
surveillance cameras to monitor the movement within the building can be installed (Krishnan et
al. 2023.). On the 2nd floor, temporary solutions such as signage indicating private property and
surveillance can assist in discouraging unauthorized access.
c. Issues with the Rudimentary Network:
Security measures on the rudimentary network are likely insufficient, making the latter prone to
different cyber threats. Potential problems might consist of weak or default passwords, no
encryption, and a lack of firewalls. Attackers could try to find ways into unsecured wireless
networks, and a lack of regular updates on software may leave the network vulnerable to all
known vulnerabilities.

3
 Figure 1. The basic network topology of the proposed design
d. Redesigning and Implementing a Secure Network:
To redesign the network to achieve better security, several measures can be taken. These include:
Firewall Implementation: Set up firewalls to monitor and regulate network traffic both
incoming and outgoing, thereby preventing any unauthorized access.
Encryption: Implement encryption protocols to protect sensitive data both in transit and at rest
reducing the chance of eavesdropping or theft.
Access Controls: Implement stringent access control policies, so that only qualified personnel
may gain entry to the particular network resources. User authentication and authorization
mechanisms are also included.
Regular Updates and Patch Management: Keep all software and systems current with security
patches to mitigate known vulnerabilities.
Employee Training: Organize cybersecurity training sessions with employees, so they know
about possible threats and the value of having secure passwords as well as being able to identify
phishing attempts (Bringhenti et al. 2023).
Intrusion Detection System (IDS): Install an IDS to detect and react to probable security
incidents in real-time.

4
A robust security policy should be formulated and maintained so as to ensure continual shield
against growing cyber threats. Regular security audits and evaluations are important to identify
newly emerging risks.

2.

Figure 2. Implemented Network Topology for Branch 2 and Branch 3

The network topology implemented for the two branches has a strong infrastructure in place to
facilitate smooth communication and data transit. The network involves routers, switches and
interconnected branches using suitable routing protocols. DHCP services are set up so that the IP
addresses assignment is done dynamically, which makes a more efficient use of network
resources. VLANs are created in order to enhance network partitions and improve the separation
of different departments, thus strengthening security.
The routing protocols enable seamless data transfer between the branches, thus establishing a full
connection. This foundation enables the implementation of security features, such as firewalls,
intrusion detection systems and encryption protocols to harden networks against potential cyber
threats. In essence, the network design emphasizes both connections and security to address
operational needs served in connection with new office blocks and branches spread across other
cities.

5
3.

Figure 3. Security firewall configuration

For the scene, network security measures can include a basic device security, configuring
firewalls packet filters or stateful zones based in routers or specially developed safety devices,
NAT and PAT if necessary and encryption of routing protocols advertisements to avoid
unauthorized leakage of routing information. This results in a better overall cybersecurity posture
for the network via an improved security firewall configuration.

6
 Figure 4. Configuration of ACL routing
As a Network Security Consultant, being aware of the business’s cybersecurity needs in its new
office block can improve security within range of their network by adding basic device
protection; configuration firewalls (packet filters or stateful zone-based), using NAT and PAT if
it is necessary and securing routing protocol advertisements with password so that nobody can
disclose sensitive information about This is depicted in the diagram given above marked
“Figure 4. ACL routing configuration details”

7
4.

Figure 5. DHCP Client Configuration

In the given state of affairs, as a Network Security Consultant, the challenge involves improving
the safety of the business's network in a new workplace block with ground and tenth floors. To
gain this, external safety features are required between the two websites. Based on the above
figure, represents the DHCP-based client network configuration in terms of IP address, specified
subnet mask, and over DNS server by accessing local address.

8
 Figure 6. OSI model of DHCP Client
The OSI version is a conceptual framework for know-how how network verbal exchange
protocols are layered. The DHCP patron protocol operates on the Application layer (Layer 7) of
the OSI version. It uses UDP (User Datagram Protocol) on Layer four to send and get hold of
messages to and from a DHCP server. The DHCP server normally lives on Layer three (Network
Layer) and makes use of IP (Internet Protocol) to talk with DHCP clients.
In the given state of affairs, as a Network Security Consultant, it needs to beautify the
cybersecurity of a commercial enterprise occupying the ground floor and the tenth ground of an
office block in Cardiff town middle. Create a third simulator file incorporating external safety

9
features, together with GRE tunnels and site-to-website online VPNs, to establish secure verbal
exchange between the 2 web sites. This can ensure a strong and guarded community
infrastructure, addressing capability vulnerabilities and safeguarding the commercial enterprise
from cybersecurity threats.

Figure 7. Router Configuration

A website online-to-website VPN can be the maximum steady alternative for connecting the two
flooring. This can create a steady tunnel over the public internet, encrypting all visitors among
the 2 websites. This could help to protect your statistics from being intercepted by hackers. GRE
tunnels can be used to create a digital point-to-factor link between two networks. This can be

10
useful in case one wants to attach networks that aren't immediately connected. However, GRE
tunnels no longer encrypt traffic, so it can simplest be used if safety isn't a major problem.
Firewalls are critical for any network security solution. Access Control Lists (ACLs) can be
used to govern which gadgets and users are allowed to get admission to certain assets in the
community. IDS/IPS structures can be used to hit upon and prevent malicious pastimes to the
community.
This involves setting up GRE tunnels and location-to-web page VPNs which are essential, for
making a stable and dependable community infrastructure. The purpose is to establish a strong
defense mechanism to shield the commercial enterprise's records and verbal exchange channels.

5.

To enhance the network security for the business in the new office block in Cardiff city center,
the following security features are implemented:
Firewall Implementation:
● Installed stateful inspection firewalls on the edge of the network, near entrances to both
floors.
● Set up firewall rules that permit only the traffic required and deny access from
unauthorized sources.
● Used application-layer filtering to track and regulate certain applications and services.
Network Address Translation (NAT) and Port Address Translation (PAT):
● NAT at the firewall can be implemented to mask internal IP addresses from external
networks.
● PAT is used to map multiple private IP addresses to a single public IP address, limiting
exposure of internal network structures.
Virtual Private Network (VPN) Parameters:
● Set up established VPN connections between the ground floor and the 10th floor for
secure connection between two segments.
● Used IPsec due to its strong encryption features, which make it possible to have
confidence and integrity of the information when it is communicated (Akter et al. 2023).
● Implement necessary key management protocols like IKE Internet Key Exchange to
handle secure key exchange.

11
Generic Routing Encapsulation (GRE) Tunnels:
● Implemented GRE tunnels in the VPN framework to encapsulate and secure data while
moving between the ground floor and the 10 th floor.
● GRE tunnels create a private communication channel over an insecure network providing
secure and efficient data transmission across the network.
Encryption Verification:
● Utilized protocols such as SSLTLS for web traffic and IPsec for VPNs to ensure end-to-
end encryption.
● Analysts should ensure to monitor the network traffic regularly using intrusion detection
or prevention systems in order to detect any anomalies in the traffic flow that may
indicate a security breach.
● Periodic audits and penetration testing are conducted to verify the effectiveness of
encryption protocols, as well as to identify and rectify weaknesses.
These security measures ensured a secure environment for the operations of the business by
protecting its network infrastructure from unauthorized access, data breaches and other cyber
threats.
6.
Based on developing a strong security policy to support the new office network in Cardiff city
center, it must be necessary to deal with potential areas susceptible and guarantee
confidentiality, integrity, and availability of the firm’s information assets. Here are five sample
rules to be included in the security policy document:
Access Control Policies:
Clearly define access control policies to limit network permissions based on job roles and
responsibilities (Yeshmuratova and Amanbaev, 2023). Implement role-based access control
RBAC to make sure that employees are given the least number of rights necessary to perform
their work. It is necessary to enforce strong password policies, such as mandatory periodic
updates with the use of complex and unique passwords for each individual. Implement Multi-
factor Authentication (MFA) as another security layer.
Network Segmentation:

12
Separate critical systems and sensitive data from the general office network using network
segmentation. This includes the establishment of distinct VLANs for various departments or
functional areas like finance, human resources and IT (Do et al. 2023).
Use firewalls and intrusion detection/prevention systems to monitor and regulate traffic between
the network segments. This helps to prevent lateral movement of threats over the network.
Endpoint Security:
Make sure that all endpoints, including computers and mobile devices, are equipped with the
latest versions of antivirus software and endpoint protection tools. Automated scans should also
be regularly scheduled to detect and eliminate malware.
Use device encryption to protect data on laptops and mobile devices if stolen or lost. Establish
device management policies that regulate the use of removable media and external devices.
Regular Software Updates and Patch Management:
Establish a thorough patch management process to update operating systems, applications and
network devices on a regular basis. Automated tools can help make this process more efficient
and reduce the period of vulnerability. Periodically arrange vulnerability assessments measuring
and addressing potential weaknesses. Put together a protocol for quick resolution of critical
vulnerabilities to avoid exploitation by malicious actors.
Data Encryption:
Implement strong data encryption mechanisms to strengthen network security of the company.
Use standard encryption protocols such as TLS or AES when dealing with sensitive data in
transmission and storage (Salahdine et al. 2023). Make sure all means of communication that are
electronic such as emails and file transfers are encrypted to prevent eavesdropping or
unauthorized access. Ensure secure key management practices, frequently upgrade encryption
algorithms, and enforce tight access controls to strengthen the overall resilience of the network
against potential data breaches and cyber threats.
Employee Training and Awareness:
Develop a security awareness training program for all the employees. This should include
phishing awareness, social engineering, and safe browsing habits. Keep employees to report
suspicious activities as soon as possible and implement a straightforward incident response
protocol. Hold simulated phishing exercises at regular intervals to see how effective the training
program is.

13
Based on following these rules in the company’s security policy, there can be a good foundation
for network protection. Further, it is suggested that the security policy be continually reviewed
and updated frequently to keep up with changing threats as well as technologies. Periodic
auditing and assessment will maintain the effectiveness of implementing security measures that
ensure safeguarding to the organization’s assets.

14
References:

Bringhenti, D., Marchetto, G., Sisto, R. and Valenza, F., 2023. Automation for network security
configuration: state of the art and research trends. ACM Computing Surveys, 56(3), pp.1-37.
Do, T., Le, A.T., Vahid, A., Sicker, D. and Jamalipour, A., 2023. A Deep Neural Network for
Physical Layer Security Analysis in NOMA Reconfigurable Intelligent Surfaces-Aided IoT
Systems. Authorea Preprints.
Krishnan, P., Jain, K., Aldweesh, A., Prabu, P. and Buyya, R., 2023. OpenStackDP: a scalable
network security framework for SDN-based OpenStack cloud infrastructure. Journal of Cloud
Computing, 12(1), p.26.
Salahdine, F., Han, T. and Zhang, N., 2023. Security in 5G and beyond recent advances and
future challenges. Security and Privacy, 6(1), p.e271.
Yeshmuratova, A. and Amanbaev, N., 2023. ENSURING COMPUTER DATA AND
MANAGEMENT SYSTEM SECURITY. International Bulletin of Applied Science and
Technology, 3(4), pp.282-287.
Akter, M.S., 2023. Quantum Cryptography for Enhanced Network Security: A Comprehensive
Survey of Research, Developments, and Future Directions. arXiv preprint arXiv:2306.09248.

15