Question

In: Computer Science

You are an IT company and want to get a travel agency's network design, hardware, software,...

You are an IT company and want to get a travel agency's network design, hardware, software, and security. DMZ Architecture: What is your DMZ architecture? What devices and their function are included? How are DMZ devices connected? How are you planning to provide security to protect the DMZ and at the same time maintaining friendly access to customers?

Solutions

Expert Solution

DMZ Network (“demilitarized zone") functions as a subnetwork containing an organization's exposed, outward-facing services. It acts as the exposed point to an untrusted networks, mainly to the Internet.

We need to :

  1. Install and maintain a firewall configuration to protect data of the customer
  2. Not use vendor supplied defaults for system passwords and other security parameters
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data across open, public networks
  5. Protect all systems against malware and regularly update antivirus software or programs
  6. Develop and maintain secure systems and applications
  7. Restrict access to user's data by 'business need to know'
  8. Identify and authenticate access to system components
  9. Restrict physical access to customer's data
  10. Track and monitor all access to network resources and data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security for all personnel

DMZ adds an extra layer of security to an organization's local area network. A protected and monitored network node that faces outside the internal network can access what is exposed in the DMZ, while the rest of the organization's network is safe behind a firewall.

When implemented properly, a DMZ Network gives organizations extra protection in detecting and mitigating security breaches before they reach the internal network, where valuable assets are stored.

Ways we can construct a network with a DMZ. We can create complex architectures as per network requirements:

  • Single firewall: It involves using a single firewall, with a minimum of 3 network interfaces. The DMZ will be placed Inside of this firewall. The tier of operations is as follows: the external network device makes the connection from the ISP, the internal network is connected by the second device, and connections within the DMZ is handled by the third network device.
  • Dual firewall: The more secure approach is to use two firewalls to create a DMZ. The first firewall (referred to as the “frontend” firewall) is configured to only allow traffic destined for the DMZ. The second firewall (referred to as the “backend” firewall) is only responsible for the traffic that travels from the DMZ to the internal network.

Mainly, we would Only store customer's data if necessary:

If we don't need it, we don't store it.

Retaining unencrypted cardholder data is risky and could end up being very expensive if your business falls victim to a breach.

In addition we may build an Incident Response Plan:

The key to mitigating damage following a breach is, firstly:

  • How quickly you can detect the breach

And, secondly:

  • How quickly you react to prevent further damage.

Creating and implementing an Incident Response Plan helps an organisation work through the scenarios that could result in their data being exposed. Making sure that the Incident Response Plan actually works is also very important - stress testing it, like a fire alarm is essential in helping your team to understand what to do in the case of a suspected data breach.

This way the security would be provided and also the customers can have a friendly access.


Related Solutions

You are an IT company and want to get a travel agency's network design, hardware, software,...
You are an IT company and want to get a travel agency's network design, hardware, software, and security. Project resources allocation. List all types of resources (e.g. human and non-human) you will use them in the enterprise network project. How are you planning to use those resources cost-effectively?
You are an IT company and want to get a travel agency's network design, hardware, software,...
You are an IT company and want to get a travel agency's network design, hardware, software, and security. What’s the difference between IDS and Firewall? What is a promiscuous mode in IDS? What is an in-line mode in IDS? When is appropriate to use one or the other in your network? Specific to a travel agency what firewall & IDS vendors’ such as Palo Alto Networks, Check Point, Cisco, etc., and select product(s) suitable for the travel agency. Justify your...
You are an IT company and want to get a travel agency's network design, hardware, software, and security.
You are an IT company and want to get a travel agency's network design, hardware, software, and security. Submit a list of all e-Commerce applications required in the enterprise network. Make sure to include a description of each application.
You are an IT company and want to get a daycare's network design, hardware, software, and...
You are an IT company and want to get a daycare's network design, hardware, software, and security. Project resources allocation. List all types of resources (e.g. human and non-human) you will use them in the enterprise network project. How are you planning to use those resources cost-effectively?
Design your home network.  Experiment. Go beyond your home network. Design the network you want. Pick a...
Design your home network.  Experiment. Go beyond your home network. Design the network you want. Pick a networking problem from the internet and design the networking solution. Use lucidchart or vision.
Hardware and Network Plan Create a network for a company that sells shoes. Describe the hardware...
Hardware and Network Plan Create a network for a company that sells shoes. Describe the hardware needed and the size of the network (PAN, LAN, WAN) and make a flow chart or mind map of the network. The description should be at least 500 words. The flow chart or mind map should have at least 12 boxes, each box should be labeled and the flow noted. The main thing I need help with is the flow chart or the mind...
Discussion: Network Standards Networks today span the globe. Hardware and software manufactured by different companies in...
Discussion: Network Standards Networks today span the globe. Hardware and software manufactured by different companies in different countries need to be interchangeable and able to work together. A network interface card needs to be able to interface with any network anywhere in the world. This consistency is established through standards. Important international standards-making bodies for networks include: International Organization for Standardization (ISO), International Telecommunications Union (ITU), Institute of Electrical and Electronics Engineers (IEEE), Internet Engineering Task Force (IETF), and World...
Network Design proposal for a University Problem: Suppose you are asked to design of a network...
Network Design proposal for a University Problem: Suppose you are asked to design of a network infrastructure for a university. The university has 7 departments namely, IT, Finance, HR, Management, Faculty, students and R&D. The university also has an ADSL internet connection which is shared for the different departments. It is required that all the departments should have intercommunication. The R&D department should not have access to the internet. Each of the department contain 50-100 users. Explain your design giving...
To what end have billions of dollars have been spent on computer hardware, software, network communications,...
To what end have billions of dollars have been spent on computer hardware, software, network communications, and all the other requirements of having world-class technology. Has the money spent on technology allowed businesses to become more profitable? Has the implementation of information technology led to a sustainable competitive advantage?
To what end have billions of dollars have been spent on computer hardware, software, network communications,...
To what end have billions of dollars have been spent on computer hardware, software, network communications, and all the other requirements of having world-class technology. Has the money spent on technology allowed businesses to become more profitable? Has the implementation of information technology led to a sustainable competitive advantage? *300 words
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT