Question

You work for a consulting company as the senior network architect. Your company was contracted by a local university to design and deploy a new network. During the deployment process, this network will operate in parallel to the present infrastructure. The network currently has many performance issues and security concerns. A few months ago, there was a situation reported in the local newspapers that students had gained access to the student records database and had made modifications to grades.

Your task as the senior network architect is to design a network that will mitigate these risks and address the performance issues. Special considerations should be given to physical and logical access control and how the proper implementation of the same can reduce the risk.

In a 2–3-page document, discuss the design approach you will use.

Talk about the physical security, logical security, and access control measures that will be implemented. Provide specific details.

Discuss the design approach that will control traffic flow, thus improving performance.

Use diagrams where possible to support your discussion points.

That is all the information that is available to me. What else do you need?

Answer 1

FOR PHYSICAL SECURITY:- Obstacles should be placed in the way of potential attackers and physical sites should be hardened against accidents, attacks or environmental disasters. Such hardening measures include fencing, locks, access control cards, biometric access control systems and fire suppression systems. Second, physical locations should be monitored using surveillance cameras and notification systems, such as intrusion detection sensors, heat sensors and smoke detectors. Third, disaster recovery policies and procedures should be tested on a regular basis to ensure safety and to reduce the time it takes to recover from disruptive man-made or natural disasters.

LOGICAL SECURITY:-Authentication is one of the most popular logical security measures in the cybersecurity space. However, authentication strategies are getting more advanced every year as it becomes clear that traditional password authentication is no longer enough against the range of threats businesses face. These more advanced strategies add additional steps to the authentication process, helping enterprise networks verify with greater certainty the identity of users attempting to access system resources.

Token authentication is one of these measures. In this model, security tokens provide users with a number that changes on a given timeline—typically every minute. As part of a log-on process, enterprise systems will prompt users for the token and match it against internal mechanisms to ensure the token is correct. Two-factor authentication (2FA) is another emerging area of logical security. In addition to a username and password, users might have to provide answers to security questions or confirm a PIN sent to a separate device or app.

In addition to types of authentication—which can even include biometric measures—there are other logical security measures available. For example, user segmentation allows system administrators to control the areas of the organization's network that individual users can access. This ensures that in the event of a user’s account being compromised in some way, the attacker won’t be able to wreak havoc across the organization’s entire network.

ACCESS CONTROL MEASURES

Access control is a process that is integrated into an organization's IT environment. It can involve identity and access management systems. These systems provide access control software, a user database, and management tools for access control policies, auditing and enforcement. When a user is added to an access management system, system administrators use an automated provisioning system to set up permissions based on access control frameworks, job responsibilities and workflows.The best practice of "least privilege" restricts access to only resources that an employee requires to perform their immediate job functions.A common security issue is failure to revoke credentials and access to systems and data when an individual moves into a different job internally or leaves the company.