Академический Документы
Профессиональный Документы
Культура Документы
ITSY 2401
Firewalls and Network Security
Submitted to
Professor Melanie Teeters
South Campus
ITSY 2401
Spring 2019
by
Kyle LaPato
4/20/2019
1
Kyle Lapato
Given the results from the various vulnerability scans, reports, and
provided documentation it is shown that the Network has a total of 7 hosts, one
of which being the Web Server. There are also a number of general purpose pcs
and workstations being used on the network. The biggest and most common
issue seen from each host is outdated operating systems. As operating systems
age and fail to be updated, attackers discover new vulnerabilities and attack
vectors for any system running on older versions of system software. The
systems on all of the machines. Upgrades to the operating systems will bring
newer, more secure certificates as well as avoid any known security issues that
can be found in the older operating systems, given the hardware permits the
upgrades. There are also a number of open ports that are not being used on
each host that should be closed in order to prevent unauthorized access to any
of the machines. Any ports that could be used for streaming, peer-to-peer, or
gaming should be closed for a matter of safe practice. Lastly, any unencrypted
transfers:
- Port 21 - FTP
- Port 23 - Telnet
2
Kyle Lapato
The best design moving forward to ensure both internal security for
Corporation Tech while still retaining the availability of the public web server
setup a secure site that can be accessed from the internal network that will
will also be discussed as well as the policies for both remote access and VPN
use. In the interest of security, any user attempting to access the VPN will have
to have their device registered with the IT department. By registering their device,
the user consents to having the VPN installed onto their system as well as having
their MAC addresses added to the list on the allowed MAC address filter. This
updated network layout will help increase network security to match the
3
Kyle Lapato
The network team will protect the web server by keeping it isolated within the
internal network, and anyone wanting to access the web server will have to
tunnel through the VPN. This ensures that all traffic to the web server will be
Detection System (IDS) will be implemented and configured to send out alerts in
the event that someone manages to break into the network. In a final attempt to
keep data confidential, we’ll implement a shared infrastructure that will distribute
data amongst a multitude of machines in a data center that will prevent a total
4
Kyle Lapato
➢ WAN Domain
server availability
well as block off any unused ports to help mitigate the chance of unwanted
network access
security updates.
○ Setup a DMZ to house the Web Server to secure it from both outside
5
Kyle Lapato
➢ LAN Domain
○ Secure server rooms under lock and key to prevent unauthorized access
different parts of the LAN to prevent the spread of potential viruses and
➢ Workstation Domain
○ Block off any sort of media streaming ports through the system firewall to
➢ User Domain
○ Audit all user activity to ensure no employees are leaking confidential data
○ Establish strict password and lockout policies to defend the network from
two-step authentication
6
Kyle Lapato
➢ Each user attempting to connect via remote access must have a unique
particular user may do while logged into the VPN. All network resources must
➢ All users must have a strong and unique password that is different from their
local user login. This prevents the loss of both local and VPN accounts should
changed every 3 months and must have a length longer than 8 characters
and contain all of the following: a capital letter, a lowercase letter, a number,
➢ All devices connected to either the VPN or the LAN must be pre-approved by
the IT department and must follow the regular update policy in place to
ensure that all devices connected to the network are up-to-date, healthy, and
secure.