IS3220 Project Network Design Chris Wig
1202 words 5 pagesIS3220 Project Part 2: Network Design
Chris Wiginton, Jose Rosado
ITT Technical Institute, Tampa FL
Instructor: Sherman Moody
28 October, 2014
The best network design to ensure the security of Corporation Techs internal access while retaining public Web site availability consists of several layers of defense in order to protect the corporation’s data and provide accessibility to employees and the public.
The private-public network edge is considered particularly vulnerable to intrusions, because the Internet is a publicly accessible network and falls under the management purview of multiple network operators. For these reasons, the Internet is considered an untrusted network. So are wireless LANs, which-without the proper …show more content…
This would allow Corporation Tech to have a single fixed public IP address to the Internet and use private IP addresses for the web and email server on the LAN.
Network Diagram and Vulnerabilities
Network infrastructure using Class C network address 192.168.1.0. The Main Servers using Virtual Machine software was configured with a static IP address of 192.168.50.1. This server controls DHCP, DNS and Active Directory. The Web Server is located outside the network in the DMZ. Internal network is configured on separate VLAN’s to separate department traffic and manage data access. Cisco Internal firewall was installed and configured to manage the internal network on the LAN. The Cisco firewall 2 implemented to manage remote traffic entering the LAN. This provides layered security to the network.
Several ports have been identified as vulnerabilities in the Corporation Techs network that allowed information to be transferred via clear text and as such they have been closed. Additional ports that could be used for gaming, streaming and Peer to Peer have been blocked or closed to reduce unauthorized access to the network. All ports known to be used for malicious purposes have been closed as a matter of best practices. All standard ports that do not have specific applications requiring access have been closed. The ports listed below are standard ports that have been blocked to minimize unauthorized packet transfer of clear text:
Port 21 - FTP
Port 23 -Telnet
Port 110 -