Security Architecture & Design

Purpose: To give you experience designing a secure network infrastructure.

Directions: You have been selected as a consultant to design a secure network for J&L Coffee. To complete this project, read the scenario below and submit the required milestones when they are due. You may use any resources, including books, the Internet, and other appropriate sources to complete this project. Remember to cite your sources. The project is complete when you have submitted all five milestones.

Please note that this scenario is based on a fictitious company, and any similarity to a real company or real people, present or past, is coincidental and unintentional.
Scenario: See the J&L Coffee Case Study in the course project folder. The written description of the case is also attached to the assignments in the class. Please refer to it for details on the case.

The requirement:

Your job as a consultant is to document the existing network, identify current vulnerabilities, and propose a redesign that addresses the vulnerabilities and provides for security best practices to minimize future problems. Your deliverables are listed below. Good luck.

Milestone 1 (Begin in Module 3 Due Module 4):

Your first milestone consists of two deliverables: a Visio diagram that depicts your interpretation of the current network and a written summary of network vulnerabilities that you uncover. Your network diagram doesn’t have to depict every object. Instead, you can summarize objects.
o Document as-is state
o Document and outline the company’s current approach to endpoint security and malware protection. Include data loss prevention and vulnerability scanning tools as well.

Good general guidelines for your diagram are as follows:

1. The diagram fits on one page.
2. Your name is on the diagram.
3. Your diagram has a title or heading that contains the assignment number.
4. It is formatted nicely to make it easy to understand.
5. The objects in the diagram are clearly identified.
6. When a single object is used to represent multiple objects, it is labeled to show the correct numbers.
7. Connections are labeled.
When creating your drawing, use Visio. It is available as a free download from your student account on Azure for education. See the Azure for Education link under Course Documents.

Your written summary is an explanation of the network, system, and server assets along with any vulnerabilities you may observe. This should be done in Microsoft Word and should follow standard academic formatting with proper attention to spelling, grammar, punctuation, etc. Make sure you include a brief introduction explaining your document. Also include your name and class number on all work. If you have questions, you may use the discussion board to discuss them with your professor and peers.

Please include CYBR515 Milestone 1 and your name in the file name for your diagram and summary and attach them to the appropriate assignment for grading. Remember, you only have one opportunity to attach documents, so please attach both documents at the same time.

Milestone 2 (Begin in Module 6 Due Module 7):

This milestone encompasses everything that you have learned up to this point. This week you will design improvements to the network infrastructure that incorporate encryption. You will also design improvements to the wireless networks. Use the information from your studies and feedback from previous assignments, to help you with this process. Revise your original Visio diagram to depict any changes that you propose to make. Then, summarize your recommendations for change in a Microsoft Word document. You may use any appropriate sources for your requirements. Remember to cite your sources.
• Continue the as-is state and finalize the approach adding the IDM system and multifactor authentication

The following questions are useful to you while you are creating your design. You should think about them while you are revising your diagram and summarizing your recommendations. Please do not provide answers to them as part of your deliverables.

1. Have I uncovered additional vulnerabilities since Milestone 1?
2. How should I prioritize the known vulnerabilities?
3. Can vulnerabilities be addressed through reconfiguration, or will I need additional hardware and software?
4. How can encryption address known vulnerabilities?
5. What security features are not currently in use?
6. What is the impact of using every means to encrypt the network and secure wireless access?

Your document should be professionally formatted with a brief introduction and proper attention to spelling, grammar, punctuation, etc.

Again, if you are not sure about how proceed, use the discussion board to ask questions or get help.

Your diagram should contain any revisions to the original network infrastructure that are required to improve security.

Please include CYBR515 Milestone 2 and your name in the file name for your diagram and summary and attach them to the appropriate assignment for grading. Remember, you only have one opportunity to attach documents, so please attach both documents at the same time.

Milestone 3 (Due Module 8):

For this milestone you will produce a simple security design for secure cloud access distributed file sharing that is implemented as a Software-as-a-Service (SaaS). The file service will be utilized to maintain corporate documents and sales information, to include credit card data. Use the information from your studies and feedback from previous assignments, to help you with this process. Revise your original Visio diagram to depict the addition of the SaaS logical infrastructure. Include protections against malware, unauthorized access and forged keys in your infrastructure. Then, summarize your recommendations in a one-page Executive Summary that explains the major components, their functions, and capabilities/limitations.
• Design your recommended architecture additions for the network
• Begin with the current network design from milestone 2 and be sure to include necessary elements such as firewalls, segmentation, and VPNs

The following questions are useful to you while you are making additions to your design. You should think about them while you are revising your diagram and summarizing your recommendations. Please do not provide answers to them as part of your deliverables.

1. Have I uncovered additional vulnerabilities since Milestone 2?
2. Does the redesign provide defense in depth?
3. Will the new secure network architecture maximize accessibility for wireless devices while still providing an appropriate level of security for a payment processing system?
4. What types of encryption are most effective and where should they be utilized?
5. What is the impact of each change on authorized users?

Again, if you are not sure about how to answer these questions, use the discussion board to discuss them with your professor and peers.

Your diagram should contain any revisions to the original network infrastructure that are required to improve security.

Please include CYBR515 Module 8 and your name in the file name for your diagram and summary and attach them to the appropriate assignment for grading. Remember, you only have one opportunity to attach documents, so please attach both documents at the same time.

Milestone 4 (Begin Module 10 Due Module 11):

For this milestone you will be making your final design changes to the network infrastructure. Use everything that you have learned from this course to provide the appropriate level of security at each level of the network. Again, use the information from your studies and feedback from previous assignments, to help you with this process. Produce a final revision of your Visio diagram and a final set of recommendations for change in a Microsoft Word document. You should include any past Visio diagrams as tabs, so we can track changes and progress. Your written discussion should explain your recommendations in enough detail to be easily understood by the “customer.”
• Incorporate how you would approach zero-trust architecture
• Finalize items related to threat model and how your new architecture addresses those
• Wrap things up and indicate how compliance and monitoring fit into the architecture

You should be thinking about these questions when creating this design.

1. Does the network redesign address vulnerabilities that have been discovered since Milestone 3?
2. Will the use of security appliances restrict performance? If so, where?
3. Are there any back doors or hidden paths that could be used to circumvent security that haven’t been addressed in the new infrastructure?
4. Is the new design technically feasible? Is it cost effective?
5. What capabilities, if any, are lost or restricted once it is implemented?
6. Would the new system appeal to you as a user?

Again, if you have questions or concerns about this assignment, use the forum to discuss them with your professor and peers.

Please include CYBR515 Milestone 4 and your name in the file name for your diagram and summary and attach them to the appropriate assignment for grading. Remember, you only have one opportunity to attach documents, so please attach both documents at the same time.

Milestone 5 (Due Module 12):

A brief PowerPoint presentation to be made to senior management explaining your recommendations. In your presentation, provide an overview of the present system, including any security vulnerabilities that you found. Outline the main points/diagrams/recommendations. Be sure to have a conclusion that offers to continue your duties as consultant – you want to be hired to implement your design!

A good PowerPoint presentation has the following characteristics:

1. An introductory slide.
2. Separate slides for each main point.
3. Short phrases and headlines. Do not use complete sentences and paragraphs!
4. A good, solid conclusion.
5. A closing slide that states what you want to happen next. (You want to implement this design! Tell them how to contact you).

Please include CYBR515 Module 12 and your name in the file name for PowerPoint presentation and attach it to the appropriate assignment for grading.

Evaluating the Project

To further guide your work reference the assignment rubric provided with the assignment in blackboard. Your instructor will also consider the following questions as the project is graded:

o Does the first network infrastructure diagram represent the present configuration from your project?
o Do subsequent network infrastructure diagrams show incremental security improvements over time?
o Are all of the main security vulnerabilities identified and resolved? Are your security recommendation clearly stated?
o Does your documentation follow the format requirements of the project (Visio drawings and Microsoft Word documents?)
o Are the customer needs met? Were all milestones met on time?
o Did you make the necessary corrections between milestones? Does the final document look professional? Is it easy to read and understand? Could it be presented to a client?