Network Security Upgrade Proposal
Proposal Overview
Conspicuously, in regards to the rapid augmentation in the reliance on technology, it is turning out to be more indispensable to safeguard all features of online information and data. Additionally, as the internet advances and computer networks enlarge, the aspect of data integrity and security has developed to be one of the most significant elements for the organizations’ considerations. Evidently, when performing assorted tasks over the Internet, Local Area Network (LAN), or in the utilization of other numerous methods, it is vital to watch out on the facet of network security regardless of the size of the business. Conversely, it is wise to realize that no network is impervious to cyber attacks. Nonetheless, an unwavering and efficient network security structure is crucial to safeguarding clients’ and organizational data.
Regarding this project, it will solely focus on the upgrading of network security in the utilization of the Zero Trust Model. Apparently, a secure network security structure ensures that a business diminishes the latent risks of data larceny and incapacitation. Furthermore, network security offers protection from dangerous spyware, providing data to be reserved securely.
Remarkably, this project paper is inclusive of numerous components organized concisely and explicitly. The following are some of the assorted parts exclusively entailed in the document;
- Information and technology (IT) solutions to be taken
- The implementation plan
- Review of similar works that have ever been undertaken
- Project Rationale
- Methodology to be used
Don't use plagiarised sources.Get your custom essay just from $11/page
Problem Summary
As aforementioned, the project will be inclusive of numerous aspects. Conspicuously, the project aims to upgrade a network that contains a couple of defects that demand competent handling.
Regarding the network defects, they include the following;
- The network is flat such that it is not inclusive of segmentations, subnets or virtual LANs
- There is no demilitarized zone (DMZ), which is a physical or logical subnetwork that encloses and exposes business external-facing operations to non-trusted networks like the Internet.
- Minimum logging at the perimeter
- There is no existing way to acquire remote access to an internal network
- Everybody has access to all the files in the shares
Markedly, almost all the diverse variations of threat and security probable risks have the aptitude of gravely impairing the business functionalities, network utilization, and computer recital while performing multiple functions unidentified to the user of a tainted computer system. Some of the areas likely to face implications include;
- Storage and capacity devices- The majority of the applications being executed in a computer system take in a section of the host computer’s possessions such as the hard drive storage, central processing unit power, computer reminiscence, or the network bandwidth. Notably, any security threat residing on a computer can critically weaken the performance.
- Operational time- the quite significant time is lost due to the operational slowdown brought by the enormous burden of a computer’s parasitic populace
IT Solutions
In regards to the network defects listed in the problem summary, there are potential technological solutions that can be applied to tackle the deficiencies. All the faults have the capabilities to be solved appropriately through the utilization of the Zero Trust model. Conspicuously, this model of network security primarily aims to restrain the aged castle-and-moat state of mind whereby organizations and businesses paid attention to safeguarding their perimeters as they assumed that the resources within did not sham a menace and consequently was cleared for access. Additionally, the Zero Trust approach depends on numerous technologies in existence and administrative procedures to achieve its mission of safeguarding the IT environment ventures.
The Zero Trust model is inclusive of copious operations that offer solutions to the defects. The extensive procedures include the following;
- Control of micro-segmentation and granular perimeter implementation in consideration of the users, their geographical positions and additional information to settle on whether to believe a particular user
- Machine or software searching access to a meticulous portion of an organization or enterprise
- Multifactor authentication
- Identity and Access management
- Analytics and encryption
- Scoring and file system permissions
- Establishment of demilitarized zones for public servers
- Setting up secure sockets layers virtual private networks on the firewalls
Outstandingly, the Zero Trust model often entails plentiful of organizational strategies. Patently, on the subject of the Zero Model trust, all the problems enlisted will be tackled appropriately and adequately. Additionally, the model ought to move a mile further in handling prospect risks that may arise soon.
Implementation Plan
Implementation planning principally decides the project’s triumph for the reason that without it, the strategic vision will remain unattainable (Eby, 2017). The implementation of the project will be inclusive of diverse phases. The different steps ensure a constant flow of operations hence saving resources such as time and the expenses. The different stages are as follows;
- Site surveying- The action of site surveying is vital since it offers the network designer essential information that aids in the establishment of an appropriate commencing point for the project. Additionally, it demonstrates the existing components and indicates what is needed.
- Documentation of the existing physical and logical topologies
- Network upgrade requirements documentation
- Cabling consideration- If the cabling in existence does not meet the specifications for the upgrade, there ought to be an installation of new cable
- Conducting the network upgrade- In this phase, the network upgrade is carried out. It consists of diverse operations such as setting up devices, and cables
- Monitoring and evaluation- It happens to be the last stage, which is vital in assessing how the network is behaving. If some modifications are dire, there are undertaken in this stage.
Review of Other Work
There are numerous works undertaken by various third parties regarding appropriate network upgrades through the utilization of the multiple components of the Zero Trust Model. William Dee Atkins solely paid attention to the designation procedures and implementation of a hard-edged distributed network endpoint security structure for enhancing the security of significant internet protocol-based networks. Notably, he appreciated that the current trends illustrate the majority of the Internet protocol-based systems are subsequently linked to the Internet so that they have the aptitude to access and manage the devices connected to such networks remotely. Additionally, the connection of the Internet protocol-based systems to the Internet exposes them to cyber attacks by malevolent third parties (Atkins, 2007). William noted that firewalls, which are components that sieve traffic flowing amid numerous networks according to user-defined policies, are frequently utilized as a mode of shielding such networks.
Firewalls are typically efficient at attacks avoidance from malicious attackers through the Internet. Conversely, by their positioning at the internal network boundary, they offer no capabilities to safeguard the network-connected systems and components against malevolent cyber attackers. In such a scenario, William comprehended that the military notion of the demilitarized zone (DMZ) is pertinent. A DMZ offers an appropriate surrounding for public-facing servers for the reason that the units linking from the domestic LAN can be allocated adequate liberal access. In contrast, the entities linking from the Internet can only be allotted the lowest amount of entry rights obligatory for the services to function appropriately. However, should a malicious individual acquire direct power over a DMZ-connected system through any cyber attack dimension, an accurately set firewall ought to avoid that individual from utilizing the conciliated server to attack structures on the internal LAN unswervingly. Unmistakably, William’s work directly relates to the development of this project. The reason for this is because the methods he used refer to the majority of components in the Zero Trust model. Moving forward, William’s work will offer an appropriate route for the implementation of the network upgrade.
Moreover, four IT personnel, namely Rosalie Murphy, Jonathan Kisor, Marcus Wilson, Juan M. Hernandez, were involved in a network upgrade of a Job Well Done Hospital (Gabriel). Regarding their network upgrade, they chose to make use of the Internet Connectivity module that offers domestic clients with connectivity to Internet services. Patently, this module was expected to provide the Internet users with access to information available on the JWD Hospital. Remarkably, the personnel had to ensure an efficient and secure remote access in the network upgrade through the utilization of public servers. Also, there was some use of numerous components in this module, such as the DNS servers, DMZ, firewalls, and edge routers. The following are some of the functionalities of the components intended to be utilized;
- Public servers- Public servers typically supply information concerning the organization. Every server on the segment of public services entails host-based intrusion detection systems (HIDS) to check on whichever rogue event is taking place at the operating system stage and in general server appliances
- Firewalls-Firewalls offer network-level fortification of resources, provide state straining of traffic, and advance the VPN traffic from the remote locations and users for the annihilation
- Demilitarized zones
In regards to a team referred to as Logic finder, aged infrastructure ought to experience performance complications whenever they are dealing with an advanced volume of components than their handling capabilities. Habitually, this causes a stern slow down or a complete stop in functionalities. An upgraded network infrastructure prompts to augmented competence, output, and robust security. Regarding this work, a logical description is offered on the significance of maintaining robust network security.
Mustafa Aljumaily and Angel Kodituwakku conducted a final project on computer network security regarding virtual private networks (VPNs). The two concluded that a virtual private network (VPN) is adequate in establishing a concealed range of computer communications or supplying a safe extension of a closed system via a network that may not be secure as the Internet (Aljumaily). Notably, they appreciated virtual private networks are widely utilized in the field of network security. Additionally, virtual private networks are capable of being built upon internet protocol security (IPSec) or Secure Socket Layer (SSL). Basically, these are the two inherently diverse approaches for establishing VPNs. The two paid attention to the SSL-based VPNs that are frequently known as the SSL VPNs.
The designation and implementation of the SSL VPNs epitomize some security principles and technologies such as;
- Crypto
- Integrity
- Authentication
- Key management
- Key exchange
- Public- Key Infrastructure (PKI)
To accomplish this objective, they implemented a straightforward SSL VPN for Linux operating system. One of the primary significance of SSL VPNs is to encapsulate data traffic above an encrypted tunnel to a gateway, through the invocation of Secure Sockets Layer (SSL) technology when conversing over a link of web. Conversely, the accepting SSL gateway decrypts the traffic and delivers it to the internal network.
Project Rationale
With the existence of numerous technological advancements in the modern world, change can be considered to be inevitable. Conversely, change is hard to bear, but for businesses that demand to stay aggressive in the present rapid-paced business platform, transformations, such as the network security and infrastructure upgrade, are vital. Additionally, these upgrades ensure attaining the most from the undertaken technology investments, and they offer to guarantee a specific business numerous and precise significant paybacks.
In regards to this project, there are numerous factors why a particular company would demand the implementation of an efficient network security upgrade through the utilization of the Zero trust model. Habitually, a network upgrade ought to be undertaken frequently to obtain the technical reasons illustrated below;
- Enhanced and better network security- Notably, the utilization of outdated network and application components is often considered to be problematic and establishes assorted network vulnerabilities that have the capabilities of bringing down the whole network system or, at times, the entire business setup. The implementation of network upgrade steadily tightens the network security on the components
- Improved speed and dependability- Evidently, the utilization of green networking technologies makes it certain that the workforce has the appropriate aptitude to perform the tasks assigned to them more competently and with less interruption. Besides, an upgraded network system enhances practical usability and customer contentment in the client-facing software.
- A lesser amount of network maintenance time- The outdated networks potentially are inclusive of multiple bugs and other numerous inefficiencies; hence they require a longer duration and more attention to be sustained appropriately.
- Numerous functionalities- Patently, the implementation of a network security upgrade prompts the utilization of newly released applications and technologies. The event of upgrading your network infrastructure guarantees the business more flexibility in allocating numerous new technological investments.
- Enhanced hardware and software- Network upgrading guarantees the business appropriate and more competent hardware and software with a minimal prospect of failure. As well, it also allocates the company more computing power and better storage space.
Regardless of the technical aspect of a particular organization, it may also wish to conduct a network security upgrade based on business reasons such as the following;
- Expansion of business would potentially prompt the current network to have no longer the aptitude of supporting its needs, hence necessitating a network security upgrade. In consideration of the business expansion, a network security upgrade would offer enhanced scalability for a more effortless, and streamlined growth in the future
- Space and data consolidation- Potentially, a network security upgrade will aid in the cutting down of costs by conceding the users the capabilities to employ newer advancements like virtualization, which facilitates consolidation of space and possessions such as data and information.
- Legal mandates- Some organizations ought to implement regular network security upgrades based on the agreements made by their firms.
Current Project Environment
Currently, the milieu of network security is facing numerous hazards in regards to the cyberattacks that companies and organizations are experiencing day in day out. Every day organizations are waking up to discover that malicious individuals accessed their network systems, manipulated them, and even go further ahead to steal confidential information. Based on this fact, there is a dire need to ensure a robust implementation of efficient network security systems.
Regarding network security systems, presently, there was a new model in disposal known as the Zero Trust model. In 2010, the term zero trust was first introduced by an individual analyst when the model was initially made public to the audience. Consequently, after a few years, the giant Google made it public that it had executed the model in its security. I feel that the model is the future of the network security environment. The reasons for this are that the security model demands stringent identity corroboration for each individual and component that is attempting to access information on a private network, regardless of their locations within or outside the perimeter of the system (Gilman & Barth, 2017). Furthermore, there is no lone exact technology that is affiliated with the model. Remarkably, it happens to be a holistic strategy to network security that involves numerous and diverse principles and techniques.
Conversely, the conventional network security systems were laid on the basis of the castle-and-moat ideology. Notably, when utilizing castle-and-moat security, it is often problematic to attain the appropriate access from the exterior side of the network. However, all humans in the interior side of the network are trusted by default. The main issue with this type of strategy is that whenever a malicious individual or cyber attacker acquires to a certain extent, the access to the network, any confidential data is effortlessly accessed. Besides, the susceptibility in castle-and-moat network security structures is made worse by the reality that organizations store their data in one particular location. Presently, data and information usually are spread across cloud providers, hence making it complicated to have lone security management for a complete network system. Remarkably, the philosophy facilitating the implementation of a zero-trust network model considers the fact that there may be a significant existence of attackers equally within and outside of the network grid, hence, there is exists no automatic trust and belief of personnel.
Additionally, a further principle of zero-trust security is the aspect of the allocation of least-privilege access rights. Least-privilege access rights ensure users are allocated the amount of access they require to perform a particular operation. Evidently, this enhances the event of minimizing every user’s disclosure to concealed portions of the network system.
The model of Zero trust utilizes the functionalities of micro-segmentation maximally. In the current environment of network security, micro-segmentation is considered to be very adequate. Remarkably, it is the component of splitting down the network security perimeters into lesser zones so that maintenance can be eased, and access can be separate too for the diverse portions of the network grid. For instance, a network structure that consists of files stored in a single data center that uses the functionality of micro-segmentation may include dozens of detaching, safe, and sound zones. An individual or application that is granted access to either of those zones does not have the capabilities of accessing any portion of the other zones devoid of another separate authorization.
Methodology
In this section, I wish to illustrate the methodology in which the project will follow during the stage of implementation. For the reason that the project is based on upgrading an existing network structure, I chose the analysis, design, development, implementation, and evaluation (ADDIE) model, which is an instructional model. ADDIE model is a generic process that was conventionally utilized by instructional designers. Some of the primary reasons I chose this methodology was because;
- It provides a foundation for the planning of the project, setting up, and appropriate estimation
- IT guarantees a structure for a typical set of operations and deliverables
- It acts as an instrument for tracking and managing the project
- Augments detailed visibility of the project preparation to all concerned personnel of the process of development
- It enhances the speed to be used in the implementation of the project
- Diminishes the aspect of project risk and administration strategy overhead
As aforementioned, the ADDIE standard model consists of different phases that follow each other systematically and sequentially. The following is a description of all the ADDIE phases in a more detailed perspective;
Analysis Phase
Typically, in the phase of analysis, the user requirement or demand is appropriately identified and clarified. In regards to the project’s context, the need is for a network security upgrade in the utilization of the Zero trust model. Besides, the goals and objectives are identified, and the environment in which the project will take place is acknowledged fittingly. Below are several of the aspects that ought to be looked into for the period of the analysis phase;
- The project’s setting and its characteristics
- Current trends in a field of network security
- Diverse network security techniques at the disposal
- The delivery options available
- The timeline for the completion of the project
Design Phase
The design phase is crucial in the execution of a network security upgrade of a particular organization. Notably, in the design phase, network security personnel are expected to provide a concise approach illustrating how the upgrade is to be carried out. Additionally, it entails components selection and formulation of the appropriate resources required. Remarkably, the design phase ought to be systematic and precise. Systematic refers to a logical, well-organized technique of discovering, budding, and evaluating a set of designed policies aimed at obtaining the project’s goals. Also, precise refers to every component of the design map requires to be implemented with concentration to all details. The following are some of the essential steps applied for the design phase;
- Documentation of the strategies the project wishes to utilize
- Designation of an active and user-friendly user interface
- Creation of a prototype
- Application of an appropriate visual design
Development Phase
Remarkably, the development phase offers a platform whereby the suitable personnel has the aptitude of assembling the network upgrade components that were selected in the design phase. Besides, this phase entails professional staff, such as programmers who work to create and/or incorporate improvised technologies. Testers execute debugging measures in this phase. Remarkably, the project is reviewed following the feedback issued.
Implementation Phase
For the duration of the implementation phase, a process for training network consumers is created. The training ought to cover the appropriate utilization of the network and the procedures for testing the efficiency of the net. Moreover, the preparation of the network consumers entails efficient guidance on the new technologies (software or hardware) in usage.
Evaluation Phase
Conspicuously, the evaluation phase entails two portions;
- Formative
- Summative
The share of formative evaluation is at hand in every stage of the ADDIE model. Conversely, summative assessment involves the precise tests intended for definite domain criterion-linked referenced components. Additionally, summative evaluation offers prospects for a response from the network consumers.
Goals, Objectives and Deliverables Table
Goal | Objective | Deliverable |
1) Ensuring improved data security | a) Implementing internal network segmentation through the use of a subnet or VLAN using a firewall
b) Efficient setting up of SSL VPN on each firewall | i. IT Technical application ii. A robust network security structure
i. Robust data security ii. Secure conveyance of data |
2) Ensuring safe access to information | a) Executing a system for locking down file access based on the least privilege
b) Creation of demilitarized zones for public servers | i. User’s manual ii. Formal report
i. A continuity plan ii. Test assessment reports |
Project Goal One: Ensuring Improved Data Security
Data is an essential component of any organization; hence, it is often vital to protect it from cyber attackers. Remarkably, organizations across the world are putting a lot of resources towards the field of information technology so that they can set up the most enhanced cyber defense capabilities. Necessarily, organizations are alert on shielding their essential data. In regards to this project, two chief objectives ought to be considered so that the goal is arrived at.
- Implementation of internal network segmentation through the utilization of a subnet or VLAN using a firewall. Basically, this objective focuses on ensuring that an event of splitting up the network into small portions is carried out efficiently. Conspicuously, this guarantees that the upgrade is undertaken desirably with ease. Besides, regarding this objective, there exist two definite project deliverables described below;
- IT Technical application- The project is expected to deliver on a technical application that will, in prospect, be utilized by other organizations in the event of conducting an efficient network security upgrade.
- A robust network structure- Regarding the proposal submission, this project is also expected to deliver on a healthy and well-structured network system upgrade. The structure is expected to not only offer significance to the lone organization but multiple organizations.
- Efficient setting up of SSL VPN on each firewall. The project aims at making sure that a dynamic setup up of secure socket layer VPN is installed in each firewall available in the organization. Regarding this objective, there are two main project deliverables guaranteed. The deliverables include the following;
- Robust data security- Installation of secure sockets layer VPNs on each firewall makes it inevitable that data security will be enhanced. Notably, it is quite essential to realize those project deliverables may be in the form of intangible components. For this instance, the deliverable is intangible.
- Secure conveyance of data – It is expected that once the network upgrade is in completion, there will be a safe transfer of data from the sender to the recipient.
Project Goal Two: Ensuring a Secure Access of Information
Ensuring secure access to information is another primary goal for the project. The process of ensuring that there exist a secure means of accessing information is very ominous. It involves controlling access from various dimensions. Notably, there are two kinds of managing access that is physically and logically. Physical access control confines access to multiple premises. In contrast, logical access control confines connections to computer networks, files, and information. Ensuring secure access to information works the identification of a particular person or entity, verification that the individual or application claim, and authorization based on the level of access and a specific set of actions. Regarding this goal, it carries in it two significant objectives as explained below;
- Executing a system for locking down file access based on the least privilege. Conventionally, cyber attackers are taking advantage of the fact that every user in a particular network is allocated the same access privilege rights. Mostly, there have been modifications in the manner through which network administrators are granting access rights. Consequently, this objective has the following two deliverables that are expected to be of enormous significance to any customer.
- User’s manual- A user’s manual is a document that offers some aid to a customer in a particular mode of operation. Regarding the project’s context, the user’s manual will be utilized by the network clients.
- Formal report- Additionally, inevitably, a formal report illustrating the number and client variations allocated access in the network grid will be delivered to the organization.
- Creation of demilitarized zones for public servers. The technology behind the demilitarized zones has been discussed in detail earlier in this proposal. Just like the other objectives, this one also comes in hand with the deliverables expected.
- A continuity plan- A continuity plan is essential since it entails all the expected prospects in a detailed manner, and it offers a particular organization the aptitude of planning for the future.
- Test assessment reports- Regarding the numerous tests carried out; the clients must get to acquire the reports.
Project Timelines with Milestones
In this section, I will provide the projected timeline with the milestones for the project. Remarkably, this will include the duration of the start dates and end dates for each milestone.
Milestone | Site surveying | Documentation of existing physical and logical topologies | Network upgrade requirements documentation | Implementation of the upgrade | Monitoring and evaluation |
Duration (Days) | 3 Days | 5 Days | 5 Days | 7 Days | 10 Days |
Projected Start Date | 3rd March 2020 | 7th March 2020 | 13th March 2020 | 19th March 2020 | 27th March 2020 |
Anticipated End Date | 6th March 2020 | 12th March 2020 | 18th March 2020 | 26th March 2020 | 6th April 2020 |
Outcomes
Performance gauging enhances ease administration of projects and effectiveness. By focus on project outcomes, success can be defined untimely. The worth of any particular project cannot be calculated devoid of defining success. It demands attention to various outcomes. Conspicuously, outcomes tend to be the actions, incidences, or modifications in circumstances, performance, or attitudes that point out advancement toward a particular project’s goal. Typically, they are exact, measurable, and have an essential effect on them. Primarily, the primary outcome expected from this project is a more enhanced and robust network security system in the utilization of the Zero trust model. Notably, the project is expected to deliver the following two main possible outcomes;
- Secure and limited access to the network
- Maximum data security
Besides, there is a need for evaluation. The process of evaluation helps in determining whether a particular project has met its core goals and objectives or not. The following is the aspects to be put into consideration in the evaluation framework that will be applied to determine the success of the project;
- Schedule- The aspect of scheduling answers the question of whether the project was completed in the appropriate timeframe and the event of meeting the allocated deadline
- Scope- The scope of the project aligns to convey the client and the professionals together. The project’s scope tends to be either a list of aspects or merely a notion. Nonetheless, it is essentially the dynamic strength of any project.
- Budget- It is the most significant feature for numerous projects. It answers in the end whether you stuck with the budget allocated to the project.
- Team satisfaction- Frequently, this happens to be one of the factors that are overlooked over and over again in project management.
- Customer satisfaction- Normally, the clients are often not competent to articulate what they demand precisely. For this reason, one needs to figure out whatever they’re searching to ensure that they are satisfied with the final product or service
- Quality of work- The eminence of one project repeatedly affects another; for this reason, it is imperative to track quality and prompt adjustments to potential projects consequently habitually. Remarkably, recommendations are like free publicity. The event of delivering a high-quality product is vital.
References
Aljumaily, M. S. International Journal of Computer Networks & Communications (IJCNC). Retrieved from https://ijcnc.com/2018/08/10/ijcnc-002/
Atkins, W. D. (2007). Design and implementation of a hardened distributed network endpoint security system for improving the security of internet protocol-based networks. Retrieved from https://scholarsmine.mst.edu/masters_theses/4548/
Eby, K. (2017, Dec 14). From Strategy to Execution: How to Create a Sustainable, Repeatable Implementation Plan. Retrieved from https://www.smartsheet.com/implementation-plan
Gabriel, O. (n.d.). Network Design Project Proposal- Part I. Retrieved from https://www.academia.edu/15144271/Network_Design_Project_Proposal-_Part_I
Gilman, E., & Barth, D. (2017). Zero Trust Networks. O’Reilly Media, Incorporated. Retrieved from https://www.usenix.org/sites/default/files/conference/protected-files/lisa16_slides_gilman.pdf
Kruse, K. (2002). Introduction to instructional design and the ADDIE model. Retrieved January, 26, 2005. Retrieved from https://pdfs.semanticscholar.org/9dde/73651c087216677a930f1f5c2df02de6a5f9.pdf