Business and technical goals
Background Information for World-Wide Trading Company
Business and Technical Goals
Allow employee to attach their notebook computers to the WWTC network and Internet services.
Provide state of the art VoIP and Data Network
secure and fast network to ensure proper operation of the network.
To prepare a design for a state of the art network at the Wall Street location of World-Wide Trading.
Selecting the Access layers switches:
Provide one port to each device
Propose an IP addressing redesign that optimizes IP addressing and IP routing (including the use of route summarization). Provide migration provision to IPv6 protocol in future.
Propose a High Level security plans to secure key applications and servers but encryption of all application is not acceptable. Develop security policy to stop sniffing and man-in-the-middle attack. Your security plan must be based on current industry standards. Multilayer security or defense-in-depth.
Provide wireless network access to network users and guest users in limited area (Lobby and Conference room). In conference room and the lobby, the user will get a minimum 54 Mbps of bandwidth. (You can assume that site survey is done and no sources of interference or RF were discovered.)
Provide provisions for video conference and multicast services.
Microsoft Office 2014
Sending and receiving e-mail
Market Tracking Application. This application will provide real-time status of stock and bond market to brokers and their clients.
Stock and Bond Analytical Application. This application will provide analysis of stock and Bond to Brokers only.
Audit results of other locations identified the following problems
E-mail had been inappropriately used at times to communicate Business sensitive information.
In order to address these audit findings, you decided to firm up security policies in these areas.
All data transmitted on the classified network must be cryptographically protected throughout the network. All classified data must be centrally stored and secured in a physically separate area from the unclassified network.
WAN Connectivity
All devices must be mutually authenticated and cryptographic protection should be provided.
PSTN dial-up
These are only recommendations on the general approach you might take for this project.
Determine the most important assets of the company, which must be protected
Develop a High availability secure design for this locations addressing above considerations and mitigating 4 primary networks attacks categories mentioned below.
The Four Primary Attack Categories:
The following are the guidelines for security policies.
Security Policies:
Policies defining security baselines to be met by devices before connecting them to the network.
Creates a basis for legal action if necessary.
Remote access policy
Incident handling policy: This topic specifies how the company will create an incident response team and the procedure to be used during and after an incident
Enables a BitLocker system on a wired network to automatically unlock the system volume during boot (on capable Windows Server 2014 networks), reducing internal help desk call volumes for lost PINs.
Create group policies settings to enforce that either Used Disk Space Only or Full Encryption is used when BitLocker is enabled on a drive.
IP Address Management (IPAM) is an entirely new feature in Windows Server 2012 that provides highly customizable administrative and monitoring capabilities for the IP address infrastructure on a corporate network.
Smart cards and their associated personal identification numbers (PINs) are an increasingly popular, reliable, and cost-effective form of two-factor authentication. With the right controls in place, a user must have the smart card and know the PIN to gain access to network resources.
Create OU level for users and devices in their respective OU
Create Global, Universal, Local group.. Each global group will contain all users in the corresponding department. Membership in the universal group is restrictive and membership can be assigned on the basis of least privileged principle. (For design purpose, you can assume that WTC as a Single Forest with multiple domains).
VP OPR, VP NW USA, VP SW USA, VP NE USA, VP SE USA, VP M USA
Table:-1 Equipment Inventory
Table 4. Ordering Information for Cisco Wireless LAN Controllers
|
|||
|---|---|---|---|
|
• Modular support of 12, 25, 50, or 100 Cisco Aironet access points • Industrial-grade resistance to electromagnetic interferences (EMI) |
• For midsize to large deployments |
• AIR-WLC4404-100-K9
|
| • For retail, enterprise branch offices, or SMB deployments | • AIR-WLC2106-K9 • AIR-WLC2112-K9 |
||
• Supports 300 Cisco Aironet access points • IPSec encryption |
• For large-scale deployments • High availability |
||
• Cisco Catalyst 3750G Series Switch with wireless LAN controller capabilities • Modular support of 25 or 50 Cisco Aironet access points per switch (and up to 200 access points per stack*) |
• WS-C3750G-24WS-S25 • WS-C3750G-24WS-S50 |
||
• Embedded system for Cisco 2800/3800 Series and Cisco 3700 Series routers • For retail, small to medium-sized deployments or branch offices |
• NME-AIR-WLC12-K9 • NME-AIR-WLC12-K9= (spare) |
||
Table 2. Cisco Aironet Indoor Rugged, Indoor, Wireless Mesh, and Outdoor Rugged Access Points
Suggested Placement Table Wireless Network
| Building | Access Point |
Total AP | Total WLC | |
|---|---|---|---|---|
| Building | ||||
| Lobby | ||||
| Cafeteria | ||||
| Conference room | ||||
Suggested Product Table (AP)
| AP | Cisco Part Number | Quantity | Cost |
|---|---|---|---|
| Cisco Aironet 1250 Series | AIR-AP1252AG-x-K9: 802.11a/g/n-draft 2.0 2.4/5-GHz Modular Autonomous Access Point; 6 RP-TNC | 20 | |