A detailed analysis was conducted for my company’s I.T. Internet Infrastructure . Limited / Supervised Access was provided to the physical data center rooms and a brief inventory of the infrastructure (networking equipment / servers / etc.) was undertaken in order to acquire an orientation with regards to the Networking Equipment utilized. Internal interviews have been conducted with the company technical & capability leads (networking / design / security) with regards to the same.
A) Internet Infrastructure investigation report:-
1- Networking Server & Client Operating System Environment:-
Server Environment:-The company primarily utilizes the Microsoft Windows 2003 Server ®™ family (Sp1) as the primary server operating system for its services (i.e. File & Print / Active Directory Domain Controller /Applications Servers /etc.) Also for Sun Servers – Sun Solaris 9.0 ®™ Operating System is utilized. Please note that Server O/S screen shots could not be obtained due to the company’s security policy.
Client Environment: - Windows XP Professional ®™2002 (sp2) is the client operating system deployed throughout the organization. Windows Vista ®™Deployment is being considered for rollout in the 2nd quarter of 2008, due to hardware device drivers / security related issues.
Fig. 1.2 – Client Environment
2- Hardware & Networking Devices / Appliances:-
Hardware & Networking Equipment Deployed throughout the organization are listed as follows:-
1-Servers: - HP ML 350 & 370®™ (Windows Servers).
2-Clients:- Dell Deskpro ®™& Latitude ®™ 610 / 620
-Dlink ®™switch hubs.
-Switches: - Cisco Catalyst ®™ (2950 / 2960 / 3560 / 3750 / 3716 / 4506) 24 & 48 port switches. -Firewall:- PIX / ASA / FWSM / IPS – 4620 / 4260
-Wireless Access Points:- Cisco Linksys ®™ wireless access point – wap54g
3- Internet Enabled Applications:-
Web based applications deployed & utilized by the company are listed as follows:-
1-Outlook ®™ Web Access – Outlook email access deployed for entire company staff.
Fig. 2.1: Outlook Web Access
Fig. 2.2: Outlook Web Access contd.
2-EPM ®™ (Enterprise Project Management) module integrated with Microsoft Project Server ®™ & Client systems; this module is utilized by the PPMG (Program & Project Management Group) Department.
Fig. 2.3 EPM (Enterprise Project Management) Portal
3- Web Portal: - Microsoft SharePoint ®™ portal deployed for the entire organization group (by Department) for documentation storage & collaboration.
Fig. 2.4: Corporate Share Point Portal
B) Network Connectivity Diagrams:-
1- Connectivity to the outside world:-
Fig. 3.1: Network Connectivity Diagram
2- IP Addressing logic:-
The IP addressing scheme deployed throughout the company's I.T. Infrastructure is as follows:-
1-ISP Assigned address ranges:-
-213.42.x.y (which represent the privately used routed address range – i.e. NAT (Network Address Translation))
2-Private LAN Address range:-
-195.229.x.y (which represent the publicly used address range – i.e. Exchange / Web Services / etc.) -Router maintains 2 interfaces - 1 Private and 1 Public.
-Internal Address Scheme is in the 172.24.x.y range, with NAT being performed on the router via the Private Interface, and internal ip address allocation performed via DHCP within the 172.24.x.y range.
C) Hardware / Software components required for maximum security in a typical network setup:-
This report defines the minimum components (hardware & software) required to guarantee the maximum level of security in a typical network setup :-
A physical – Application layer firewall should be installed on the network; in order to provide the highest level of security by detecting packet traffic by protocol (ex. FTP / Telnet / etc.). Stringent protocol level policies should be implemented in the firewall,...