IS3220 Assignment 3

As part of the network security team, we will be proving IDI with a network security plan to mitigate the vulnerabilities that have been discovered. A secure site will be set up with network intrusion detection and network protection systems will be available to access via the internal network. Policies will be presented for remote access and the use of VPN. Also contained within this report will be strategies for hardening the network and mitigating risks. An updated network layout with increased network security to meet the current needs will be included. In the interest of business continuity, remote access will be utilized. User wishing access to internal network assets will only be able to access said assets with the use of a company issued laptop. We will make use of MAC address filtering to allow remote users access to the internal network via VPN. Each of the remote access laptops will have been loaded with VPN and have the MAC address added to the list on the MAC address filter. Users will be able to login to the VPN by using their local username and password. By making use of a VPN connection, users should be able to easily access the network assets. VPN connections are protected by SSL encryption which provides communication security over the internet. Each of the remote access laptops will be encrypted with McAfee safeboot encryption and all local data will remain encrypted until a valid login is entered. McAfee safeboot encryption requires additional login information to access the IDI internal network.
At the present there is one web server for employees to access both internal and external sites. The network security team will be integrating a web server located within the internal network. This Web server will be accessible only from within IDI’s local area network. We will be using the layered security concept to protect IDI’s internal servers. An (IDS) intrusion detection system will be set up to send out alerts in the event of an intrusion