This review is an individual assignment which is intended to allow you to demonstrate your understanding of Firewalls an
Posted: Tue May 24, 2022 8:40 am
This review is an individual assignment which is intended to
allow you to demonstrate your understanding of Firewalls and its
practical application such as in network
segmentation towards the technical perspective to
Computer and Information Security. It is also aimed at inducingyour
ability to critically apply theoretical understanding to the
practicaldomain. Your submission should be detailedenough and
purely from a practicalview point. This assignment would also
require your previous understanding of the application of VLANs,
Leased lines, IP Addressing, Routers and Routing protocols.
Consider the scenario below and answer the tasks that follow.
Youmay choose to discuss your thoughts with other peopleto
ensure that you have understood them properly, but you may
not collaborate with other people to prepare the detail
of your submission and its drafting. You may not share, with any
other student, any text, graphics, or data files that form part of
your assignment.
Scenario
A small businessenterprise, named "Got 2 Get", located in a city
has two offices - a corporate office (termed as location 1 or L1)
that houses the Corporate team and the Sales and Marketing team and
an Operations office (termed as location 2 or L2) that housesthe
other teamsincluding the IT team. The two offices L1 and L2 are
connected via a point-to-point leased line. The Internetaccess is
via a routerat L2.
At L1, the network has two internalsegments one each for the
corporate and Sales &Marketing teams. At L2, there are four
internal segments, one each for three teams including the IT team
and one firewalled exclusive segment for hosting the organisation's
web server. There are now plans to open a third officewithin the
same city at a different location, L3, to expand to provide online
sales and customer support. L3 will connect to L2 via a leased
link. L3 will have an internal network containing three segments,
one each for the online sales team, customer support team, and the
web & database serversfor online sales.The network segmentfor
online saleswill be firewalled. L3 will have a link to the
Internetfor online sales.
Following setting up L3, the business plans to acquire a
warehouse location L4, physically adjoining L3 for inventory and
stocks, which are now handled by a third-party company. It is
planned that L4 will have a video surveillance network that is
connected via the network and monitored by a team in L3. The video
logging of the surveillance feed is done on servers at location
L2.
You are a network security design consultant who is expected to
advise them on the design aspects of the network.You should
reviewand advise on the following aspects of the design so that
theirbusiness requirements are met. Their business requirements
are:
24x7 online business access and availability
24x7 customer service access
24x7 video surveillance, notifications, and alarms for L4 The
technical aspects to consider for design decisions are:
Bandwidth requirement estimates for the leased connections
between L2 & L1 and L2 &L3
Each team is in a separatenetwork segment of the internalnetwork
at their location
Secure the Internal networkfrom external traffic
Redundant networkresources (devices & links) to ensure 24x7
availability
Interconnection between L3 and L4
Service Level Agreements (SLA) with Internetproviders
The details of the individual team sizes at each locationis
listed below. Each member of a team has a computing device that is
used to access the organisation's network. The members of the
warehouse team will be provided with tablets to enable them to be
mobile.
Location
Connected to
Team Name
Team Size
L1
L2
Corporate
5
Sales &Marketing
7
L2
L1, L3, Internet
IT Team
3
Other threeTeams
6 + 6 +12
L3
L2, L4, Internet
Online Sales
5
Customer Support
6
L4
L3
Warehouse
5
You are expected to provide a report style document whose
content must answer the specific questions mentioned as tasks
below.
Task 4 (up to 15 marks)
L4 is connected to L3 as a firewalled network segment. There is
a total of 30 IP video cameras that are installed at the warehouse.
All these will be sending concurrent live video feeds to a server
in L2 via the L3 to L2 WAN link. Choose an appropriate video camera
with a wired Ethernet interface and calculate the maximum video
bandwidth required. What should be the bandwidth of the L3 to L2
WAN link?
What would your choice of the routingprotocol on the WAN links
(L1 to L2, L2 to L3) be? Briefly explain your choice.
There are two links to the Internet - one from L2 and one from
L3. If these two links were to be configured as redundant Internet
links (for high availability), would you approve it? Would you
suggest any changes? If yes, explain why.
allow you to demonstrate your understanding of Firewalls and its
practical application such as in network
segmentation towards the technical perspective to
Computer and Information Security. It is also aimed at inducingyour
ability to critically apply theoretical understanding to the
practicaldomain. Your submission should be detailedenough and
purely from a practicalview point. This assignment would also
require your previous understanding of the application of VLANs,
Leased lines, IP Addressing, Routers and Routing protocols.
Consider the scenario below and answer the tasks that follow.
Youmay choose to discuss your thoughts with other peopleto
ensure that you have understood them properly, but you may
not collaborate with other people to prepare the detail
of your submission and its drafting. You may not share, with any
other student, any text, graphics, or data files that form part of
your assignment.
Scenario
A small businessenterprise, named "Got 2 Get", located in a city
has two offices - a corporate office (termed as location 1 or L1)
that houses the Corporate team and the Sales and Marketing team and
an Operations office (termed as location 2 or L2) that housesthe
other teamsincluding the IT team. The two offices L1 and L2 are
connected via a point-to-point leased line. The Internetaccess is
via a routerat L2.
At L1, the network has two internalsegments one each for the
corporate and Sales &Marketing teams. At L2, there are four
internal segments, one each for three teams including the IT team
and one firewalled exclusive segment for hosting the organisation's
web server. There are now plans to open a third officewithin the
same city at a different location, L3, to expand to provide online
sales and customer support. L3 will connect to L2 via a leased
link. L3 will have an internal network containing three segments,
one each for the online sales team, customer support team, and the
web & database serversfor online sales.The network segmentfor
online saleswill be firewalled. L3 will have a link to the
Internetfor online sales.
Following setting up L3, the business plans to acquire a
warehouse location L4, physically adjoining L3 for inventory and
stocks, which are now handled by a third-party company. It is
planned that L4 will have a video surveillance network that is
connected via the network and monitored by a team in L3. The video
logging of the surveillance feed is done on servers at location
L2.
You are a network security design consultant who is expected to
advise them on the design aspects of the network.You should
reviewand advise on the following aspects of the design so that
theirbusiness requirements are met. Their business requirements
are:
24x7 online business access and availability
24x7 customer service access
24x7 video surveillance, notifications, and alarms for L4 The
technical aspects to consider for design decisions are:
Bandwidth requirement estimates for the leased connections
between L2 & L1 and L2 &L3
Each team is in a separatenetwork segment of the internalnetwork
at their location
Secure the Internal networkfrom external traffic
Redundant networkresources (devices & links) to ensure 24x7
availability
Interconnection between L3 and L4
Service Level Agreements (SLA) with Internetproviders
The details of the individual team sizes at each locationis
listed below. Each member of a team has a computing device that is
used to access the organisation's network. The members of the
warehouse team will be provided with tablets to enable them to be
mobile.
Location
Connected to
Team Name
Team Size
L1
L2
Corporate
5
Sales &Marketing
7
L2
L1, L3, Internet
IT Team
3
Other threeTeams
6 + 6 +12
L3
L2, L4, Internet
Online Sales
5
Customer Support
6
L4
L3
Warehouse
5
You are expected to provide a report style document whose
content must answer the specific questions mentioned as tasks
below.
Task 4 (up to 15 marks)
L4 is connected to L3 as a firewalled network segment. There is
a total of 30 IP video cameras that are installed at the warehouse.
All these will be sending concurrent live video feeds to a server
in L2 via the L3 to L2 WAN link. Choose an appropriate video camera
with a wired Ethernet interface and calculate the maximum video
bandwidth required. What should be the bandwidth of the L3 to L2
WAN link?
What would your choice of the routingprotocol on the WAN links
(L1 to L2, L2 to L3) be? Briefly explain your choice.
There are two links to the Internet - one from L2 and one from
L3. If these two links were to be configured as redundant Internet
links (for high availability), would you approve it? Would you
suggest any changes? If yes, explain why.