Our data infrastructure is constantly being attacked by hackers. Network administrators are being challenged on a daily basis to defend their intranet and other systems on the Internet. As a network administrator for Andrew’s Biometrics Corp (ABC), you face the following problem.
ABC has a series of load balanced Web servers that provide information about the organization, advertise products, process online orders, and allow customers to make payments. These systems need to be protected from denial-of-service attacks. There are many types of firewalls on the market today. Legacy firewalls tend to filter packets based on protocol types or IP addresses. Most recent firewalls can function on top of the application layer of the TCP/IP model and filter packets-based content.
Research a minimum of two industry resources (e.g., National Institute for Standards & Technology [NIST], Institute of Electrical and Electronic Engineers [IEEE], Internet Engineering Task Force [IETF], etc.) on this topic. (Access the MISM Credible Resource GuideLinks to an external site. for assistance with finding appropriate credible professional resources.) Using the concept of a Demilitarized Zone (DMZ) and relevant diagrams, explain the design of your network and how you would segment it. Examine various firewall types and select the appropriate firewall to best protect the computing infrastructure of ABC. It is critical to manage the traffic in and out from the Internet and protect the internal digital resources, including customer data. Access your virtual lab environment and create a diagram using Visio to visually represent the proposed firewall layout. Include the diagram as an image within your document.
Introduction
Andrew’s Biometrics Corp (ABC) is a company that specializes in biometric security solutions. The company has a series of load balanced Web servers that provide information about the organization, advertise products, process online orders, and allow customers to make payments. The company’s data infrastructure is constantly being attacked by hackers, and network administrators are being challenged on a daily basis to defend their intranet and other systems on the Internet.
Problem Statement
ABC needs to protect its load balanced Web servers from denial-of-service attacks. Traditional firewalls are not effective at mitigating these types of attacks, as they typically filter packets based on protocol types or IP addresses. ABC needs a firewall that can filter packets based on content, as well as one that can understand the state of active network connections.
Industry Resources
Demilitarized Zone (DMZ)
A DMZ is a network segment that is located between an organization’s internal network and the Internet. The DMZ is typically used to host publicly accessible servers, such as Web servers and email servers. The DMZ helps to protect the organization’s internal network from unauthorized access, even if the DMZ servers are compromised.
Network Segmentation
Network segmentation is the process of dividing a network into smaller subnetworks. This helps to improve security and performance by isolating different types of traffic and preventing unauthorized access to critical systems.
Firewall Types
Design Considerations
When designing a network security solution for ABC, the following considerations must be taken into account:
Recommended Firewall
The recommended firewall for ABC is a next-generation firewall (NGFW). NGFWs are a type of application-layer firewall that can inspect the content of packets to determine whether or not to allow traffic. NGFWs are also able to keep track of active network connections and use this information to make decisions about whether or not to allow traffic.
Visio Diagram
Opens in a new windowlessonsintech.wordpress.com
Visio diagram showing the proposed firewall layout
Implementation
The following steps can be taken to implement the proposed firewall layout:
Conclusion
The proposed firewall layout will help to protect ABC’s Web servers from denial-of-service attacks and other threats. The NGFW will be able to inspect the content of packets and block those that contain malicious content. The NGFW will also be able to keep track of active network connections and use this information to make decisions about whether or not to allow traffic.