CETM30 Assignment 2 Task

University of Sunderland
Faculty of Technology
School of Computer Science
CETM30 – Fundamentals of Cybersecurity
Assignment 2 - 2019
The following learning outcomes will be assessed:
Knowledge
 Ability to critically understand the principles of cybersecurity and the procedures to manage these in organisational settings, taking into account potential security threats, risks and attacks
 Ability to evaluate the processes, procedures and protocols required to implement secure, reliable and effective systems security and identify suitable metrics to quantify and measure levels of security
Skills
 The competences required to critically apply of the principles and techniques to deal with the complex issues involved in designing, implementing and maintaining secure systems, whilst identifying and minimising the security risks
Important Information
You are required to submit your work within the bounds of the University Infringement of Assessment Regulations (see your programme guide). Plagiarism, paraphrasing and downloading large amounts of information from external sources will not be tolerated and will be dealt with severely. Although you should make full use of any source material, which would normally be an occasional sentence and/or paragraph (referenced) followed by your own critical analysis/evaluation. You will receive no marks for work that is not your own. Your work may be subject to checks for originality which can include use of an electronic plagiarism detection service.
Where you are asked to submit an individual piece of work, the work must be entirely your own. The safety of your assessments is your responsibility. You must not permit another student access to your work. Where referencing is required, unless otherwise stated, the Harvard Referencing System must be used (see your programme guide). Please ensure that you retain a duplicate of your assignment. We are required to send samples of student work to the external examiners for moderation purposes. It will also safeguard in the unlikely event of your work going astray.
Submission Date & Time
As directed on Canvas
Submission Location
By electronic submission on the CETM30 Canvas site
C£TM30 Assignment 2 – Network Security Planning & Implementation
(This assessment is worth 50% of the total module mark)
A national firm of insurance brokers recently set up business in Exeter. After quite a successful year, they have decided to expand their operations within Exeter and to a new branch office in Edinburgh.
You have been commissioned as a network security consultant to specify and design their new network security provision. The original HQ site in Exeter is occupying the top 2 stories (9th and 10th floors) of a tower block – see supplied diagrams, and the additional space it will expand to is the top two stories (the 11th and 12th floors) of a neighbouring tower block – which is on the other side of the street (75m away). Due to the differing design ideas of the architect, the new block is approximately 5m higher in elevation. The Edinburgh branch site is to be located within a prestigious grade 1 listed structure near the Royal Mile in the city centre.
You have been given the floor plans of the buildings and network diagrams which show the networks as they stand in Exeter existing HQ and its new area in the other tower block. These network diagrams are of a “temporary” network set up which has been used to simply get the firm going across the two buildings.
Using these diagrams, you are to produce a properly formatted and fully referenced network security consultation report to address the issues listed below. N.B. All the sites are equipped with FTTP high speed connections for Internet/WAN connectivity (though only in one original building in the Liverpool site). The other tower block has no separate broadband or exterior connection, but there is a temporary cable suspended between the two buildings which connects them. The new building in Edinburgh has a FTTP port on the wall in the Doorman’s booth, and an associated 802.11n wireless router is connected there – but there is no other network installed in the premises.
As a firm that has to handle very sensitive insurance documents and legal papers, they need to secure their network systems to a more than adequate level, but which will be transparent enough not to hinder or slow down their day to day running of the firm’s business which already deals with over 1000 clients. Any security system in place will also need to be able to handle future expansion of the business.
You have a maximum word limit of 2000 words for this task – not including diagrams and references:
1. Given that the company would like to establish a link between the Exeter and Edinburgh sites (WAN), and given that the sites already have FTTP connectivity, examine and create a section in your report which considers what technologies exist that could be used to secure these connections so that data is safe from theft or tampering in any way when flowing from site to site. Make sure you include recommendations for what they really should do (with full justification as to why they should follow your advice). [20 Marks]
2. Examine the floor plans you have been provided with for the Exeter HQ buildings and their associated temporary network diagrams. Then create a chapter in your report which discusses/includes the following:
o The security weaknesses/hazards inherent in the physical make-up of the sites and suggest what could be done to secure them from a structural point of view – please
bear in mind that the uppermost floor has the open roof above it – the new area in the other building is the same, but has a mobile phone mast on the top of it (4G rated) – just above the accountant office. The 1st – 8th floors of these buildings are occupied by 7 other businesses.
o Using the network diagrams, also highlight the problems/security weaknesses with their existing network arrangements.
o Reworked diagrams of the floor plans and networks showing the necessary changes you would recommend for overcoming these weaknesses.
o Full justification for your recommendations including any building/network design alterations and any additional network/system hardware or software that would be required to support your ideas. [30 Marks]
3. The Edinburgh branch is located as we know, in a grade 1 listed structure. A building plan is provided (single storey with loft space). This building offers some challenges for network setup as the original structure (inside and outside) and its decoration can’t be altered in any way due to its protected status. “Temporary and reversible” additions can be made – provided the building is returned to its original state if and when the company decides to move to a different premises. With this conformance to the “listing” regulations create a report chapter that discusses:
o Recommendations and a design for a workable and secure network to support the staff indicated on the existing diagram.
o Any suitable “added temporary” fittings that might be required.
o A reworked diagram to support your findings. [20 Marks]
4. The company has designs on becoming an international organisation, and wants to expand into Portugal and to the USA to offer its services. To this end, some network designers have drawn up a network plan and a simulation in Packet Tracer to prove their designs. However these designers have little or no expertise in adding network security features to networks.
So, in the last session of your CETM30 module time you will be provided with that network simulation, network plan and a set of network security implementation criteria - you will need to:
 Secure the routing protocols that are in use with suitable encrypted keys.
 Add Cisco IOS mode protection to prevent unauthorised reconfiguration of devices.
 Create suitable VPN configurations to ensure data is protected between high security zones within key network areas.
 Implement firewall solutions to protect certain areas of the network from rogue traffic.
[30 Marks]
END OF ASSIGNMENT BRIEF