AAB (a fictitious company) is an HK mobile network operator and internet service provider. The company is looking to become one of the largest mobile network operators in HK, with approximately two million subscribers as of November 2020. Its main office and data centre is located in London. The company recently opened a new site and data center in China in May 2021. AAB launched a new on-demand TV service for broadband customers in March 2021. The service is provided on an internet-connected TV box or through an app on selected computers, mobile devices, and Smart TVs. Subscribers to the new TV service will need to create an online account using an email address and password, first and last names, addresses, and credit card details. Subscribers are then able to manage their online accounts and make payments to renew their subscriptions through the companys e-commerce website and mobile app. All digital copies of popular shows and movies streamed by subscribers are stored on multiple servers at both data centers. In May 2021, the company suffered a major fire incident that caused physical damage to the data centre and destroyed a Network Attached Storage (NAS) device used to back up sensitive company documents and files. To allow staff at the different company sites to easily share company files, documents and backups following this incident, the network administrator decided to set up a temporary internal file server that is accessible to all employees. Since the start of the pandemic in 2019, some employees at AAB who work off-site can access their workstations remotely from home. Most of the employees are happy with the flexibility of being able to work from home or from anywhere with access to the public internet such as cafes, airport lounges or restaurants. Recently, the company received a fine of HKD40,000 after several emails, which contained details of several customers personal information and account details, were sent to the wrong customers. An investigation into the incident revealed that an employee selected the wrong email addresses during the creation of an email distribution list. The data itself was not encrypted and thus was able to be viewed by unintended recipients.

Network Overview The HK and CHINA sites are all interconnected using Cisco RV340 Series routers to ensure that all employees have access to the network resources that they need to be productive. Remote employees have a Remote Desktop Protocol (RDP) client application installed on their computers which they use to remotely access the companys internal network.

The companys main e-commerce website used by its customers to manage their TV subscriptions has the following setup as shown below: Apache HTTP Server 2.4.50 Magento Commerce version 2.4.2 Oracle GlassFish Server Open-Source Edition 4.1 MariaDB version 10.2 The internal file server (hosted at the London site) is configured to use File Transfer Protocol (FTP) and allows employees to log in using a shared username: FTP user and password: @W0nd3rFul567 The diagram of the companys network architecture is shown below:

The Chief Information Security Officer (CISO) has suggested that Virtual Private Network (VPN) technology and firewalls might be useful to help secure the corporate network. a) Explain the key features of a VPN and how it could be applied here to address the risk(s) based on the scenario. Explain the suitable types of VPN connection options that are appropriate for the scenario and justify your recommendations. b) As part of securing the corporate network, discuss the use of firewalls to secure the entire network and of a Demilitarised Zone (DMZ). Draw a new network diagram from Figure 1, showing new components which include firewalls, VPN connections and a DMZ. You must include all components from Figure 1 in your new diagram and justify your network design.

c) Discuss how you will improve the security of the internal FTP server and sensitive documents backed up on this server. You must provide a detailed discussion of any appropriate technology and methods in your recommendations.

The diagram of the company's network architecture is shown below