Background. You have just been hired by a startup cyber security company. The company has agreements with vendors to provide network architecture designs, including intrusion detection tool placement and operation.

Task. You are designing and implementing a corporations architecture and intrusion detection capabilities from a blank slate. As a cyber security analyst you must design a network containing the architecture components listed below, and design where the security components will reside within that network. The security components necessary are also listed below. Your security components are not limited to the specific brand of tools taught in this course, but the tools you select must fulfill the same functions as the tools we learned about.

Architecture components:

1. Public facing web server where users can login

2. Web server database containing customer information

3. Email system for users to communicate with each other and customers

4. Internal user systems

5. Firewalls, switches and routers as necessary

Security Components:

1. Network segmentation (e.g. DMZ, internal, external)

2. Network-based Intrusion Detection or Prevention (e.g. Suricata in passive mode or active mode)

3. Host-based Intrusion detection (e.g. AIDE)

4. Network foot printing tool (e.g. nmap)

Corporate Requirements:

1. Protection of a pubic facing web site where clients can log in, access their accounts, buy and pay for product/services, have access to training and education material, access a knowledge base, security blogs, links, etc.

2. Protection of client data (client network data, assessment results, financial information)

3. Protection of internal systems which may contain employee PII, financial, banking information and email.

4. Ability to detect rogue systems or unauthorized devices

Deliverable(s).

1. Architecture of the network components defined above

2. Placement of the security components, defined above, within that architecture

3 A description of the traffic that each network based security component should be configured to allow or explicitly deny

3.a. For example, a NIDS placed between a public facing web server and the internet may potentially only allow internet traffic on ports 80 or 443, and prevent all other traffic

3.b. For example, a NIDS placed between a public facing web server and the internet may potentially only allow internet traffic on ports 80 or 443, and prevent all other traffic.