Question: CRITERIA MEETS SPECIFICATIONS Design a secure network architecture based on business requirements Network design contains each of the following: An on-premise network that has 3
| CRITERIA | MEETS SPECIFICATIONS |
|---|---|
| Design a secure network architecture based on business requirements | Network design contains each of the following: An on-premise network that has 3 workstations in it. A Virtual Network with the following segments: Public DMZ with two web servers and load balancer in it. Private DMZ with two database servers. Management LAN with one management server in it. Internal LAN with 5 workstations in it. Private secure LAN with 3 database servers. Additionally include the following: A VPN gateway connecting the on-premise network to your Virtual Network. Show placement of security devices in the architecture, including load balancer(s), firewall(s), IDS/IPS device(s). Show the flow of traffic, and remember to incorporate best security practices with the flow of traffic between the different subnets. |
SECTION 2: BUILDING A SECURE NETWORK ARCHITECTURE
| CRITERIA | MEETS SPECIFICATIONS |
|---|---|
| Build a secure enterprise network in Azure | Screenshots show the following components of the secure network architecture created: 1) Two Azure Virtual Networks, one labeled for the DMZ and the other for the Internal 2) 2 subnets within the DMZ and 3 subnets within the Internal 3) DMZ subnets are labeled Public and Private 4) Internal LAN subnets are Management, Secure, and Enterprise |
| Create VMs in Azure | Screenshots show the following five VMs created: 1) One VM in each of the public and private DMZ subnets 2) One VM in each of the three internal subnets |
| Set up secure network routing | Screenshot that shows the routing setup between the different subnets |
| Set up a VPN to access Azure Internal LAN | 1) A VPN giving the student direct access to the LAN has been created 2) Screenshot showing connectivity to the VPN 3) Screenshot showing connectivity to VMs within LAN while connected to VPN |
SECTION 3: CONTINUOUS MONITORING WITH A SIEM
| CRITERIA | MEETS SPECIFICATIONS |
|---|---|
| Set up an ELK Server | Screenshots show the following have been created: 1) A VM in the private DMZ with the ELK Server built on it. 2) Routing configuration showing the only traffic allowed inbound to the server is from both of the virtual networks and Kibana only being accessible from the Internal Network. |
| Ingest logs into the SIEM | Screenshots show the following: 1) Filebeat service running and showing "Filebeat status Active" 2) Filebeat config file showing routing of logs to Elasticsearch 3) Simulate web traffic to your web servers using https://www.babylontraffic.com 4) Web server logs appearing in Kibana |
| Build alerts for the SIEM | Screenshots show these alerts have been created: Alert for a DoS attack. Alert for a Brute Force attack Alert for a scanning and reconnaissance attempt. |
| Plan for future incidents by writing an Incident Response Playbook | Playbook details what the steps would be in response to each alert that was created. The remediation for each of the alerts should be included as well. |
Section 4: Zero Trust
| CRITERIA | MEETS SPECIFICATIONS |
|---|---|
| Design a Zero Trust Model | Zero Trust Model should incorporate the following: Identity Devices Apps Network Data Infrastructure Trusted and Untrusted Devices Controls |
| Demonstrate knowledge of Zero Trust models by describing the differences between Zero Trust and modern security architecture | A detailed comparative analysis that accurately describes the differences between a Zero Trust model and modern network architecture design |
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help