In the ever-changing world of technology, AP Inc is a leader in making software. As the company gets ready to open another office, the importance of keeping the network safe is clear. Because important information, valuable ideas, and important business tasks are shared quickly, it's important to have a detailed plan to keep the network safe. Your team, made up of experts in IT and network security, has the important job of creating a detailed plan to keep the network safe. This plan will include different tools and parts to make sure the network is secure, like firewalls, a Demilitarized Zone (DMZ), Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), Threat Protection, IT security rules and policies, and other important placements and settings.

Assignment:

Your mission is to create a holistic network security design tailored to AM Inc.'s forthcoming office expansion. The design should incorporate all the necessary security devices and network components,

strategically placed to offer an impregnable shield while optimizing operational efficiency. And you have to note that the finance is not unlimited.

The office has 4 buildings spread into 4 different departments. AM Inc should have two Internet connections, one for the primary connection and the other for the backup connection. These should be from two different ISPs:

1.) SE division 2.) QA division 3.) HR and Finance division 4.) IT, Security, and management division Each division has their own servers as below:

Division	Servers	Access	Special requests
SE	Version controlling server, client database server and CICD pipeline server	Both internal and external access	VPN should be there to access the servers
QA	CICD pipeline server a cone of the CICD pipeline server from the SE Devision	Internal Access only	Must be in a different network for testing the scenarios
HR and Finance	Employment related servers including HR database, Pay role, finance, etc.	Internal access only	NA
IT, Security and Management	Web, DNS, DHCP, Security servers. Internal network monitoring servers, License management servers, Access control servers, Directory Server and email server.	Public and Private Access	All the servers should be managed remotely.

Requirements:

TASK1:

Draw a Network Diagram: Draw a hypothetical network diagram for AM Inc's network. The diagram should encompass both the primary and secondary offices (The new office), intricately detailing the interlinks between them. Precisely identify the strategic placements of firewalls, DMZ, IPS, IDS, virus guards, VPN access, and supplementary security and network devices.

TASK2:

Justifying Network Security: Explain why network security is important for AM Inc. Talk about the many different threats like data breaches, ransomware attacks, and spying on our ideas. Also, mention attacks that try to make the systems stop working and stealing information. Give a strong reason for using good security steps to keep the business running smoothly and to make sure our customers trust us.

TASK3:

Firewalls Placement: Carefully study the best places to place firewalls. Look closely at how data moves between offices, departments, and public private access to the servers, including what comes in and goes out. You have to give reasons for the selections to put the firewalls where you did, focusing on protecting important things. Important thing to keep in mind is that you have to use very limited amount of firewalls, because the cost factor is high 

TASK4:

DMZ Configuration: Create a smart plan for a DMZ that separates things outside the company from the inside network. Clearly list the things that will be placed in the DMZs. Explain why you chose these things and how you'll make the DMZ work smoothly with them. And you MUST indicate the DMZs in your design diagram 

TASK5: Additional Security Devices: Create a smart plan for integrating a diverse array of supplementary security devices, such as:

• Intrusion Detection System (IDS): Ascertain placements where IDS devices can bolster the network's threat detection capabilities.

• Virtual Private Network (VPN) Concentrator: Discuss the strategic positioning of VPN concentrators to secure remote connections effectively.

• Network Access Control (NAC) System: Justify the placement of NAC devices for streamlined endpoint management and authentication.

• Intrusion Prevention System (IPS): Articulate the advantages of strategic IPS placements to improve the Intrusion prevention automatically.

TASK6:

 Security Policies Enhancement: Elevate the existing security policy framework by incorporating comprehensive measures, including multifactor authentication, encryption protocols, incident response strategies, and regular security audits for the following topics:

• Access Control Policy:

• Password Management Policy:

• Data Classification and Handling Policy:

• Remote Access Policy:

• Network Security Policy:

• Bring Your Own Device (BYOD) Policy:

• Social Engineering and Phishing Awareness Policy:

• Physical Security Policy:

• Employee Training and Awareness Policy: