Scenario

You are the system/network/security administrator for a small software company. The company is young and you were brought on after the developers had managed what little infrastructure they had on their own. The company has a Web server, an Exchange server and an application server that is used as an application outsourcing model for one of the products the company develops. Small customers can use this server to host their data rather than deploying their own server. The company has 8 development staffers across two separate locations as well as a six-person sales force and a few ancillary people for management, strategy, administration, marketing, etc. In total, the company has less than 25 people between both locations.

The Exchange server provides remote calendaring and e-mail as well as rudimentary contact management for the sales people who are primarily on the road. Others, of course, use the functionality, but it was mostly stood up as a way for the sales force to be able to keep up while they were on the road.

The network that is in place has evolved from the scattered hubs/switches that were used initially when the company started, but it is still very flat with very little segmentation. There is a small Linux system that is used as a firewall using IP tables. Since its a small company, costs have always been a factor when making any infrastructure decision as well as staffing.

Use the scenario provided for this question:

Step 1) The firewall in question has two legs on it. One goes to the desktop network. The other leg goes to a small network with the Internet facing servers. Diagram the network as it stands today, explaining all the components and the security function they play if any.

This is your baseline.

Step 2) Now, make recommendations for how you might improve the security with a layered approach to the network. Dont introduce any detection capabilities at this point - just routers, switches and firewalls. Describe the diagram, including the rationale for any changes and costs associated with any new hardware you are recommending. Explain all the components and the security function they play if any.