Question

Overview: Now that you’re super knowledgeable about security, let's put your newfound know-how to the test. You may find yourself in a tech role someday, where you need to design and influence a culture of security within an organization. This project is your opportunity to practice these important skillsets.

Assignment: In this project, you’ll create a security infrastructure design document for a fictional organization. The security services and tools you describe in the document must be able to meet the needs of the organization. Your work will be evaluated according to how well you met the organization’s requirements.

About the organization: This fictional organization has a small, but growing, employee base, with 50 employees in one small office. The company is an online retailer of the world's finest artisanal, hand-crafted widgets. They've hired you on as a security consultant to help bring their operations into better shape.

Organization requirements: As the security consultant, the company needs you to add security measures to the following systems:

• An external website permitting users to browse and purchase widgets
• An internal intranet website for employees to use
• Secure remote access for engineering employees
• Reasonable, basic firewall rules
• Wireless coverage in the office
• Reasonably secure configurations for laptops

Since this is a retail company that will be handling customer payment data, the organization would like to be extra cautious about privacy. They don't want customer information falling into the hands of an attacker due to malware infections or lost devices.

Engineers will require access to internal websites, along with remote, command line access to their workstations.

What you'll do: You’ll create a security infrastructure design document for a fictional organization. Your plan needs to meet the organization's requirements and the following elements should be incorporated into your plan:

• Authentication system
• External website security
• Internal website security
• Remote access solution
• Firewall and basic rules recommendations
• Wireless security
• VLAN configuration recommendations
• Laptop security configuration
• Application policy recommendations
• Security and privacy policy recommendations
• Intrusion detection or prevention for systems containing customer data

Answer 1

ANSWER :--------

This document explains how the applicable and non-functional requirements are recorded in the Requirements Document and the first operational design targeted at users according to the design specifications.

And also, it defines the design objectives according to the requirements, by providing a include overview of the system design, and describes the structure of the data connect with the system, as well as the human machine conditions in terms performance.

High-level system design is also divided into low-level detailed data.and also data can be retrival and integrated thorough the Hardware,software.

Security Infrastructure design Document

The Security Infrastructure Document Manual helps to document and trace the information required to properly define the structure and structure of the system in order to provide guidance on the development of an IT security environment to be established.

1. A general view of the structure

Overview

Client needs IT infrastructure to perform their business functions including e-commerce applications and internal VPN access to their customers and key employees in the security and privacy of customer and client information

Guess / Obstacles / Dangers

Guessing

It is estimated that staff increases by 5% annually thus reflect the use of network bandwidth and the increase in devices connected to the business network infrastructure.

Obstacles

The following are some of the key issues with regard to infrastructure security:

· Authentication system

· External website security

· Internal website security

· Remote access solution

· Firewall recommendations and basic rules

· Wireless security

· VLAN configuration recommendations

Laptop configuration

· Application policy recommendations

· Safety and privacy policy recommendations

Prohibition or ban detection of systems containing customer data

Accidents

Since the infrastructure is intended to facilitate e-commerce-related transactions that may involve third-party authorization and financial-related issues, a strict security approach needs to be enforced to ensure that there are no such customer-related issues as they could affect the organizations reputation.

In addition, there should be a backup system to take backup of data from time to time to deal with any unwanted situations such as system failure, intruders, etc.

Alignment with Federal Enterprise Architecture

The proposed expertise is closely aligned with Enterprise Enterprise integration, All applicable protocols, and the hardware interface used are integrated with industry standards as defined to ensure network compliance and security in line with CMS Enterprise Architecture (EA)

2. Design considerations

Objectives:

The following are the desired outcomes of the proposed security infrastructure to be used in the organization:

· An external website that allows users to browse and purchase widgets securely.

Internal intranet website similar to that of a VPN to be used by employees

Remote access for engineering personnel

· Reasonable, basic firewall rules

· Wireless distribution in the office

· Sensible safe configuration of laptops

· Privacy of user data

Building Strategies:

For external websites to perform customer purchases:

In order to provide secure e-commerce transactions, the following key ones include security policies:

· Protect confidential information

Ensuring that unauthorized persons or programs do not have access to user information;

· Ensuring that the information obtained is accurate;

Making data accessible and usable;

· Login transaction for additional monitoring and support function

· Verifying the authenticity of the person making the transaction.

3. By intranet website accessed by employees:

As the information is only available to employees of the company it should only be available at the company's access level which makes it confidential to other information stored on the infrastructure Therefore, the following consider this case:

· Ensuring that access is within their intranet using the firewall method

Specify how to ensure website access by staff

Manage tasks and user management on a website by a manager

· Protection of remote access for engineers

We can make secure implementation of remote control objectives according to the following security measures:

Device type: What device types require remote access?

Role: What remote access should that role be given to a used device?

Location. Is it access from a public place, another company location, internal wireless, etc.

Process and data: What processes and data are available for the first three accessibility features?

Authentication: How does the need for robust authentication increase based on the device used, where it is used, and what access is allowed?

· Basic firewall rules to apply:

Auto-block - to block all incoming and outgoing communications

Enable specific traffic - only allow specified IP addresses

Allow internal intranet users only

· . Office cord installation

It can be provided with an 802.11 WLAN adapter with a PSK configuration (pre-shared key) or limited access to WIFI company login by employees

Security considerations: Password protection and meter protection

· V-LAN configuration:

VLAN network segregation creates security environments that create flexible and robust control of what the remote user can access. security areas that separate incoming traffic and internal resources. Using powerful VLAN assignments and access control lists, we can control user access depending on the circumstances

· Laptop Security Configuration:

One of the most vulnerable parts of the infrastructure is laptop computers. These devices may be responsible for delivering viruses or malware or causing the organization to lose sensitive data. This can be tested using techniques such as:

Encryption discs on laptops

Verifying Antimalware / Antivirus is up to date at regular intervals

· White list of devices in the network

Launch a product such as System Configuration Manager, LANDesk, Altiris, or another application management platform

· App policy recommendations

Incorporate secure coding principles into all components of infrastructure software.

Perform automated app security checks as part of the general app testing process.

Development and testing sites should rearrange all sensitive data or use the identified data.

Compliance with standard data policies and agreements

· Security and privacy policy recommendations

Describe How an organization collects and uses personal information -------

Cookie Policy - Cookies used to store user preferences or shopping cart contents. Clearly describe your cookie habit.

·How the Organization Will Share Customer Information --------

Customers need to know that their data will only be used to complete transactions and that other uses of that data (including selling or distributing it) require their consent.

·Contact details -----

Make it easy for your customers to contact you or lodge a complaint.

Show Privacy Policy Make sure new customers or users have easy access to your goal with power

Publish Email Exit Policies -----

Include opt-out options in your email marketing

Get a sign of approval -----

Third party certification for your online privacy and security policy can increase your credibility, And security reliability

Prohibition detection or blocking systems containing customer data

As the demand for E-Commerce grows on the Internet, so will the growing power of E-Commerce sites. Implementing E-Commerce environment security measures is not an easy task. It should take into account the various threats and instability that can cause attacks. This can only be found in an engineering entry and retrieval test to find out by signature or by mistake. This can be achieved through a third-party IDS system that is readily available in the market

Summary

Therefore, we can conclude that the organization's security infrastructure report has been reviewed and made recommendations as required in the proposed area as described

4. Valuable assets are protected:

Customer details, Company-related information

Key threats to protect yourself:

Website Login, Data Loss

Important security functions:

Customer purchases of antiques, payment transactions, activity data

Related level of basic safety standards:

This is an important exercise for the whole organization as part of the risk reduction process. For this project, the standard is as follows:

Integrity: high

Secret: high

Unrepentance: N / A

Availability: moderate

Audit: moderate