Stephen Appraku 1330108

8/8/2019 Stephen Appraku 1330108

http://slidepdf.com/reader/full/stephen-appraku-1330108 1/16



STEPHEN KOFI APPRAKUSTEPHEN KOFI APPRAKU

13301081330108

REGENT UNIVERSITY OF SCIENCEREGENT UNIVERSITY OF SCIENCE

AND TECHNOLOGYAND TECHNOLOGY

LEVEL 400LEVEL 400



ECOMMERCE SECURITYECOMMERCE SECURITY

ASSIGNMENTASSIGNMENT

Attached is a network setup of a bigcompany and because of how big thecompany is, the network has been divided

by four segments as follows :Dail up connection

Wiressless connection

Cable connection

VoIP connectionThe equipments used for the setup of thenetwork has been explained detailedbelow.



Cisco 10700 ROUTERCisco 10700 ROUTERCisco 10700 is a high-performance IP+Opticalaccess router and a principle building block innext-generation metro IP/Ethernet networks.The Cisco 10700 enables service providers tooffer innovative and differentiated IP services totheir customers at optical speeds. The Cisco

10700 allows service providers to offer IPservices closer to the user, enabling them tobetter control admission to network resources.reliable high-performance platform that notonly supports the full suite of IP routing

protocols such as IS-IS, OSPF and BGP, but alsoallows advanced IP features to be introducedefficiently, without compromising performance



ISA FirewallISA Firewall

y The first point of contact from the

internet router is ISA Firewall ,this

device is capable of performing IP

filtering in other to be able todischarge the majority of unwanted

in coming traffic. It also filters traffic

from Internet-facing systems to non-internet facing system.



Active IDSActive IDS

An active IDS will attempt to thwart

any kind of detected attacks without

user intervention



Internet DMZInternet DMZ

y A part of a network that is protected by a firewall,but may be accessed by external Internet clients. TheDMZ generally contains servers such as SMTPservers, remote access machines. or web servers.Client machines and internal servers that do notneed to be accessed by Internet clients are kept in amore protected segment of the network than theDMZ. Alternately, the internet DMZ can also used torefer to the media layer where route peering is doneamong multiple administrative regions with their own traffic policies.The systems in the Internet DMZhas not been configured with publicly routable IP

addresses. In other words IP masquerading has beenimplemented to prevent internal address from beingtranslated and revealed on the internet.



Web Proxy Web Proxy

y The main function of the web proxyis to focuses on World Wide Webtraffic. The web proxy is to also

serve as Web cache, provide ameans to deny access to URLsspecified in a blacklist, thus providingcontent filtering. This web proxy also

reformat web pages for a specificpurpose or audience, such as for cellphones and PDAs.



FTP Server FTP Server

The activities of the FTP server includes butnot limited to

Supports both implicit and explicit SSL

connection

Supports passive (PASV) mode dataconnections

Fully supports connections to and fromnetworks with NAT

Supports Windows NT authentication



Able to use a database as a source for user accounts

Able to set upload / download bandwidth limits

FXP - Allows data connections to go to different

IPs than that of the control connection

Configurable IP address and anti-hammer filters

Able to set upload / download ratios and quotas

View reports and statistics of all FTP activity



Email Proxy Server Email Proxy Server

y The function of the email proxy

server is to transport emails to and

from the email server located in the

internal network. This server alsoacts as the client access server for

Outlook Web Access (OWA) and

Remote Procedure calls (RPC) over https.



Network Network Intrusion DetectionIntrusion Detection

Systems (NIDS) and NIDSSystems (NIDS) and NIDSManagement DeviceManagement Device

y Network Intrusion Detection

System (NIDS) is also utilized to

monitor all the systems in the

Internet DMZs, whiles the NIDSManagement Device .



Wireless access point (WAP Wireless access point (WAP

y Wireless access point (WAP) is adevice that allows wirelesscommunication devices to connect

to a wireless network using Wi-Fi,Bluetooth or related standards. The WAP usually connects to a router ,and can relay data between the

wireless devices (such as computersor printers) and wired devices onthe network.



Modem ConnectionModem Connection

Concentrator Concentrator

The duties or functions of the Modem ConnectionConcentrator has been configured to perform the task listed below :

Ensure all system passwords are encrypted when storedon a device and the password meet the minimumrequirements

Ensure that generic logins are not used to authenticateto the devices administrative console

Ensure that all unused modem ports are disabled

Ensure that all users who are connecting to thenetwork through modem access are appropriately

authenticated before being granted accessEnsure appropriate filtering so that modem users canonly access systems they require .



Voice over IP GatewayVoice over IP Gateway

The Voice over IP Gateway has also beenconfigured to perform the below listed task :

The VoIP Gateway provides connection withthe telephone and fax machines through thetelephone networks, PBXs, and key systems.

VoIP gateways can end a call from thetelephone and can provide user admissioncontrol using IVR (Interactive Voice Response)system

help direct outbound calls to a specificdestination, or can end the call from another gateway and send the call to the PSTN(Localor long distance ).



NETWORK DIAGRAMNETWORK DIAGRAM

Stephen Appraku 1330108

Documents

Transcript of Stephen Appraku 1330108