This project provides you an opportunity to solve a comprehensive problem in firewall and virtual private network (VPN) implementation at various levels. You will play the role of an employee participating in network design and planning of a specific business situation.
Required Source Information and Tools
Web References: Links to web references in this Instructor Guide and related materials are subject to change without prior notice. These links were last verified on September 18, 2020.
The following tools and resources are needed to complete this project:
A web browser and access to the Internet to perform research for the project
(Optional) A tool for creating basic network diagrams, such as draw.io or Microsoft PowerPoint
Learning Objectives and Outcomes
Apply core competencies learned throughout the course to a single project.
Analyze and apply knowledge of firewalls, VPNs, and other network defense measures.
Demonstrate logical reasoning and decision-making skills.
Overall Project Scenario
Corporation Techs provides remote and on-site support to small and mid-size businesses. Clients use Corporation Techs’ services to solve problems involving malware removal, to manage data recovery and network issues, and to install hardware and software.
Due to recent developments, most technical representatives will begin working from home within the next six months. Because Corporation Techs provides 24/7 support, its systems and communications pathways must be fully operational at all times. In addition, the company has been experiencing unprecedented growth and is preparing to double its client-facing staff.
You are a junior network architect who is responsible for helping to plan and design network enhancements to create a more secure internal network, and to ensure secure remote access.
The project is divided into several parts. Details for each deliverable can be found in this document. Refer to the course Syllabus for submission dates.
Project Part 1: Network Design
Project Part 2: Firewall Selection and Placement
Project Part 3: Remote Access and VPNs
Project Part 4: Final Network Design Report
Project Part 1: Network Design
The Corporation Techs’ current network consists of 1 web server (accessible by the public), 2 application servers, 2 database servers, 2 file and print servers, and 50 workstations. The web server runs Linux/Apache, the other servers run Microsoft Windows Server, and the workstations run Microsoft Windows. The network is connected through a series of switches, is not physically connected to other networks, and runs Internet Protocol version 4 (IPv4). The network is protected by a single border firewall. The senior network architect, whom you work for directly, has verified the company’s business goals and has determined the features and functions required to meet those goals.
The senior network architect has asked you to create a network design that includes the following components:
Current infrastructure elements
A logical topology that separates the Accounting and Sales departments
Justification for continuing with IPv4 or upgrading to IPv6
For this part of the project, perform the following tasks:
1. Conduct research to determine the best network design to ensure security of internal access while retaining public website availability.
2. Design a network configuration with physical and logical topologies. Identify major network elements (e.g., servers, switches, gateways) and their locations within the private and protected network segments.
3. Include a high-level plan that ensures communications are available 24/7.
4. Recommend whether to continue using IPv4 or upgrade to IPv6, and explain why.
5. Create a basic network diagram that illustrates the current network and enhancements. Include a few workstations to represent all workstations on the internal network. The diagram will be very high level at this stage and include only necessary details. You may use a software tool or simply pencil and paper. You will update this design later in the project.
6. Create a draft report detailing all information as supportive documentation.