COM7006: Network Design: Swindon College staff and students warned over cyber-attack: IT Security Management Report, MU, Singapore

Part 2 – Network Design

Swindon College staff and students warned over cyber-attack. A college has advised students and staff to check their financial data after falling victim to a cyber-attack. You are member of Information Commissioner’s Office and National Crime Agency team and they have consulted you to design their network.

As their data is sensitive, the college is particularly interested in cutting-edge security solutions. The budget, however, needs to be justified. Thus, you will need to design the layout of users (including those anonymous), domains (including those trusted), etc. You need to consider the following requirements

• The college should have an internal Concurrent Versions System (CVS) server. Only internal access can be granted to it.
• The college also has an anonymous CVS server for remote teams to work on source code.
• The college has two web servers. One is for internal users and the other one for external users.
• The college also has an internal email server.

To complete this task, you need to:

1) Propose a network topology for various servers and the assumed location for trusted domains such as the location of your firewalls and Intrusion Detection System (IDS).

2) List down all Security related assumptions about approaches to the design and the trust.

3) Discuss the proposed authentication and authorisation mechanisms to be used. You need to justify your design choices.

4) Propose a mechanism to exchange secure email between users. This needs to consider the key management issue as well.

5) Discuss the inclusion of an IDS and where to place it.

6) Investigate the potential security issues in your own design. In other words, criticise your own design listing down the possible vulnerabilities it may have.

7) Consider a security breach on your internal email server. How would you deal with this? How would you respond to the breach?

8) Explain how you would measure the Return on Investment (ROI) on security for your system. You should give examples for both tangible and intangible assets.

This report must be underpinned by references to academic literature. You need to have at least 10 academic references in your bibliography.

Learning Outcomes:

After completing the module, you should be able to:

1) Evaluate the fundamentals theories, models, and ethical practices of security management in an enterprise.

2) Critically understand the fundamentals of the security risk management process.

3) Analysing existing theories and methodologies in the field of IT Security Management.

4) Critically investigate an organization’s IT Security Management policy.

5) Proposing countermeasures for security attacks.

6) Critically apply security detection techniques, auditing, testing, incident management, and recovery plan.

7) Effective Communication: Communicate effectively both, verbally and in writing, using a range of media widely used in relevant professional context. Be IT, digitally and information literate.