Proposed design for a secured E-business company: Cybersecurity, Assignment, NUS, Singapore

Assignment:

Proposed design for a secured E-business company

Objective

To propose a comprehensive security solution for an E-business company, given the constraints and requirements.

Instructions

1. This is an individual assignment.
2. Go through the case study below. Study the company description, network
description and security requirements.
3. Propose a comprehensive security solution including but not limited to:

a. A new network design with proper network segmentation, including IP
address assignments, subnetting etc. If you are not familiar with IP
address assignments/ subnetting, you can just generalize them (example
subnets 1, 2, 3, etc).

b. Priority is to propose a security solution which includes security components e.g. firewall, Intrusion Detection/Prevention System (IDS/IPS)
but due consideration is given in your new design e.g. zoning, network segregation, etc where you may wish/need to propose additional routers/switches/servers. A new network diagram with the new components is inevitable.

c. Recommend a cost-effective solution, i.e. firewall and IDS/IPS and deploy
them in appropriate places. You need to provide the brand and model of
these devices, including any additional routers/switches/servers (if
required).

d. The total costs of the recommended solution should not exceed S$50,000.
You need to provide the cost breakdown of part (c). You need not provide costings such as consultancy fee, cabling costs, installation costs, maintenance, leased line subscription etc.

e. Justify your reasons for choice of design and devices. Attach the detail
specifications of the security components e.g. firewall and IDS/IPS as Appendix (a separate document).

f. For firewall, states briefly the filtering rules. Ensure appropriate zoning of
the subnets such as DMZ.

g. For IDS, states the type of IDS (network, host or both) and consideration
for placement of IDS sensors and management console.

h. Other security recommendations, e.g. security policy, best practices etc.

i. Reliability e.g. redundant appliance, high MTBF, etc can be proposed but
due consideration is given to the available budget left after proposing security solution. Disaster Recovery (DR) should not be part of this
proposal.

j. State any assumptions made for your proposal.

Scenario: A Small E-Business Company

Company Structure: The company is divided into Sales, Purchasing, Marketing, Accounts and Admin Departments.

Turnover Per Year: S$10 million

Company Description: 

A small company, which is holding key distributorships in several computer products, has decided that it could boost sales by accepting orders over the Internet. At the same �me, it is concerned about cybercrime and the possibility that private customers’ data might be stolen.

The company requested to create a design that allows it to sell products securely over the Internet while protec�ng vital customer data. The whole project will be carried out in two phases: Network Design Phase and Deployment Phase. You are tasked to look into the Network Design Phase. The current network diagram is as follows:

Network Description

• The workstations and servers are the primary resources that must be protected. Currently, only corporate antivirus programs reside on all systems.
• The company has an internal web server, which hosts its current web site and an internal email server.
• The company stores vital customer information, including credit card data, in the Order Server and stores confidential products and sales information in Database Server.
• As all the above mentioned servers are locally deployed at the On-Premise of the company, cloud security solution should not be a consideration.
•  The external connection to Internet is provided by Singtel fibre broadband at
  1Gbps unlimited usage. The router provides Network Address Translation (NAT) services to the internal network.

Security Description

• The primary resource that must be protected is customer data, which is housed in the Order Server, but the design must provide reasonable protection for the other servers and workstations on the network.
•  It is important that the site be available to customers at all times, but a highly redundant design has been rejected as deemed too expensive.
• The company is specifically concerned with attack from determined outsiders which includes competitors.
•  The company wants to maintain control of all equipment and reject the idea of outsourcing the management of its network or systems.