Secure Network Design For Law Firm: Lincoln Partners, Esq. - Essay.

Company:  Law Firm: Lincoln Partners, Esq.

A law firm has hired you as a Network Security Consultant to help its operations by providing a secure network to support its growth.  The Law firm currently has offices in Philadelphia, Cherry Hill, Wilmington, Harrisburg and Princeton.  Its corporate office out of Philadelphia will provide all of its IT support.

Philadelphia Office is the main corporate office and consists of the following groups

Legal Group

Partners:  There are 3 Attorneys that are the principals of the firm.

Associates:  There are 10 Associates, attorneys, who work for the firm but do not share in the company profits, and therefore are not partners.

Security Issues:  What concerns the partners at this firm

• Associates and paralegals taking clients / stealing business
• Not having the ability to monitor business in remote locations
• Reduce Costs in IT by consolidating
• Privacy for their clients information

Task 1: Design a Secure Network using either Visio, Paint, Word, etc showing the All locations.

Task 2: Design and provide the IP Scheme for the network

Task 3: Establish a VPN between the All offices and allow the ability to work from home.

Task 4: Allow all employees the ability to access servers at the other locations

Task 5: Show and/or document all necessary security controls and its configuration.  

Task 6: Update the firewalls to ensure security policy is enforced

Task 7: Show the DMZ on the diagram and placement of servers and Eliminate Outsourcing

Additionally, a new database (DB) system has been implemented in the Philadelphia office that is accessible by all locations.  The DB holds client data that is confidential and needs to be properly protected.  The DB system also tracks attorney hours and allows the attorneys to charge the right customers.  Many attorneys have been issued laptops and now have the ability to VPN from home.

Task 1: Secure Network Design

The report is prepared for  a Law Firm which have its offices in different geographical locations. The main aim of the report is to develop a network solution for the organization that can help in secure communication between the main office and the branches. For the development of the secure network solution a secure network design is created and provided for demonstration of the connection and the hardware device needed for the development of the network. An IP scheme is created for dividing the network into smaller subnet and increase the efficiency of the network by reducing the network traffic. A research is don eon the different VPN service for its application in the network and enabling secure transmission of data between the sites. The security controls and configuration that are needed for the development of the network are identified and documented in the report.

Major Network: 172.16.8.0/22

Available IP addresses in major network: 1022

Number of IP addresses needed: 72

Available IP addresses in allocated subnets: 118

About 13% of available major network address space is used

About 61% of subnetted network address space is used

For the establishment of the network connection between the remote branches VPN connection should be used. There are different VPN topology options available and it is selected depending on the number of sites that are needed to be covered with the VPN connection. Depending on the framework of the organization the VPN Hub and spoke technology is selected that helps the remote router to communicate with the central router. For the transmission of the data separated secured tunnels are used that extends between the spoke and the hub. Here the branch offices and the employees remotely accessing the network of the Law firm are termed as spoke and they are connected with the main office using site to site VPN connection. The topology works well for moderate transmission of data between the different sites and have limitation that if there is too much traffic it can cause bottleneck situation. But since the organization does not have requirement of sending too much of data between the remote sites this situation can become a cost effective solution for the organization.

For allowing the employees working in the organization access all the servers installed in different location the VPN network should be configured. The development of the VPN network helps in establishment of a secured link between the employees and server accessed via the internet. The data is encrypted and transferred such that it cannot be intercepted by any third party user for compromising the security of the network. For setting the VPN network extra hardware and software are needed to be purchased and adequate security precautions should be taken for the identification of the potential threats and keep the data safe. The network access control should be implemented for the management of the identity of the user accessing the servers. Authorization, authentication and accounting of the network connection is important and role based access should be used for providing corresponding permission to the different files and service stored in the servers. Access policy should be configured such that the user should be tracked based on the device used for accessing the resources and the location of access.

Task 2: IP Scheme for the Network

For increasing the security of the network security controls and its configuration should be prepared that would help to secure the organizational assets from external agents. The security control and configuration is created by listing the network hardware and resource that are needed to be secured from external agents. The enforcement of the security controls helps in reducing the risks and protecting the network resources from external agents. A risk assessment should be performed and a risk response plan should be prepared for the elimination of the risk. The security controls should be understand and roles and responsibility should be assigned for management of the different security activities and identification of potential vulnerabilities for characterizing the different types of attacks.

There are many security control mechanism that can be used for creating a defence against the security vulnerability and procuring the hardware and software. There are different sources of security control that can be used as a guide for responding against the different security risk associated with transfer of information. There are different potential security issues that are needed to be mitigated with the enforcement of the security controls and maintain adequate level of security for the information management. Security control checklist should be used such that a guidance on the different types of risk based security controls should be implemented. Monitoring and assessing the effectiveness of the controls should be analysed for effective testing and ongoing evaluation and monitoring of the security controls and mitigate the risks. The internal and the external sources of information should be established for monitoring the vulnerability and taking appropriate action for the items with higher priority.

The routers installed in the network is used for sending and receiving data traffic from different sources in the network. The access control can be used for blocking specific Ip address for access the internal network or reach the server. Thus the firewalls are used for the management of the service and secure the network by blacklisting the malicious user from sending and receiving data packets using the network. The firewalls also have the ability for tracking the data packets and identification of the session or state of the packet. For the analysis of the data packet the firewall is needed to be configured with the stateful inspection. The configuration of the firewall with stateful inspection helps in mitigation of the risk of sophisticated attacks. In this type of attacks the attacker sends request to the servers from outside the network and does not reply to the response of the server and thus there is a possibility that the server can run out of buffer by waiting for the response of the attacker and the implementation of the firewall can terminate the request and stop the attack from being placed.

For the configuration of the firewalls following the security enforcement policy the a security review must be performed and it help in generating the security objectives that should be followed for the development of the network. The trade-off that can be accepted for considering the security and performance for management of the security of the network is needed to be decided. For the inspection of the network traffic CPU, memory is consumed and thus the configuration of the firewall can reduce the performance of the network. Log events should be managed and compliance check for the rules should be performed for inserting the missing rules and ensure that the aces control is properly configured for management of the intercommunication between the gateways.  

The DMZ zone is created with the application of static routing, IP forwarding and development of the network security groups. For development of the DMZ zone the virtualization should be applied and a different subnet should be created. The ports used for communication should be defined and the ports should be allocated to the members for setting it as the DMZ port. The subnet IP address and the address mask should also be inputted for the creation of the demilitarized zone and the switch must be configured with spanning tree suc that there are no loops remained in the developed network. The following diagram is created for the demonstration of the DMZ zone.

Conclusion

From the above report it can be concluded that the development of the secure network solution for the Law Firm would help the organization to gain competitive advantage and support the growth of the organization. The network is developed by identification of the number of branches and the departments of the organization. For the development of the secure network solution a research is done on the different security techniques and equipment’s that can be used for the development of the secure network. The server is installed in demilitarized zone for preventing direct access of the server and a layer of protection for the core resources of the network. The different security combination that can be applied in the network for the prevention of the intruders to access the network are identified and a secure organization policy is developed by defining the rules and regulation for using the network and improve the web and data security of the organization.

Boopathy, D., & Sundaresan, M. (2014). Securing Public Data Storage in Cloud Environment. In ICT and Critical Infrastructure: Proceedings of the 48th Annual Convention of Computer Society of India-Vol I (pp. 555-562). Springer, Cham.

Kurnianto, A., Isnanto, R., & Widodo, A. P. (2018). Assessment of Information Security Management System based on ISO/IEC 27001: 2013 On Subdirectorate of Data Center and Data Recovery Center in Ministry of Internal Affairs. In E3S Web of Conferences (Vol. 31, p. 11013). EDP Sciences.