No More Worries!

Our orders are delivered strictly on time without delay

Paper Formatting

Double or single-spaced
1-inch margin
12 Font Arial or Times New Roman
300 words per page

No Lateness!

Our orders are delivered strictly on time without delay

Our Guarantees

Free Unlimited revisions
Guaranteed Privacy
Money Return guarantee
Plagiarism Free Writing

Defense in Depth

The process of implementing security frequently opens one's eyes to other forms of security not previously considered. In this two-part assignment, you should experience just that. This assignment focuses on a model of implementing security in layers, which, in many cases, requires a network that is designed accordingly.

The specific course learning outcome associated with this assignment is:

Recommend best security practices to achieve business objectives based on risk assumptions.
Instructions
Design a network that incorporates the following:

One corporate site (Chicago).
All servers exist here (web server, file server, print server, mail server, FTP server).
Connection to the Internet (50 MBps).
300 employees who only need access to local corporate resources and the Internet.
One remote site (8 miles away).
20 employees who need access to all resources at corporate, plus the Internet.
Connection to the Internet (3 MBps).
Part 1
Use Microsoft Visio or an open-source alternative, such as Dia Diagram Editor, to:

Create a network diagram with defense in depth in mind, citing specific, credible sources that support the design and depicting at least four-fifths of the following:
All necessary network devices (routers, switches and/or hubs, firewalls, VPNs, proxies, and others).
The interconnections between network devices.
Connections to end-user (client) devices (desktops, laptops).
Connections from the Internet cloud to the network input.
Part 2
Write a 6-10 page paper in which you:

Describe the flow of data through the network, citing specific, credible sources.
Assume data begins at the remote site.
Data flow may be monitored by an IDS.
Explain all three elements of the CIA triad and how isolating by network functions helps deliver a layered approach, citing specific, credible sources that support your assertions and conclusions.
Support your main points, assertions, arguments, or conclusions with at least four specific and credible academic sources synthesized into a coherent analysis of the evidence.

Sample Answer

Network Security, Data Flow, and the CIA Triad: A Defense in Depth Analysis

Abstract

This paper analyzes a two-site corporate network design using the Defense in Depth (DiD) security model. It details the journey and monitoring of sensitive data flowing from a remote branch to the central corporate site, highlighting the layered controls at each stage. Furthermore, it dissects the CIA Triad (Confidentiality, Integrity, and Availability), demonstrating how network segmentation by function (VLANs, DMZ) and the strategic placement of security controls are essential to achieving a layered security posture and mitigating risk assumptions in modern business operations.

Introduction: The Imperative of Layered Security

Business objectives, such as operational continuity and data protection, hinge on robust cybersecurity practices. The Defense in Depth (DiD) model, borrowed from military strategy, asserts that security should not rely on a single, strong barrier (like a perimeter firewall) but on multiple, overlapping controls that slow down or stop an attacker (National Institute of Standards and Technology [NIST], 2020). This paper examines a two-site network—a corporate hub in Chicago and a remote office—designed specifically to integrate DiD. We will first trace the flow of data across this segmented architecture before analyzing how this design specifically addresses the foundational principles of the CIA Triad.

II. Network Architecture Summary

The network consists of a central corporate site in Chicago, housing all organizational servers (Web, File, Print, Mail, FTP) and 300 employees, and a remote site 8 miles away with 20 employees. The core principle of the design is isolation by function, achieved through VLANs and multiple firewalls, creating distinct security zones:

External Zone: Internet and WAN connectivity.

DMZ (VLAN 30): Public-facing servers (Web, FTP).

Server Zone (VLAN 10): Critical internal resources (File, Mail, Print).

User Zone (VLAN 20): Internal corporate clients.

Remote Zone: Users accessing resources via an encrypted tunnel.

III. Data Flow Analysis: From Remote Site to Corporate Resource

The data flow begins at the remote site and is initiated by a user requiring access to a corporate resource, such as the File Server, which resides in the Chicago Server Zone (VLAN 10). This multi-stage process demonstrates the application of DiD at the transport and network layers.