Project Deliverable 4: Infrastructure and Security

Project Deliverable 4: Infrastructure and Security

Infrastructure and Security

Information and Communication Technology (ICT) continues to play a vital role in the competitiveness and success of organizations. Almost all organizational departments are driven by ICT and it would be difficult to imagine any organization that does not use IT in the current business ecosystem that is characterized by increased innovation. Despite the fact that several communication technologies and tools are used by several organizations, they are largely isolated. Moreover, many departments within the organization are still unable to collaborate effectively with one another. Implementation of robust computer networks will help address these challenges. Networks will enable the organization to create borderless communication and an ecosystem that facilitates collaboration from team members located in different parts of the world. Itech customers and employees will have seamless access to huge volumes of data from any part of the world. Notwithstanding the benefits associated with information and communication technologies, organizations are also exposed to myriad security risks as a result of the ubiquity of computer networks. This calls for the need to implement appropriate security mechanisms and policies to protect the organization’s data.

Physical Network Design and Rationale

Figure 1: Physical Network Design

Figure 1 above depicts the physical networks design for the proposed network. It shows the physical devices that make up the network and the way they are connected within the network (Partsenidis, 2003). The physical design shows the interconnection between the various network devices such as hubs, routers, cables, workstations, gateways, etc. There is a variation in the physical network design with regards to the hardware type used and size. Nonetheless, Local Area Network (LAN) and Wide Area Network (WAN) are the two models of physical network design commonly used across many organizations.  In the LAN model, communication takes place within a smaller geographical area, such a building. In a Wide Area Network, on the contrary, communication takes place within a broad geographical region, such as a country or several continents. For Itech, WAN was implemented to enable customers and employees in different geographical locations to share information and collaborate. Since it is an e-commerce business, customers are expected to make purchases from different locations and their items delivered to them.

Logical Network Design

Figure 2: Logical Network Design

The logical network design for the proposed network is depicted in figure 2 above. It is a depiction of the manner in which network devices communicate with one another across the physical ecosystem. Logical network design is related to protocols and outlines the transfer of data from one location to the next. It also shows the various IPs that are network devices such as routers, workstations, servers, hubs, etc have been assigned.

The two network diagrams shown in the above section also helps the network administrators to identify the security problems. If a malicious user attempt to gain access to sensitive data, they will need to recreate a map of the organization’s network so as to have a view of the security checkpoints and the access types that may be obtained. This process is tasking a lot for many individuals and will prevent them from trying to gain unauthorized access on the network.

Factors to take into Consideration in the Design of Physical and Logical Networks

The anticipated network growth and expansion is one of the factors that was considered in designing the physical and logical network topologies shown above. If this is not considered, issues may be faced later when the organization is growing. Best practice requires that allowance should be left for up to half the growth of the network when it is being designed. Nonetheless, it is also important to reserve IP addresses for critical network devices including gateways, switches, printers, and servers.

The second factor that was considered in the above network designs is policies. They define the rules and procedures that the users of the network resources must adhere to when using the platform to accomplish their tasks. For example, users will be issued with access credentials which must be authenticated every time they try to access a network device. Incorrect username and password combinations will be prevented from accessing the network. Users should also ensure the safety of their access credentials since they may be misused by attackers if they happen to know them.

Security Policy

The purpose of the policy is to outline the expected behavior of users of the Itech’s information technology infrastructure. The policies are designed to protect the network from attacks as well as to safeguard the privacy of the customers and employees. Wrong use of the organization’s network infrastructure by the customers, employees, and other stakeholders increases the susceptibility of the organization to risks such as virus attack, hacking, phishing, etc.  Another purpose of the proposed security policy is to establish a culture off trust, openness, and integrity to highlight the customers’ and employees’ expectations with regards to fair business practices. The proposed security policy will act as a behavior guideline within the organization to ensure that users are ethical in their use of the IT and networking infrastructures. Effective implementation of these policies is a team effort that calls for the support and participation of all Itech employees. Due to this, it is imperative for the organization to sensitize employees on the rules that are applicable to them.

Privacy Policy

Itech’s network and information technology resources are provided for the main purpose of accomplishing the official company business (SANS Institute, 2014). Individual use of these systems may be permitted to a certain degree. However, the files processed by, stored, and transmitted over the organization’s network must adhere to the same statutes as business communications. The company is dedicated to ensuring the privacy expectations of the customers, employees, contractors, and other stakeholders that come into contact with the systems. Due to this, digital information that is transmitted over the corporate network must be audited, inspected, and disclosed to adhere to the administrative and legal obligations.

Password Policy

All employees will be provided with a username and password combination which they will use to access the organization’s network and files. Password policy prohibits employees from disclosing their passwords to anybody, including the coworkers, managers, and supervisors. Access credentials are confidential and sensitive information and must thus be handled with the level of care that is desired. In case a user is suspecting that their password has been compromised, they must report such breaches immediately to the system administrator and ensure that they are changed immediately. The organization will set a complexity level for passwords which must be satisfied by all the created passwords. The network administrator will set the password expiry quarterly and all users will be required to change their passwords often to guarantee their safety.

Antivirus Policy

Viruses and other harmful codes pose a great threat to the organization’s network. The antivirus policy is aimed at protecting the organization’s network from the threat of worms and viruses. All employees, contractors, and other stakeholders must ensure that they have an up-to-date antivirus program installed in their workstations. All devices joining the network must be scanned using the antivirus software and threats consequently neutralized before they can be allowed full access to the network.

Organizational employees will be liable for any breaches on the network resulting from their negligence. If a virus is detected, the network administrator must be swiftly informed to take immediate actions before the virus spreads to other parts of the network.

General Use Policy

The information assets stored in Itech’s network remains the organization’s property. Due to this, it is imperative for employees to ensure that the particular information is protected according to the data protection standards. Workers are obligated to immediately report any theft, loss, or unauthorized access to the company’s copyrighted information.  Accessing, using, or sharing the protected organizational information is only permitted to the level authorized and needed to accomplish an individual’s duties. Suitable judgment must be exercised with regards to the reasonableness of personal use. The various departments play a crucial role in creating guidelines regarding the private use of network resources. Without these policies, then users should follow the autonomous departmental policies with regards to personal use. Employees are also required to get guidance from their supervisors and managers if they are not sure.

Portable Devices Policy

Apart from the workstations, the organization’s employees will also access the network using assorted portable devices such as notebooks, laptops, smartphones, tablets, and several others. These devices must be physically protected from unauthorized access and the information stored in them must be encrypted using advanced encryption technologies. In case they are stolen, the attackers will not be able to access the information stored in them.

Mail Policy

Itech will use email as the main mode of communication between the employees as well as between the organization and its customers. The use of the company’s email must adhere to the procedures and policies of ethical conduct, safety, and compliance with the organizational rules. The company’s email resources should be used for official duty only and not to conduct any private businesses (Workable, 2019). Private use of the organization’s email is permitted on a limited basis, which is subject to authorization. The emails received from customers and other stakeholders should be protected and must not be shared with any third party users.

System Privileges

Users will be accorded access to the system based on their role within the organization. Access privileges will only be granted to the extent that allows a user to accomplish his assigned duties. Moreover, the extension of the privileges will not occur automatically unless there is adequate proof that these privileges are still required. Users who require additional privileges must put forward the request in writing and the same must be subsequently approved by the respective managers before the system administrator implements the request.

Policy Enforcement

Several strategies will be used to ascertain compliance with the stated policies.  Some of the methods that will be used include periodic inspections, video monitoring, business tool reports, and audits. Users who violate the provisions of the policies will be subjected to disciplinary measures which may include prosecution or termination of employment.

References

Partsenidis , C. (2003).What is the difference between physical design and logical design of a network? Tech Target. Retrieved from https://searchnetworking.techtarget.com/answer/What-is-the-difference-between-physical-design-and-logical-design-of-a-network

SANS Institute. (2014). Acceptable Use Policy. Retrieved from https://www.sans.org/security-resources/policies/general/pdf/acceptable-use-policy

Workable. (2019). Corporate email usage policy template. Retrieved from https://resources.workable.com/email-usage-policy-template