Network Security Module Assignment

Overview

This repository contains the deliverables for the Network Security Module Assignment. The project involves designing, configuring, and securing network infrastructures for various scenarios, focusing on performance, scalability, and robust security practices. The assignment demonstrates a comprehensive understanding of network topology design, dynamic routing protocols, incident response planning, subnetting, firewall configuration, and VPN setup.

Objectives

The main objectives of this assignment are:

Network Design: Redesign and optimize the internal network topology for scalability and fault tolerance.

Routing Efficiency: Implement and evaluate dynamic routing protocols to manage traffic effectively.

Incident Response: Develop a structured process to handle security breaches.

Subnetting: Design subnets to efficiently allocate IP addresses within a given range.

Firewall Configuration: Configure Cisco ASA Firewall to enforce access policies and protect network segments.

VPN Implementation: Establish a secure site-to-site IPsec VPN for encrypted communication between remote offices.

Assignment Breakdown

Question 1: Network Design and Security

Recommended and justified a star topology for enhanced performance, scalability, and fault tolerance.

Compared dynamic routing protocols (OSPF and EIGRP) and recommended OSPF for its scalability and open standard compatibility.

Outlined a structured incident response process to address future security breaches.

Question 2: Network Security Best Practices

Recommended practices for firewall policies, VPN security, network segmentation, and access control.

Configured firewalls and VPNs to balance security with network performance.

Highlighted the importance of monitoring and logging traffic and implementing IDS/IPS for proactive threat detection.

Question 3: Subnetting and Firewall Configuration

Subnetted the 192.168.10.0/24 range into four subnets, ensuring each supports at least 30 devices.

Configured the Cisco ASA Firewall to:

Allow HTTP traffic to the DMZ web server from external clients while blocking other inbound traffic.

Enable internal network users to access the internet.

Block traffic from the DMZ to the internal network.

Question 4: VPN Configuration

Established a secure site-to-site IPsec VPN between two offices.

Configured IKE Phase 1 and IPsec Phase 2 settings on Cisco routers.

Verified VPN functionality with secure communication between specified networks.

Tools & Technologies

Cisco Packet Tracer: Used for designing, simulating, and testing network configurations.

Cisco ASA Firewall: Configured to implement access policies, segment network traffic, and enhance network security.

Learning Outcomes

Through this assignment, the following skills were demonstrated and reinforced:

Network Design: Crafting scalable and fault-tolerant network topologies.

Dynamic Routing Protocols: Implementing and evaluating OSPF and EIGRP.

Incident Response: Developing structured security processes.

Subnetting: Efficient allocation of IP addresses.

Firewall Configuration: Establishing access policies and securing network traffic.

VPN Implementation: Creating secure site-to-site connections using IPsec.

Usage This repository contains:

Detailed documentation of each task.

Packet Tracer files illustrating the network configurations.

Screenshots verifying configurations and functionality.

Feel free to explore the repository and reach out with any questions or feedback.