Case study golden bank | Computer Science homework help

 

 

 

 

 

 

Table of Contents

Topics                                                                                                                                 Page No.

1. Executive Summary                                                `                                                           3

2. Scope                                                                                                                                  3

3. Assumption                                                                                                                         3

4. Network Design                                                                                                                  4

    4.1 Overview                                                                                                                      4

    4.2 LAN, WAN and Frame Relay Suitability and Appropriateness                                  5

    4.3 Network Design Consideration                                                                                                5

          4.3.1 Configuration of LAN and WAN                                                                       5

          4.3.2 Hardware Plan for Network LAN and WAN                                                     5

          4.3.3 IP Addressing Schemes                                                                                       6

          4.3.4 Network Name and its Entities                                                                           6

          4.3.5 Network Topology for Bank                                                                               6

          4.3.6 Head Quarter/Backup/Operational Center Interfacing                                        7

          4.3.7 Branch office Layout                                                                                           8

          4.3.8 Online Banking Application Server Setup                                                           9

          4.3.9 Firewall Setups with GB Network                                                                      9

          4.3.10 GB Virtual Private Network (VPN)                                                                  10

                     4.3.10.1 HTTPs and SSL                                                                                   10

         4.3.10.2 Proxy Servers                                                                                       10

                     4.3.10.3 NAT and PAT Configuration                                                              10

         4.3.10.4 DMZs Configuration                                                                           11

          4.3.11 Routers Routing Tables Configuration                                                              11

          4.3.12 Firewall Access Control List                                                                             12

5. GB Security Plan                                                                                                                12

    5.1 Introduction                                                                                                                  12

    5.2 Security Services and Processes                                                                                   13

          5.2.1 Authentication                                                                                                     13

          5.2.2 Authorization                                                                                                       13

          5.2.3 Auditing                                                                                                               13

          5.2.4 Confidentiality                                                                                                     13

          5.2.5 Integrity                                                                                                               14

          5.2.6 Availability                                                                                                          14

     5.3 Protection of WAN                                                                                                     14

           5.3.1 Security and VPN                                                                                               14

                    5.3.1.1 Layer 2 Forwarding (L2F)                                                                      15

                    5.3.1.2 Layer 2 Tunneling Protocol (L2TP)                                                        15

                    5.3.1.3 Point to Point Transfer Protocol (PPTP)                                                 15

           5.3.2 IPSec                                                                                                                   15

           5.3.3 Encryption                                                                                                          15

      5.4 GB LAN Protection                                                                                                   15

      5.5 Residual Risk                                                                                                              16

            5.5.1 Incoming Email                                                                                                  16

             5.5.1 Spoofing Data                                                                                                   16

             5.5.2 Web Browsing                                                                                                  16

             5.5.3 Active Directory                                                                                               17

             5.5.4 Encrypted File                                                                                                  17

       2.6 Conclusion                                                                                                                 17

References                                                                                                                              17

 

List of Figures

 

1.      LAN AND WAN Hardware Configuration                                                                    6

2.      Network Topology and Connectivity for GB                                                                  7

3.      LAN, WAN Connectivity Layout of GB                                                                        8

4.      Layout of System Interconnection                                                                                   9

5.      Static NAT Configuration Layout                                                                                    10

6.      DMZ Configuration Layout                                                                                             11

7.      Security Design Layout of WAN for GB                                                                        14

8.      Layout of Proposed LAN Security of GB                                                                                   16

 

List of Tables

 

1.      IP Addressing Mechanism                                                                                                6

2.      Firewall Access Control List                                                                                            12

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1.     Executive Summary

 

Golden Bank operating its banking services in Inland Tivoli. The bank is currently poor network infrastructure and vulnerable with various types of network attacks. The bank management decides that to implement modern technology of network infrastructure with latest security and privacy tools and technologies. The proper analysis of existing network and its security infrastructure is needed to implement the optimal network and security requirement. This needs the design of network with modern network infrastructure with secured communication. The bank has many branches and operating ATMs and backup and operational offices. All these branches and offices are apart from the head quarter. Some branches are also situated on Iceland. Hence, a WAN required to connect all the branches and offices to connect with each other for different categories of transactions processing and support. The network should be too robust to auto configure itself when fails due to any reasons. The security and privacy must be implemented over each device which operates into the Golden Bank networks. The LAN of GB operates into the offices and branches and also inter connected with other LANs of other branches or head quarter, backup office and operational center. A dedicated server for transaction is needed at backup office and in operational center. All the branch offices must be connected with the dedicated servers to process the customer request online. The web portal of bank must be encrypted to secure the bank and customer information either by internal workers of outside hackers. As security and privacy is major concern for the financial organization. Hence, to mitigate this a robust multi domain security implementation with each entity of the GB is mandatory without considering the cost pertaining to the setup. A team work with dedicated officials and consultant are required to properly analyze the network system, and security infrastructure for GB by concerning the high level of availability and security.

 

2.     Scope

 

This project is related with technological aspects of network design and security implementation for the financial organization such as banking system. The banking system is not only limited to branch banking. It has feasibility to perform all the operations through online mode without the help of official support. The major concern is security and privacy of the customer information communication during the operations. Thus, scope is defined as the development of network infrastructure and implementation of security enforcement as required in the developed network and other equipments used in GB premise or customer premise systems. When new system of network and its defensive secured communication run for the customers and officials the physical involvement of both customers and officials reduced very much. The operating cost will become low. The availability of operational time will become 24 x 7 and 365 days in a year. The information dissemination for various tasks of different branches with head quarter is not delayed. All the functionalities become ease to perform by clicks of mouse and keyboard activities.

 

3.     Assumption

 

Golden Bank has headquarter, backup office, operational center and all 28 branch offices are interconnected via WAN and VPN to share the transaction processing with centralized fashion. Followings are the assumptions considered while the developing the network and enforcing the robust security and privacy to the entities.

     Head Quarter office has the main accessibility with administrative privileges.

     The backup office has a load balancer and replication server to replicate the data of transaction processing.

     Backup of data is taken simultaneously after the 20 transactions and each transaction has a tag for rollback.

     The restoration of data is taken with management permission.

     Operational center has a database server implemented over the Red Hat Linux platform.

     A RAID technology is required with operational center to record multiple instances of transactions over different database servers.

     All the branch office Local Area Network has its own operational servers and local administrative policies.

     All administrative policies are same with each branch office.

     The web Portal of GB has to be a robust authentication system for customer. The authentication should have to be with triple layers.

     The GB website must be encrypted.

     All the IP addresses are private for all the premises of the GB.

     The network is always in operational stage.

     A distributed schema of database is implemented over the GB website to perform the transactions over ATMs and websites.

     A firewall is used with each office networks.

     The Intelligent bridge is only used for the connecting of two LAN segments of any office of GB.

     Robustness of each device and network operation is taken before the operations of GB over network and all its supporting system.

     No third party solution for any system is taken except the application software of GB website.

 

4.     Network Design

The designing the network for banking system is a very hard and chaotic task. This needs the exhaustive analysis and requirement specification of the network infrastructure with respect to the domain of functionalities of Golden Bank (GB). The existing network is also considered about its existence completely or partially with new one [1].

4.1  Overview

The functional premise of GB is spread over the 28 branch offices, one backup site, one head quarter and one operational center. In existing system of network there is private virtual connection between the branch offices and backup center. A frame relay network system is implemented over the private virtual connection. This frame relay network of private virtual connection uses T3 leased line. There is also T3 connection line between the head quarter and operational center of GB. All the branch offices of GB which are situated on Iceland connected via T1 leased line. The Local Area Network of branch offices, operational center and backup center operated by the older network access mechanism such as IPX/SPX protocol suite with Ethernet having the 56 Kbps to 256 Kbps data transfer rate.

4.2 LAN, WAN and Frame Relay Suitability and Appropriateness

The WAN of GB connects the branch offices of GB with its head quarter, backup office and operational center. The WAN speed and security infrastructure are not so optimal to support modern business rules of banking functions. Similarly the LAN of all offices of GB is also very slow in data transfer. The internal security of LAN is not so optimal and internal threats are always a problem of bank and customer data. There is no use of public network. The frame relay network is based upon the leased lines that is also more prone to attacks like eavesdropping and taping [2]. Hence, the current networks such LAN, WAN and other networks used for GB is not appropriate and suitable for modern business of banking system of GB.

4.3 Network Design Consideration

First of all the Local Area network design is considered. The Local Area Network of each branch offices, operational center and backup office is designed. The design is based upon current number of official usability and future scalability.

4.3.1 Configuration of LAN and WAN

With consideration of current users and future scalability of systems of GB there are 100 users considered for each branch and other offices of GB including the branch offices situated at Iceland. The Local Area network of each branch offices and other offices are Ethernet Controller based and the main channel of each office with server connectivity is taken over FDDI with fiber optic and copper cables. The multi station switch with star topology is used in each office of GB. For wireless access the access point is configured with star and mesh topology [3].

4.3.2 Hardware Plan for Network LAN and WAN

The hardware equipments for LAN and WAN setup for GB are copper cables, DSL modems, satellite modem, baseband co-axial cable, fiber optic cable, router, gateway, intelligent bridg, source routing bridge, firewall. The router is configured to route the packet only on external link of VPN over the public network such as Internet, Wireless and satellite modems are used to connect different access points of wireless system such long haul communication. The backbone internal connection of LAN is based upon the FDDI topology which is taken over the fiber optic cables. The WAN link of back office, head quarter and operational center is taken by VPN over Internet [4]. The basic configuration setup for LAN and WAN is given under figure 1.

Fig. 1 LAN and WAN Hardware Configuration

4.3.3 IP Addressing Mechanism

IP Address Class

Fraction of Total IP addresses

No. of Network ID bits

No. of Host ID bits

Class A

1/2

8

24

Class B

1/2

16

16

Class C

1/8

24

8

Class D

1/16

NA

NA

Class E

1/16

NA

NA

Table 1. IP Addressing Scheme

4.3.4 Network Name and its Entities

The initial setup of devices and supported systems names are defined and documented at the stage of setting up the configuration. A proper naming convention is taken to name the other expanded network for WAN by routers and gateways. The defined name of each entity of GB network is properly documented and secrecy is maintained. After doing the naming of devices and supported systems there is ease of identification of machine and server entities. The domain name of the GB is configured with anti fishing and privacy maintaining systems. This is done by taking the internal topology of network through Cisco gateway and routers [3][4].

4.3.5 Network Topology for Bank

The routers are used to connect the different branch offices with head quarter, backup office and operational center. The Digital Data Network (DDN) is taken for main line connectivity between head quarter, backup office and operational center. The customer connectivity is taken by the help of Public Switched Telephone Network (PSTN) and Integrated Service Digital Network (ISDN). The value added services of GB the LAN of each office equipped with Fast Ethernet Controller with associated terminals separately. The architectural framework of setup is given under figure 2.

Fig. 2 Network Topology and Connectivity for GB

4.3.6 Head Quarter/Backup/Operational Center Interfacing

The layout of the interface and connectivity of the head quarter, backup office and operational center is given in figure 3. The various peripherals such as servers, routers, firewalls and terminals connectivity are optimized in given layout.

 

 

 

 

 

Fig. 3 LAN, WAN connectivity Layout of GB

4.3.7 Branch Office Layout:

The GB branch offices including the branch office of Iceland has a own database server for transaction processing. The server has also connectivity with other branch offices and haed quarter, backup center and operational center. All the terminals of branch office are equipped with latest desktop machines having the required operating system and application software. There is a server system in each branch office. The computing stations of branch office have the windows system. The data speed of LAN of branch office and traffic volumes are as follows.

1.      High Speed Internet Connection (100 Mbps)

2.      Estimated traffic volume of 30 Users. (3 Gbps).

The layout of system interconnection is given under figure 4.

Fig 4. Layout of system interconnection

4.3.8 Online Banking Application Server Setup

The branch office has a centralized service for oline banking applications and value added services of GB. Following network components are used in this respect.

1.      Encrypted Web Portal

2.      Web Server

3.      Firewall

4.      IDS

The mobile online banking services are based on the  public network service like Internet. This decision is based for the following reasons.

1.      Cost Effectiveness.

2.      Technology with trustworthiness in the given area.

3.      Daily administration becomes easy to do.

4.      High availability and scalability with systems.

 

4.3.9        Firewall Setups with GB Network

First it is required to consider the firewall for different networks of GB [5]. The types of firewall that can be used in GB LAN with operational center, backup center, head quarter and branch offices are as follows.

1.      Static Packet Filter Firewall : This firewall filter all the packet payload without load and store.

2.      State full Inspection Firewall: This applies the heuristics to determine the spurious activity in network incoming and outgoing packets.

3.      Proxy Firewall: This stores and filters the network traffics on the proxy server.

4.3.10 GB Virtual Private Network (VPN)

Virtual Private Network provides the secured internet connectivity for those users who are mobile and using the banking application over public network such as Internet. The remote connections of GB by customers and staffs of GB is secured by the help of VPN [6][7].

4.3.10.1 HTTPs and SSL

There are two different protocols used to enforce the maximum security in communication of banking and customer data [8].

1.      SSL (Secured Socket Layer): Top Layer of SSL consists with HTTP communication.

2.      TLS (Transport Layer Security): Second top layer is under the transport entity.

SSL functions on application layer of TCP/IP protocol suite. It gives the encryption/decryption services with HTTP protocol. All the communication through web browser with GB branches, Head Quarter, backup office, operational centers and mobile users are being encrypted and decrypted by SSL under the HTTP protocol.

4.3.10.2 Proxy Servers

The proxy server is integrated with web browser to limit the access of network of GB. The registered users with registered IP address can access the bank application when proxy server is implemented.

4.3.10.3 NAT and PAT Configuration

THE NAT/PAT configuration is taken for GB premises with the help of CiscoZone configuration by the given below way [9].

1.      Static NAT: The translation of Class C network address such as 172.16.0.5 into Class A IP address 10.0.0.100 for external world via public network for remote access by mobile user or remote desktop users. The layout of static NAT configuration is given in figure 5.

Fig 5. Static NAT Configuration Layout

GB client IP address is 172.16.0.5 and Web server is with 10.0.0.100. Hence, IP SRC = 172.16.0.5 and IP DRC = 10.0.0.100. The source IP addresses are translated when packet moves into outside of the bank network. So, the definition IP inside and outside configured as.

Define the ip nat inside: Ciscozine(config)#interface fa0/0 or Ciscozine(config-if)#ip nat inside

Define the ip nat outside: Ciscozine(config)#interface fa0/1 or Ciscozine(config-if)#ip nat outside

 

Similarly, PAT configuration is implemented with GB.

 

4.3.10.4 DMZs Configuration

 

Demilitarized Zone configuration is taken over the branch offices with the firewall. The branch office, head quarter, backup office and operational center have a DMZ. The inbound and outbound requests are filtered over the firewall and passed out. All the packets first filtered out on firewall and then transferred to the destination. The configuration layout of DMZ with firewall is given under figure 6.

 

Fig. 6 DMZ Configuration Layout

 

 

4.3.11 Routers Routing Table Configuration

The routing tables for the routers of branch offices, head quarter, backup office and operational center are as follows [10].

1.      Head quarter router routing table:

Table entry : 172.16.0.5 – Network Mask: 255.255.255.255

In this entry of routing table, 172.16.0.5 represents the route of packet to ISP DNS Server and 255.255.255.255 represents network mask that forwards all the packets to 172.16.0.5

2.      Branch offices router routing table:

Table entry: 172.16.0.5 – Network Mask: 255.255.255.0

The network mask gives the 255 IP address entry in table for 255 IP addresses for employee and customer systems.

3.      Backup office router routing table:

The back office router table entry are same as that of head office.

4.      Operational center router routing table:

The routing table entry for operational center is same as the head quarter router table entry.

4.3.12 Firewall Access Control List

Following are the access controlled configured for the firewall of GB premises by CISCO basic packet filtering system.

Protocol

Range

IP

1-49, 1138-1499

Extended IP

50-99, 200-251

Enthernet Type Code

200-299

Ethernet Address

600-699

Transparent Bridging

200-299

Transparent Bridging Remote Users

600-699

Extended Transparent Bridging

600-699

Decnet and Extended Decnet

200-299

XNS

400-499

Extended XNS

500-599

Source Route Bridging

200-299

Source Route Bridging for Remote Users

600-699

IPX

700-799

Extended IPX

800-899

IPX SAP

900-999

Standard VINES

1-100

Extended VINES

101-200

Simple VINES

201-300

Table 2. Firewall Access Control List

5.     GB Security Plan

5.1 Introduction

The security and privacy of data and information for a financial organization is highly required. To protect the customers and bank data a proper secured system is needed. The use of public network such as Internet poses so many types of security vulnerabilities. GB is an financial banking organization and there are many branches and offices of GB are based network to communicate the required data and information for regular services. The basic need of security analysis and implementation deals the protection of confidentiality, integrity and availability of data and information of the GB. With respect to implementation of high secured environment under the GB premises and information flowing in public networks such as Internet by remote and mobile users, following aspects are considered and taken to implement. The security plan must hold the implementation of security infrastructure over the head quarter, branch offices, ATMs, backup offices and in operational center of GB. All the devices such as switches, routers, workstations, desktops and mobile devices must be with inherent security plan to protect the confidentiality of customer and bank information. The data store of backup center must be locked and 4 way handshaking techniques is used only by one IT executive to open though the authentication. A unique key must be used at each time to authenticate the user to open the database of backup store.

 

The operational center must be implemented with administrative privileges and the users are supervised to access only the authorize information of any type of transaction. Each transaction except ATM transaction must passes through the hierarchy of verification and record. The data replication must be implemented with backup centre and a replication centre which must be located outside of GB Premise.

 

5.2 Security Services and Processes

 

In banking system there is need of high and robust security and privacy architecture. The protection of customer and GB data and information from hackers and attackers either internal or external is very challenging aspect. To protect the information which is private and confidential and related with bank entity or customer following processes are taken under the GB functional domains.

 

5.2.1 Authentication

Each user such as bank staffs at any level and customers must be authenticated first to use the assigned domain of functionalities. Who can access and who cannot access the systems are defined by this process. The authentication processes are implemented by a technique of strong password. The password system for authentication is robust and it requires to change with the given time interval. Second layer password also be required to do any transaction online [11].

 

5.2.2  Authorization

 

The process of authorization determines what portion of information is accessed by the authenticated user. It means the implementation of access privileges and rights of both GB employees of various domains and customers of bank with public network interface. The customer can access only the account information intended to him/her and employee can do only the functions as specified on entities on which he or she is authorized [11].

 

5.2.3        Auditing

 

Regular auditing is imposed with different auditing tools. All the auditing tools are registered first with defined users. The auditing is performed at branch level and separate auditing is taken with the different categories of transactions. The customer frequency for transactions and other functionalities are also audited by concerned branch of GB. An branch employee of GB who has been assigned the privileges to perform time based audit of activities performed on the entities of the GB servers and storage. This determines the accessed information and its legitimacy behind access. Audit trail is implemented with record in backup devices with information such as the entity value before transaction and after transaction and date of transaction, terminal ID, user ID, Name, Entity domain name, time and success or failure condition [11].

 

5.2.4        Confidentiality

 

The data and information pertaining to customers such as user identity, passwords and transaction information flowing in communication channel must be secured for unauthorized disclosure. Similarly the privacy of employee information like identity and password also be private. Maintaining the confidentiality of these information is based on the defense mechanism and social awareness [11].

 

5.2.5        Integrity

 

Data integrity is most crucial with respect to banking system of GB. The user or employee data must be the same at receiver end. The attacker may intercept the data during the communication and then change and replay the same to receiver end [11]. The information stored in storage medium must also be protected in such a way to not allow to be changed by anyway.

 

5.2.6        Availability

 

Availability relates the services of GB and it must available for customers 24 x 7 daily. The attacker can push unwanted packets into the GB network to congest the network. When this happens then customers or employee may not be able to access the data from any servers. Hence, a proper mechanism to protect from DOS and DDOS attacks [11]..

 

5.3 Protection of WAN

 

VPN is a good solution to organize a secure access to internal networks remotely. IPSec is configured with VPN to produce more security of WAN. Encryption technology implementation with network is again a good technique to protect the data during the remote access. The public key cryptography is most suited for GB to protect all data [12].

 

The Security design to implement with WAN is given under figure 7.        

 

Fig. 7 Security Design Layout of WAN for GB

 

5.3.1 Security and VPN

 

Virtual Private Network of GB is more prone to be attacked by hackers and malware programs. VPN is private network of GB which uses the public network such as Internet. For mobile users VPN provides a secured environment to do the banking functions [12]. With windows servers there are three layers for VPN to provide maximum security services for the branches and other offices of GB.

 

5.3.1.1 Layer 2 Forwarding (L2F)

 

It creates Network Access Server (NAS) which initiates tunnel by forwarding the point to point session from one end point to other end point under the sahred environment. It is not clien based system and also not uses the L2F client software. The RADIUS and TACACS+ protocol is used under this for authentication. This does not supports encryption.

 

5.3.1.2 Layer 2 Tunneling Protocol (L2TP)

 

This protocol with VPN under GB creates tunnel between end user of GB over the public network and LAN. The IPSec for client or end user to gateway and gateway to gateway security configuration is defined by this under all premises of GB.

 

5.3.1.3 Point to Point Transfer Protocol (PPTP)

 

It creates the protected tunnels between PPTP enabled clients. This is basically dedicated protocol for that GB employee who uses the GB services remotely for GB functionalities.

 

5.3.2 IPSec

 

IPSec is packet level encryption of data which is payload under the packet. A set of standards that verifies, authenticate and encrypts data and information at the IP packet level. In GB branches and offices the entire packets are encrypted and encapsulated with IPSec [12].

 

5.3.3 Encryption

 

The data is encoded with asymmetric key cryptographic system. All the messages are encoded and then communicated in branch offices LAN, GB head Quarter to branch offices and backup offices and also GB head quarter to operational center are more secured. The sending entity encrypts the message by public key of receiver and receiving entity uses its own private key to decrypt the message [12].

 

5.4 GB LAN Protection

 

Local area networks of branch office, head quarter, backup office, ATM and operational center of GB are protected by implementing the controls such as active directory, windows server update services (WSUS), windows right management services (WRMS) and surf control emais by PGP. The proposed design layout of  LAN Security of GB Premises is presented under figure 8.

 

 

Fig. 8 Layout of Proposed LAN security of GB.

 

The antivirus is installed centrally on the server of LAN to protect all the clients connected with the LAN. For GB Symantec Antivirus with latest patch update is installed to protect the LAN clients and server entities from malwares, virus and worms [12][13].

 

5.5 Residual Risk

 

Followings are the residual risks associated with customers and entities of GB including ATM and verities of offices [13].

 

5.5.1 Incoming Email

 

The spam emails and unsupervised emails are filtered out and blocked in GB network. The incoming email includes the threat that causes problem in networks and systems. If the email does not contain spasm or malware programs the exchange server allow to go to recipient.

 

5.5.2 Spoofing Data

 

Tampering of data during the flow in VPN channels and Internet is protected by IPSec tunneling with enforcing encryption with strong auto generated random key.  A Pre-shared key is used for the authentication. Each branch sends the message to other by encrypting the public key of other. The receiver then applies its private key to decrypt the message. This is employed in all GB premises to provide high security

 

5.5.3 Web Browsing

 

ISA server secures all the network of GB by firewall. This also accelerates the web access during cashing HTTP which user request for HTTP protocol to access the web resources of GB. A web filter implemented with firewall also filters each packet content to ensure the maximum security upon the web content. Allow and disallow of web content based upon the web filter heuristics.

 

5.5.4 Active Directory

 

This secures the systems of GB LAN’s from viruses and malwares. This active directory holds the group object policy which is controlled by LAN’s administrator to provide the permissions to users of the branch offices of GB. The media source such as CD, DVD, Pen Drive, and any plug and play medias are blocked to use under the GB branch offices.

 

5.5.5 Encrypted File:

 

Windows right management service is implemented to protect the data and information from unauthorized access. When a user has to send a file then user encrypt the file contents by public key of receiver and then sends to the legitimate receiver. The receiver decrypts the file content by applying the its own private key. This is possible when the public keys of all users are advertised in each branch of GB. Hence, first a key pair is generated and the public keys of each key pair is advertised and private key is assigned to legitimate users of GB.

 

5.6 Conclusion

 

Golden Bank of Inland Tivoli is currently running with older network technologies framework. The data speed of network is very low and the network does not support huge load during peak time of banking operations. The branch offices of Golden Bank is situated apart 100 K.M from its head office and backup center and operational center. Some branch offices are also situated at Iceland. ATM is also connected with the various branches. The traditional mode of operation of GB is not secured with respect to its employees and customers. The confidentiality and privacy is main concern behind the GB including modern network system. Security and privacy is prime theme to provide to its all entities such as LAN, WAN, VPN, Servers, Exchange Servers, desktops etc. The major security problems associated with GB are hackers, virus, intruders, malwares and employee and customer intension motivated thinking. To secure the GB entities a robust security plan implementation is very much required and new network design includes the high level of security infrastructure implementation. The security plan is implemented with respect to the operational aspects of systems. Many security plan aspects are considered for GB and included into the plan to mitigate all the security problems. All the plans are tested and implemented through the plan properly and efficiently with respect to the administrative benchmark.

 

References:

 

[1] Panko, R. (2003). Business Data Networks and Telecommunications, 4 th edition, Upper Saddle River, N.J. Pearson Education.

[2] http://www.pearsonhighered.com/samplechapter/1587132125.pdf.

[3] https://www.imf.org/external/pubs/ft/wp/2011/wp1174.pdf.

[4] http://siteresources.worldbank.org/DISABILITY/Resources/Universal_Design.pdf

[5] Whitman, M., Mattord, H., & Green, A. (2012) Guide to Firewalls & VPNs, 3rd edition, Boston, MA. Course Technology, Cengage Learning.

[6] Munasinghe K. S. and Shahrestani S. A., “Evaluation of an IPSec VPN over a Wireless Infrastructure,” in Proceedings of the Australian Telecommunication Networks and Applications Conference (ATNAC 2004), pp. 315-320, December 2004a.

[7] Munasinghe K. S. and Shahrestani S. A., “Analysis of Multiple Virtual Private Network Tunnels over Wireless LANs,” in Proceedings of the 3rdInternational Business Information Management Conference (IBIMA 2004), pp. 206-211, December 2004b.

[8]  Stallings W., Cryptography and Network Security, 4/E Prentice Hall, 2006.

[9] Weaver, R., Weaver, D., & Farwood, D. (2014) Guide to Network Defense and Countermeasures, 3 rd edition, Boston, MA, Course Technology, Cengage Learning.

[10] Forouzan, B. (2010). TCP/IP Protocol Suite, 4 th Edition, Boston, MA. McGraw-Hill Higher Education.

[11] Ciampa, M. (2012). Security+ Guide to Network Security Fundamentals, 4 th Edition, Boston, MA. Course Technology, Cengage Learning.

[12]Http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/ crs /express_8_0/design/guide/uccx80srnd.pdf.

 

 

 

 

 

 

 

 

 

 

[13]http://literature.rockwellautomation.com/idc/groups/literature/documents/rm/enet-rm002_en- p.pdf