An educational institution provides higher education services to its students and staff. It is located on a single campus. Students and staff use the network services from hosts on various different user networks, as show in the attached picture
Due to an increasing number of security violations, a possible redesign of the network
infrastructure is to be investigated. Your task is to propose
security enhancements, and produce a small report. The aim of the exercise is to present a
possible solution to the problem at hand by creating a prototype of the new network
security infrastructure. This new design should tackle the following components:
•?Provide best practice network egress and ingress filtering at the network
•?Create a perimeter firewall, with an appropriate topology to provide the
organisations services, including public web, and mail servers. The firewall should
have a closed security stance, and provide public services in a secure way.
•?Provide secure access to all devices, from the security management subnet.
Additionally, you should suggest how to defend against common Advanced
Persistent Threats (APT), using network defenses.
You are required to analyze the new system requirements and design, implement and
justify a prototype for each component of the proposed system. Your proposed system
can be implemented on virtual networking software (such as GNS3).