To develop the necessary design requirements for World-Wide Trading (WWTC), we started by identifying their business and technical goals.
Business Goals
• Increase revenue from 10 billion dollars to 40 billion dollars by the year 2015
• Reduce the operating cost from 30 to 15 percent by the year 2015 by using an automated system for buying and selling
Technical Goals
• Provide secure means of customer purchase and payment over Internet
• Allow employee to attach their notebook computers to the WWTC network and Internet services
• Provide state of the art VoIP and Data Network
• Provide faster Network services
• Provide fast and secure wireless services in the lobby and two large conference rooms (100×60)
Local Area Network Requirements
• Separate VLANS for classified and public areas
• Separate VLANS for voice and data
• Quality of Service (QoS) policies for high priority traffic, such as business critical application, voice, and data transmissions
• VoIP communications will utilize the H.323 transmission protocol, while also utilizing G.711 compression over a Public Switched Telephone Network (PSTN)
• Wireless will need to be configured for both the public and classified areas, including their assigned VLANs
• DMZ for e-commerce, ftp, and other external transmissions
• RRAS server for remote Dial-in users with backend RADIUS authentication
• Modular design utilizing a high availability network approach
• L2TP/IPSec for site-to-site connectivity
• BGP with authentication for ISP connectivity
• EIGRP routing protocol for internal LAN
• BGP redistribution connecting the WAN to the LAN
• Intrusion Detection and Prevention System (IDPS) and Firewall to protect the network edge from attacks, including Denial of Service (DoS) and other forms of attacks
Network & Active Directory Security Requirements
To further categorize the design requirements of WWTC’s network, these requirements were broken into two categories Classified and Public. These two categories will represent both separate physical areas and separate logical areas of the network.
Classified
Physical
• Highly secured area with physical locks, biometric authentication, and CAC cards
• User physical access utilizes the need to know access control
• 24×7 Security guard
• Monthly security awareness training for all employees
Logical
• Modular network design
• Separate VLAN for Classified
• All router and switch ports have port security configured and require authentication
• User’s access to network resources utilizes the need to know access control
• Secure wireless via company issued laptop or wireless devices, utilizing WPA2 with RADIUS Authentication
• Domain utilizing active directory to handle user logins over Kerberos with Smart Cards
• Firewall and Intrusion Detection and Prevention System (IDPS) on network edge to filter all traffic
• IP Security (IPSec) used to secure all sensitive communication traversing the network
• L2TP/IPSec with AES 256bit encryption for virtual private networks (VPN’s), including backend RADIUS authentication
• DMZ configured to only allow necessary public access, while still filtering accessible ports
• All servers and systems utilize 256bit BitLocker full drive encryption (AES) through active directory and boot pin
• Group policy limiting user’s use of flash drives and other forms of portable media
• Group policy enforcing full drive encryption for BitLocker
• Group policy configured to limit user access based on need to know access control
Public
Physical
• Physical locks on doors are locked during non-business hours
• 24×7 Security guard
• Monthly security awareness training for all employees
Logical
• Separate VLAN for Public network
• Switch ports are accessible to the public
• Secure wireless with open-access that utilizes SSL Certificate to secure each users session
• Public facing servers residing in the DMZ are configured for HTTPS access
• Use of L2TP/IPSec for site-to-site connectivity
• BGP authentication to connect to ISP
Active Directory
• RADIUS authentication for all systems and users
• BitLocker encryption for all systems and servers at the 256bit level with BOOTP and Active Directory Integration
• SMART Card integration and authentication
• Enable branch cache to accommodate company branches across the globe, while also limiting bandwidth
• Use of L2TP/IPSec for site-to-site connectivity
• Group policy limiting user’s use of flash drives and other forms of portable media
• Group policy enforcing full drive encryption for BitLocker
• Group policy configured to limit user access based on need to know access control
• Separate organizational units (OU) for both classified and public users, which also contain sub-OU’s for each department
• Three high-end blade servers for each branch configured for RAID-10
• Multiple Hyper-V servers configured as one domain, and providing essential functions such as, certificate, file, audit, back up, distributed file system (DFS), RADIUS, application, and other essential business services
• Multiple Hyper-V virtual servers configured as failover cluster servers on each blade server for added redundancy

Use the order calculator below and get ordering with essaygeek.com now! Contact our live support team for any assistance or inquiry.

Free Quote