Introduction: For the final project, you will be tasked with the design of a “secure” infrastructure. Based on everything that you have learned this semester, you are to read the following specification of a company’s resources and do the following: 1. Identify the operations of the organization and their security concerns 2. Research solutions to resolve company's concerns 3. Recommend hardware and software to meet their needs 4. Provide graphical representations of your proposed changes to the architecture 5. Present your proposal to the board of MyCo Company Details: My-Co is a technology development company located in the Midwest. They are owners of the very popular WidgetTech software which implements a GUI interface used in the design of widgets. They have recently had a break-in and suffered a data loss event, which led to account compromises and the destruction of some proprietary R&D data. As a result, you have been hired to propose changes to their infrastructure to ensure that this doesn’t happen again. Because My-Co is leaving their currently “open” environment, they have some requirements which will need to be addressed. Attached is a drawing of their infrastructure. The company is broken down into 8 specific groups: 1. Software Development (existing software lines) 2. Research and Development (new software and hardware ventures) 3. Quality Assurance (software validation) 4. Network Administration (LAN and WAN and network security) 5. System Administration (server and desktop duties) 6. Product Sales 7. Customer Support 8. Financial services Physical Location: Myco occupies a campus environment in the far northern suburbs of Chicago in Lake County Illinois. The campus is comprised of three large office buildings. Building 1: Main office building The main office building is a three-level, 42,000sqft office building. The main technical feature is a centralized utility column in the center of the building. The MDF is located on the 1st floor with two IDFs located directly above the MDF on the 2nd and 3rd floors. Outside plant fiber, 9-micron SMF (OS2 ISO/IEC 24702), is terminated within the MDF, with 72-strands running to Building 2, and 72-strands to Building 3. Each of the IDFs and the MDF are composed of 3 open-frame 2-post racks (42RU high). Rack 1 houses fiber termination and copper panels occupying the first 20RU of the rack. Rack 2 is intended for networking equipment. Rack 3 contains additional copper panels occupying ~30RU of space. The MDF and IDFs each have 2x30a 208vac circuits terminated with L6-30R receptacles. Neither circuit is backed by emergency power. The disposition of the space is exclusively desktop and wireless users taking advantage of Category 6 cable from the MDF/IDF to desk locations. Building 2: IT and Datacenter The IT area is 10,000sqft laid out in a typical office environment. Outside plant fiber, 9-micron SMF (OS2 ISO/IEC 24702), is terminated within the MDF, with 72-strands running to Building 1, and 72-strands to Building 3. A single MDF is located in the area consisting of 2 racks. Rack 1 houses fiber termination and copper panels which occupy the entire rack. Rack 2 is intended for networking equipment installation. The MDF has 2x30a 208vac circuits terminated with L6-30R receptacles. One of the circuits is provided with generator backup. The Datacenter is a 5,000sqft facility containing 16 racks in an 8x2 arrangement leveraging a common hot-aisle. Each rack is configured for 10kW redundant power services, delivered via 2xL21-30R receptacles. One is delivered via pure commercial, the other via generator-backed UPS. Racks are 4-post enclosed racks which require front-to-back airflow. Two racks, one at either end of each row, are designated as networking racks. They contain 72-strand SMF bundles which are terminated in the MDF, and 72-strand MMF (OM4) delivered to each rack. Building 3: Customer Support/Sales The customer support/sales office building is a two-level, 15,000sqft office building. The MDF is located on the 1st floor in the west corner of the building. A single IDF is located directly above the MDF on the 2nd floor. Outside plant fiber, 9-micron SMF (OS2 ISO/IEC 24702), is terminated within the MDF, with 72-strands running to Building 1, and 72-strands to Building 2. The IDF and the MDF are composed of 2 open-frame 2- post racks (42RU high). Rack 1 houses fiber termination and copper panels occupying the first 30RU of the rack. Rack 2 is intended for networking equipment. The MDF and IDFs each have 2x30a 208vac circuits terminated with L6-30R receptacles. Neither circuit is backed by emergency power. The disposition of the space is exclusively desktop and wireless users taking advantage of Category 6 cable from the MDF/IDF to desk locations. Since this location is accessible to the public, there is a large visitor population on the network. Internet Connection: My-Co has a single internet connection delivered via SMF to ISP equipment installed in the MDF of building 2. The handoff to My-Co is a 500Mbps dedicated connection, implemented on a 1Gbps copper Ethernet connection. Static routes are currently used to direct traffic at the Internet. Core Services: These groups are separate entities; however, they utilize a core set of resources which are common to all. The following systems are used by all groups to accomplish their tasks, some are internal only, others are publicly accessible: 1. File Services (NAS implementation proving SMB, NFS and AFS services providing home directories, development directories and redundant storage) 2. Backup Services (tape backup system leveraging IBM Tivoli services) 3. E-mail Services (clustered premise Exchange servers) 4. Web Services (allows for registration and access to downloadable products, also hosts internal web sites for documentation, announcements, etc.) 5. FTP Services (allows for downloads of licensed and evaluation copies of software products as well as move software from development to the QA group) 6. Database services (clustered MS SQL Server, allows storage of development and testing data as well as customer data and other important information) Desktop Environment: The remainder of their infrastructure is comprised of desktop systems in the following way: 1. Software Development – 67 Linux (Debian, CentOS and Ubuntu), 21 PC (Win8), 21 Mac (various) 2. Research and Development – 31 CentOS 3. Quality Assurance – 22 PC (mix of Win8 and Win10) 4. Network Administration – 7 Mac (various) 5. System Administration – 6 Solaris, 3 Debian 6. Product Sales – 27 PC (Win7) 7. Customer Support – 14 PC (WinXP and Win7) 8. Financial – 8 PC (WinXP) Business Requirements: In order for My-Co to continue to work, they need to support the following: 1. Core services need to be available to all groups in one form or another 2. Company users need to be able to reach the internal resources from the road (while visiting customers) and from home 3. Customers need to be able to communicate with the company via e-mail 4. Customers need to be able to access information on both the web server and the FTP server 5. Development groups need to be able to move software to the QA group for analysis 6. Customer support and sales needs to be able to interact with customers outside the infrastructure 7. Network and Systems Administration needs access to computers and network equipment for management 8. Financial systems are to be isolated from everyone, but still have access to core services and the Internet 9. Redundancy and resiliency are important services for all users Deliverables: Based on the specifications and requirements above you need to provide the following: 1. Drawing of your proposed infrastructure as detailed as possible 2. Network Addressing Plan (if changes will be proposed to the current layout of subnets, IP subnets should be documented) 3. Recommended hardware and software solutions a. You are not required to provide a single-vendor solution, but if you do, be sure to research multiple vendors to ensure you have found the best solution 4. Documentation as to how you arrived at these decisions including hardware and software comparisons 5. Two status updates one electronic update via email, and another either electronic or “face-to-face” by appointment during the week of 4/19 prior to your presentation. 6. A presentation will take place. Each individual should prepare for a 20 minute presentation. Presentations will be delivered via Zoom at a time that is convenient for all parties. It is also possible that pre-recorded submissions may be allowed. Details on that process will be shared as we get closer to submission time. If you have questions or concerns in this area, please initiate a discussion with me. Contact and Questions: The CIO of My-Co will be your point of contact. You may ask the CIO any questions regarding the organization, interoperation or procedures associated with the company. Any assumptions you make need to be documented and justified in your proposal so that there is no room for interpretation. You may make any changes you wish as long as you do not violate the vision of the organization (i.e. their product development and distribution must continue, otherwise you don’t get paid). All communication with the CIO will be kept confidential. All communication related to the project MUST be exchanged with
[email protected]. Grading: Grading will be as follows for 200pts – Split between the following: • 75pts – Hardware/service selections that augment or replace existing infrastructure • 75pts – Drawings and documentation showing research and justification • 50pts – Presentation of the above 200pts – total 100 bonus points will be awarded to the individual who provides the best solution.