CSN11111/8 – Network Security Coursework
A university providing higher education services to its students and staff, is located in a single campus. Students and staff currently use the network services from hosts on various different user networks, as shown in Figure 1.
Figure 1 – Current Network
Due to an increasing expansion of the services, the university decided to open additional Testing Centers to offer new security courses. The new sites have to be connected in secure manner to provide access to resources for students and staff. You are to research security enhancements for this new multi-campus network, and to produce a network design with the security enhancements into consideration. Each component of the new network has to be critically studied, analyzed and justified.
You are also required to prototype the components of this new design. Your proposed system can be implemented on the virtual networking software, based around the module practical work. The system should aim to demonstrate your mastery of the subject. Each component of the system can be developed separately, and it is not necessary to implement an entire working system.
In the new design, you will include various components. However, to achieve the goal of the new design, you need to research and incorporate new secure connections to the following mandatory components of the security policy:
- Provide best practice regarding Network Address Translation (NAT) at the network perimeter.
- You can use any IP address range for the translation purposes – inside global address range.
- Provide static NAT entries for traffic accessing from OUTSIDE to public facing services
- Consider best practise ingress filtering which could include RFC 2827 filtering, and for known malicious traffic.
- Consider diagnostic protocols such as ICMP.
- Create a perimeter firewall solution, with an appropriate topology to provide the organisation’s services, including public web, and mail servers. The firewall should have a closed security stance, and provide public facing services in a secure way.
Outline Network Security Perimeter Policy:
- OUT>DMZ – Only access to necessary services.
- OUT>IN – Prevent unauthorised access to University systems from the Internet.
- IN>OUT – Inside network has access to the Internet for Web traffic, and DNS at a minimum (depends on Egress policy decided on).
Consider blacklisting of known problem websites: you can use two valid
Web site URLs to test your blacklisting rules, such as
Staff/Students – Only access to necessary services.
Admin access to Perimeter Assets via secure methods: Remote admin access to servers for administration, secure file transfer to web servers, and secure remote admin for any security devices (e.g. firewall), from a single sysadmin machine on the management network. Diagnostic protocols allowed from a single sysadmin machine.
- Consider useful logging from DMZ/firewalling network devices, possibly to a central server.
Moreover, you are required to produce an academic report around the work. In the report, you also need to:
- Conduct a brief literature review
- For each of the proposed key components.
- On the subject of ‘Honeypots’ in the context of the network perimeter. Critical analysis on the related academic literature, possibly selected technologies and tools should be included. This part of the coursework should be research only and be confined to a sub-section of the Research Section and not implemented (see Marking Schedule below).
- Detail the design, analysis and justification of each component.
- Document and reflect on the testing of the prototype.
- Discuss the limitations of firewalls with respect to encrypted traffic and suggest possible solutions to this problem.
- Draw overall conclusions.
Introduction [5 marks]
Demonstrate an understanding of the problem specification, the challenges and the approach you are going to take.
Research and Design [30 marks]
This should show an outline of the proposed system, and the main design features.
- Provide a short literature review for each of the proposed key components, demonstrating research from a variety of sources, and including critical analysis.
- Provide design of network security system components, and justify your decisions based on your research, such as possible threat mitigation.
- A short literature review on Honeypots in the context of the network perimeter outlining strengths and weaknesses.
Prototype Implementation [20 marks]
This should define an outline prototype implementation of the system.
Implement the key components of the proposed network perimeter design. Describe and show examples of your prototype implementation including diagrams for components implemented, key configuration with brief explanation. There will not be practical demonstration.
Testing, Discussion/Evaluation [30 marks]
This should show testing, and outline the results of any evaluations that you have made.
- Describe and demonstrate the testing methods used for the components tested, showing examples of the outcome of the testing. This could be example screenshots and a brief discussion.
- Include discussion/evaluation of the methods, systems and technologies used, referring to the literature review, and the aim of the project. Assess the benefits and limitations of methods used.
Conclusions [5 marks]
This should summarize the work, and reflect on the main findings.
- Draw conclusions about the network security system created.
- Recommended future improvements based on your findings, can also be included.
References/Presentation [10 marks]
Full academic referencing of peer reviewed papers, technical papers, books, and web sites, using thorough the Harvard referencing format.
- Reference all materials used, citing every reference in the body of the report.
- All references cited should be listed at the end of the report, using Harvard referencing format.
The Coursework Report
- The report should be in 11 point text with normal margins.
- It must be typed in English.
- It must be submitted by the date shown above to the link on Moodle. If Moodle is for some reason down when you try to submit, then exceptionally it can be submitted by email to the module leader. This must be by the deadline.
- It must be completely your own work, and all written in your own words.
- There are no extensions available for this coursework.
- The document should have page numbers, and should be submitted as a PDF.
- Total report size is 8 pages plus a 1 page cover (sample cover sheet in Appendix A). Extra pages may not be graded. Cover page, References, and the Appendix are not counted in the page count, but are also not graded.
- Please ask questions if you have problems…
You can submit the report to Turnitin coursework submission link multiple times. Only the last submission you make will be graded. Be aware there is a 24 hour delay between submissions, to prevent misuse of the service. Check the similarity index generated, and work on keeping this as low as possible. An index above 7% typically can indicate a possible problem, increasing your chances of being referred to the Academic Conduct officer, but review what is being highlighted. Some things, such as configuration, and references may produce many similarity matches to other work, and so long as the matches are not all from one source, these should not be of concern. If you are in any doubt about your similarity result then please ask.
If you have attempted this coursework before, for example repeating the coursework as a resit attempt, each attempt must be a completely new attempt. Do not use any text from a previous attempt.
Appendix A – Sample Cover Sheet
Perimeter Network Security Coursework
Coursework Submission for MSc ASDF CSN1111X
Edinburgh Napier University 2019-2020 Trimester 3
Appendix B – Feedback Form
CSN11111/8 Coursework – Feedback Form
Matric No: ____________________________
|Research and Design||/30|
|Testing, Discussion and Evaluation||/30|
|Referencing and Presentation||/10|
|First marker Initials: Final mark: _______/100 Additional Comments: Please note that this mark is provisional, and is provided to give you an indication of your grade. At the end of the module, the quality of all your coursework will be moderated to provide a final grade. Fail Pass Distinction|
|0- 9||10-19||20- 29||30- 39||40- 49||50- 54||55- 59||60- 64||65- 69||70- 74||75- 79||80- 84||85- 89||90- 94||95- 100|