1. Describe how creating zones is helpful in the design of a DMZ and security solution for the LAN-to-WAN Domain?
DMZ is a physical or logical subnetwork that contains and exposes an organizations external-facing services to a larger and untrusted network, usually the internet. The purpose of a DMZ is to add an additional layer of security to N dmz, rather than any other network.
2. How many zones does your design incorporate? Do you think an additional zone may be needed if the e-commerce server was implemented? Explain why or why not?
There are 3 zones in the design. The public, Private and DMZ zone. No additional zones would be needed for the e-commerce server as you could split it between the DMZ and the private zone. The end that houses the secure and vital information will be in the private zone while the other part will stay in the DMZ zone.
3. While supporting IP-SEC VPNs provides a secure, remote-access solution for mobile employees, it does not scale and requires stringent security operations and management procedures. What alternatives would you recommend for a scalable remote-access VPN solution for your design?
SSL connection with thin client connection
4. As per the functional and technical requirements, where must you terminate the VPN tunnels for remote-access users?
Depends on how the VBPN is setup. If you use full tunnel that the connection can allow access all over the LAN or it can be limited to mail servers.
5. Where would you put an e-mail filter and quarantine system in place to scan and monitor e-mails and e-mail attachments? Explain why.
I would l place it in the DMZ with the mail server. I would pick dthis area since this is where the mail server is placed and also if the filter catches something it can quarantine in the DMZ where it is away from the private network.
6. Where would you put a content filter system in place to prevent employees from non-business use of the Internet connection? Explain why.
Your message security services includes content manager, which you can xuse to create custom content filters for emails. These filters can block or quarantine messages with specific words or phrases or unique patterns of letters or numbers. You can set up content filters for both inbound and outbound email. Filters always gets used for the user.
7. Explain how your IDS/IPS positioning and solution achieves the C-I-A goals of the internal network.
It defines a system that is inspects network data flow, and when a security event occurs a team of analysis is there to do their job. The main requirement for this kind of operation is a tuned IDS system to detect events that matter to the organization were something can be done in response to them.
8. Explain how the risk of data leakage can be mitigated with a data leakage prevention system and security monitoring controls.
Can be mitigated by performing content-aware, complete sessions are always being tracked