Networks and security project

plan.
(Tivoli Central University)

Network security plan:

TCU Network Characteristics
Has 03 main locations HQ, Backup and Operations.
05 Metro remote branches and 04 Rural remote branches.
12 External links to partners (Hospital & Research establishment)
30 K On campus and 10K Distance learning students.

Network security plan summary:

TCU NetworkVital Assets
Data Center at Operations Site & Backup Site.
Research related information and content.
Learning/Academic related Copyright Material.
IPR owned Content.

Network Re-design component:

The logical view of the re-designed TCU network is depicted on the slide.
Only the distance learning students enter the TCU network via Internet.
As presented in the slide the TCU has learning content which will be
hosted from two facilities of TCU one at Operations and other at Backup
site.
The external partner such as research establishment and hospitals are
interfaced with the TCU over a dedicated WAN link as an Extranet
connection.

The remote sites i.e. the metro and rural campuses access the university
facility over TCU owned WAN.
Devleoping the logical view of the red-designed TCU network further the
physical topology of the network is as shown on the slide.
The remote campuses and the 03 core sites i.e. Northampton campus,
Operations facility and Backup facility are connected as a intranet.
The partner establishment, distance learning student and internet access
is treated as Extranet connections to manage its security implications
properly

Network Re-design: IP Addressing

scheme.
The complete TCU WAN network will we planned in the address block of
172.16.0.0/16
Subnets distribution:
Infrastructure Assets Subnets
Data Center

: 172.16.0.0/24

DMZ

: 172.16.1.0/24

Backup DC

: 172.16.2.0/24

Since the TCU network is distributed over many remote campuses it will
have number of WAN links. To keep these network segments i.e. the WAN
Links secure the smallest of the subnet has been planned with just enough
addresses to accommodate the 02 WAN interfaces at each end.
The subnets can be expanded further in the same direction in case of any
additional links coming up for address assignment.
The subnets for the campuses have been planned as shown in the slide:
The main campus at the Northampton has highest number students and
consequently IT infrastructure. Hence a subnet mask of /22 has been
allotted which gives a capacity of 1022 hosts.
All other remote campuses have been allotted a mask of /23 which gives a
capacity of 510 hosts at each site.

Threat perceptions:
The TCU network uses an third party ISP to interconnect its campuses and
also internet is used for distance learning student.

This exposes the TCU network to the threats and attacks.

--Network Level which primarily deals with the point to point connectivity
and network access at all levels.
--Host level assessment which primarily deals with the end point
platforms. This includes both the desktops and the servers.
--Application level assessment which provide secure access to authorized
persons maintaining data security at all times

Testing:
The re-designed TCU network is being presented.
On receipt of the valuable feedback from the stakeholder and all
concerned we will realign the design as per the feedback and prepare a
test schedule.
Once the design is frozen the PoC setup will be developed with relevant
use cases and test cases to validate the design key factors.

Project deliverable status:

The network security plan components, Network Topology and the IP
addressing scheme for the proposed solution have almost been
completed.
The implementation, PoC document are in the draft compilation stage and
will be presented during the next review.
The recommendation to the university on the telepresence, BYOD and
cloud services is being drafted. The subjects have been researched and
under compilation. These will be presented to you during the next review.