You have been hired to set up a local area network with a firewall for a Windows

Question

You have been hired to set up a local area network with a firewall for a Windows® network at a medium-sized company, Taylor & Sons Financial Consulting. The network will have 100 users and 10 applications used extensively by 80 of the employees. Ten of the employees are clerks and should have read-only access to the databases generated by the applications. The owner is worried about security and wants a firewall installed. The company is physically located on the first three floors of one building.

Your job is to develop a local area network plan for Taylor & Sons Financial Consulting, including the layout of the network, user and group access, and security. Create a boardroom-quality PowerPoint® presentation of 10-12 slides detailing your plan. Be sure to include flowcharts of the physical and logical network and an explanation of why you would choose to develop the network in the format you select. Include details regarding the technology needed for your plan and what benefits that technology would have. Utilize speaker notes to elaborate on the key points of your plan.


For the most part I am stuck with the power point presentation.

Explanation / Answer

Ok, I'll bite. One 16bit network, each floor having it's own 24bit subnet just because I can and it reflects the physical layout. Future F up. No mention of file server or domain but I'll assume smb/nmb so one PDC with, at minimum 1 BDC, maybe two if performance demands it.. Blanket firewalls & routing can be thrown up quickly based on floor (24bit), sorry but you'll have to craft specific rules at some point. I'm just making my life easier for the logs. Maybe you'll want the clerk upstairs, down stairs or anywhere at any time but I don't care because IP shouldn't be tied to authentication anyway. So that'd be either three routers with firewalls or one linux box with three nics or vlans. I bet I could do it with one WRT160N (dd-wrt configured with three vlans and three dhcpd servers) and switches but maybe pfsense just to confuse them. Anyway that's just to keep people honest...

Probably leverage Samba with Wins and dhcpd for static ip (for the machine more than anything) and to give users a local/roaming profiles so the db authentication should be domain authentication hence single sign on.

80 employees would be alot of traffic so RDP is out... maybe not. Choice:
- VNC or RDP connection to virtual machine with the software. db connections are then limited to your virtual machines so firewalling at the db is easy, deny all except your VMs and db authentication (& location if desired) then determines rw access. I can spin up a virtualbox in 5 minutes so loading is a non-issue. But 80 of anything represents a big load. Question is how many licences are you willing to buy.
- Software resides on desktop. Database authentication then determines rw access. Firewalling at the db then permits connections, you already know your subnets, so db authentication then determines who has wr access (locations - ip or subnet if desired just keeps people honest) which is domain authentication.


Good luck. That's what I can kickout in 3min without pen and paper. Nope haven't considered your perimeter, yep you gotta balance ease in troubleshooting and maintaining (future F up) with what's the least equipment that you need.

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.