Bangladesh University of

Professionals

Cyber-Security Fundamentals

Assignment: Design a Secured Network Architecture and

describe it and its components.

Reported To: Md. Mushfiqur Rahman

 Group Members

NAME ROLL
1.Mohammad Masudur Rahman Khan 24525201029

2.Raza Zahir Khan 24525201041

3. Sree Pradip Sarkar 24525201005

4. Rabiul Hasan 24525201038

5. Mahmudul Hasan Shomrat 24525201004

6. Rajib Das 24525201034

7. Md. Moinul Islam 24525201021

8. Junaed Kiron Tiash 24525201012

 D esign a Secured Network Architecture and describe it and its components

The importance of secure network architecture cannot be overstated in today's digital

landscape. Secure network architecture helps ensure the confidentiality, integrity, and
availability of sensitive information and critical assets within an organization. By implementing
robust access controls, encryption mechanisms, and resilience measures, organizations can
safeguard their data against unauthorized access, tampering, or service disruptions. Secure
network architecture plays a pivotal role in mitigating a wide range of cybersecurity threats,
including malware, ransomware, phishing attacks, data breaches, and denial-of-service (DoS)
attacks.
By implementing defense-in-depth strategies, such as firewalls, intrusion detection systems
(IDS), and network segmentation, organizations can detect, deter, and respond to cyber threats
effectively.
A security breach or data compromise can have severe repercussions for an organization's
reputation, brand image, and customer trust. Secure network architecture helps protect against
such incidents, demonstrating a commitment to security and fostering trust among customers,
partners, and stakeholders.

To design a secured network architecture we must have a strong knowledge of the components
that are being used in the designing before securing a network.

Let’s talk about some of the components which have been use in our design below:

Internet:
The internet is a global network of interconnected computers and devices that communicate
with each other using standardized protocols and technologies. It allows users to access and
share information, communicate with others, and utilize various online services and resources.
The internet is comprised of millions of interconnected networks, including public and private
networks that use a variety of wired and wireless technologies to transmit data across vast
distances.
The internet is decentralized, meaning that there is no single central authority or governing
body that controls it. Instead, it is composed of a distributed network of interconnected
routers, servers, and other devices that work together to facilitate communication and data
exchange.
The internet operates based on open standards and protocols, such as TCP/IP (Transmission
Control Protocol/Internet Protocol), HTTP (Hypertext Transfer Protocol), and DNS (Domain
Name System). These standards ensure interoperability and compatibility between different
devices and systems connected to the internet.
DMZ:
In network architecture, DMZ stands for "Demilitarized Zone." It is a segregated network
segment that sits between an organization's internal network (often referred to as the "trusted
network") and the external, untrusted network (typically the internet). The DMZ serves as a
buffer zone between the internal network, where sensitive resources and data are located, and
the outside world, where potential threats and attacks originate.
The DMZ is isolated from both the internal network and the external network to prevent
unauthorized access to internal resources while still providing controlled access to external-
facing services.
Public-facing services, such as web servers, email servers, DNS servers, and FTP servers, are
often hosted within the DMZ. These services are accessible from the internet but are separated
from the internal network to minimize the risk of compromise.

Firewall:
A firewall is a network security device or software that monitors and controls incoming and
outgoing network traffic based on predetermined security rules. It acts as a barrier between an
internal network and external networks, such as the internet, to prevent unauthorized access,
data breaches, and cyber-attacks.
Firewalls inspect individual packets of data as they pass through the network and enforce
security rules based on factors such as source and destination IP addresses, port numbers, and
protocols.
Some firewalls are capable of inspecting the contents of application-layer protocols, such as
HTTP, FTP, and SMTP, to detect and block malicious or unauthorized activities. This allows
firewalls to enforce more granular access controls and protect against application-layer attacks,
such as SQL injection and cross-site scripting (XSS).
Firewalls maintain logs of network traffic and security events for auditing, analysis, and
troubleshooting purposes. They can generate reports summarizing network activity, security
incidents, and compliance status to help administrators monitor and manage network security
effectively.

IDS(Intrusion Detection System):

IDS stands for Intrusion Detection System. It is a network security solution that monitors
network traffic or system activities for signs of malicious behavior, policy violations, or security
breaches. Unlike intrusion prevention systems (IPS), which actively block or prevent detected
threats, IDS systems primarily focus on detecting and alerting administrators to potential
security incidents, allowing them to take appropriate action.
IDS systems continuously monitor network traffic or system logs in real-time, analyzing packets
or log entries for indicators of suspicious or malicious activity.
IDS systems use predefined signatures or patterns of known threats, such as malware, viruses,
and exploit attempts, to identify and alert administrators to potential security incidents.
Signature-based detection is effective for detecting known threats but may be less effective
against new or unknown attacks.
In addition to signature-based detection, some IDS systems employ anomaly-based detection
techniques to identify abnormal or suspicious behavior that deviates from normal network or
system activity. This can include unusual patterns of network traffic, unexpected changes in
system behavior, or deviations from established user behavior profiles.
IDS systems can be deployed as network-based IDS (NIDS) or host-based IDS (HIDS), depending
on the scope of monitoring. NIDS monitor network traffic at strategic points within the network
infrastructure, such as at network perimeter gateways or internal network segments, while
HIDS monitor activities on individual host systems, such as servers, workstations, and
endpoints.
When suspicious or malicious activity is detected, an IDS generates alerts and notifications to
alert administrators to potential security incidents. Alerts typically include information about
the nature of the detected activity, the affected system or network segment, and
recommendations for mitigation or remediation.
IDS systems maintain logs of security events, including detected intrusions, suspicious activities,
and policy violations, for auditing, analysis, and reporting purposes. Logs provide a historical
record of security incidents and help administrators track and investigate security events over
time.

IPS(Intrusion Prevention System):

IPS stands for Intrusion Prevention System. It is a network security solution that monitors
network traffic for malicious activities or security threats and takes proactive measures to
prevent them from compromising the network.
An IPS continuously monitors network traffic in real-time, inspecting packets and analyzing
their contents for signs of suspicious behavior or known attack patterns.
IPS systems use predefined signatures or patterns of known threats, such as malware, viruses,
and exploit attempts, to identify and block malicious traffic as it passes through the network.
In addition to signature-based detection, some IPS systems employ anomaly-based detection
techniques to identify abnormal or suspicious behavior that may indicate a potential security
threat. This can include unusual patterns of network traffic, unexpected changes in system
behavior, or deviations from normal network activity.
When suspicious or malicious activity is detected, an IPS can take immediate action to block or
prevent the offending traffic from reaching its intended destination. This may involve dropping
or rejecting packets, resetting connections, or blocking IP addresses associated with malicious
activity.
IPS systems often integrate with firewalls, routers, and other security appliances to provide
layered defense against cyber threats.
They can complement existing security measures by adding an additional layer of protection
and enhancing overall security posture.
IPS systems maintain logs of security events, including detected intrusions, blocked attacks, and
policy violations, for auditing, analysis, and reporting purposes. This helps administrators
monitor network security, investigate security incidents, and demonstrate compliance with
regulatory requirements.

Proxy Firewall:
A proxy firewall, also known as an application-level firewall or gateway firewall, is a type of
firewall that operates at the application layer of the OSI model. Unlike traditional packet-
filtering firewalls that operate at the network layer (Layer 3) and make decisions based on IP
addresses and port numbers, proxy firewalls inspect and filter traffic at the application layer
(Layer 7) based on the content of the data.
A proxy firewall acts as an intermediary between internal and external network connections.
When a client on the internal network requests access to a resource or service on the internet,
the request is intercepted by the proxy firewall.
Proxy firewalls inspect and analyze the content of network traffic at the application layer,
including HTTP, FTP, SMTP, and other application protocols. This deep packet inspection allows
the firewall to enforce more granular access controls and security policies based on the specific
characteristics of the application protocols.
Proxy firewalls can filter and block network traffic based on the content of the data, including
keywords, file types, URLs, and MIME types. This allows organizations to enforce acceptable use
policies, block access to malicious or inappropriate websites, and prevent the transmission of
sensitive information over unsecured channels.

Secure Network Architecture Design

In today's interconnected world, where digital transformation is driving innovation and

business growth, the security of network architecture has never been more critical. As
organizations increasingly rely on networked systems, cloud services, and internet connectivity
to support their operations, they face a growing array of cyber threats and security challenges.
Throughout this document, we will cover various aspects of secure network architecture,
including perimeter defense mechanisms, network segmentation strategies, access control
policies, encryption techniques, intrusion detection and prevention systems, and incident
response procedures.
By following the guidance provided in this documentation and design guide, organizations can
establish a comprehensive and effective security posture that protects against a wide range of
cyber threats while enabling business agility and innovation.

Let’s see our diagram first , we design our network using smartdraw.com
(https://app.smartdraw.com/)
 FIGURE: Secure Network Architecture Design.

Design Description:
Here we can see at the top left corner we have internet connection connected with DMZ .
Previously we learnt that DMZ is a segregated network segment that sits between an
organization's internal network (often referred to as the "trusted network") and the external,
untrusted network (typically the internet).
The DMZ is isolated from both the internal network and the external network to prevent
unauthorized access to internal resources while still providing controlled access to external-
facing services.
Here for the public-facing services, such as web servers, email servers, DNS servers, and FTP
servers, can be hosted within the DMZ. It will ensure the service towards the internet and also
will keep a barrier between secure internal networks.

From the DMZ we are connecting to Firewall, IDS and IPS system . Here Firewall will give
protection to the internal network by inspecting individual packets of data as they pass through
the network and enforce security rules based on factors such as source and destination IP
addresses, port numbers, and protocols. It acts as a barrier between an internal network and
external networks, such as the internet, to prevent unauthorized access, data breaches, and
cyber-attacks.

For more protection to the internal network we connect IDS(Intrusion Detection System) where
it monitors network traffic or system activities for signs of malicious behavior, policy violations,
or security breaches. These systems primarily focus on detecting and alerting administrators to
potential security incidents, allowing them to take appropriate action.

After that we also added IPS(Intrusion Prevention system), here it monitors network traffic for
malicious activities or security threats and takes proactive measures to prevent them from
compromising the network. IPS continuously monitors network traffic in real-time, inspecting
packets and analyzing their contents for signs of suspicious behavior or known attack patterns.
IPS systems use predefined signatures or patterns of known threats, such as malware, viruses,
and exploit attempts, to identify and block malicious traffic as it passes through the network.
IPS systems employ anomaly-based detection techniques to identify abnormal or suspicious
behavior that may indicate a potential security threat. This can include unusual patterns of
network traffic, unexpected changes in system behavior, or deviations from normal network
activity.

After that we have a internal router which maintains the internal routed from server section,
user section and also from DMZ and internet which are filtered by the firewall, IPS and IDS
systems.

From this router we have two legs towards server section and user section. Before the servers
there is a server firewall which maintains the packets coming inside the server zone and getting
out from the server zone by packet filtering depending on firewall rules. By using this firewall
we can ensure that only those will get service from this server which are authenticated by rule
and it will give protection against any attack from intruders as well as will ensure services to
those whom the enterprise wants to by establishing rule according to the requirements by the
organizations.

On the other leg can see a proxy server guarding the user zone. Here it will operates at the
application layer of the OSI model. Proxy server works as an intermediary between internal and
external network connections.
When a user on the internal network requests access to a resource or service on the internet,
the request is intercepted by the proxy firewall.Proxy firewalls inspect and analyze the content
of network traffic at the application layer, including HTTP, FTP, SMTP, and other application
protocols. By using this we can give access to only those websites which are needed and secure
and also can block access to malicious or inappropriate websites, and prevent the transmission
of sensitive information over unsecured channels.
In the end, creating a secure network setup is like putting together a puzzle. It needs careful
planning, hard work, and keeping an eye out for any problems that might pop up. As
technology changes and hackers get smarter, having good security is super important. By being
proactive about network security, businesses can lower the chances of bad stuff happening,
make sure things keep running smoothly, and keep their data safe and sound.
Remember, keeping a network secure is not a one-time thing. It's an ongoing job that needs
regular checks and updates to stay ahead of new problems. By staying in the loop about the
latest security tricks and tools, businesses can keep their networks safe and sound in our ever-
changing digital world.
To sum it up, building a secure network isn't just about stopping bad stuff from happening. It's
about giving businesses the confidence to grow, work together, and succeed in today's fast-
paced world. By putting security first, businesses can earn trust, protect their reputation, and
stay strong in the face of any challenges.