1. The configurations for the devices
a. Server (HP ProLiant DL380 G9)
Basic Configuration
The servers provide services to the public and should be placed in the DMZ section. The DMZ (demilitarize zone) is exposed to the outside world facilitating communication from external network. The servers include the FTP, Web and Email servers, and the decision to have them in the DMZ is based on the security policy of the corporation. In the effort to ensure security, the configuration of the email server is such that the user database and email messages are stored within the primary domain. Essentially, the mail server passes incoming and outgoing email between the internal servers and the Internet. Similarly, the Web servers have to communicate with the database server that holds information about the corporation. Subsequently, the database server is configured in the DMZ within an internal network (Karris, 2009). The communication has to be set such that it happens over a firewall. More importantly, the proxy server is installed within the DMZ for purposes of assisting in the monitoring the users’ activity across the network.
Description of configuration based on the IP address
The servers are configured with the static IP Addresses given their role of serving information to clients. Notably, the static IP address remains constant once assigned. The static IP addresses block derived from the ISP through requests or automatically assigned. Indeed, the IP addressed configured to the servers is allocated from the globally routable IP addresses.
Security impact of the configurations to the entire network
Having such configurations creates entry points for intruders having different intentions to the network. Therefore, it is a source of vulnerability necessitating the enforcement of measures that can deter the intruders from compromising the network.
Security features
The HP ProLiant DL380 G9 device has the following security features: first, contains the Silicon Root of Trust used in protecting against attacks. Second, the has the Run-time Firmware Verification for detecting malware and compromised code. Third, facilitates the recovery of the last known stable state or the initial setting using the Secure Recovery. Fourth, presents the iLO 5 advanced Premium Security Edition for enhancing the security. Finally, the device has security options at the hardware level such as the TPM (trusted Platform Module), Secure NICs and Chassis Intrusion Kit (HPE, 2016).
b. Firewall
Basic Configuration
Given the crucial nature of firewalls of providing the basic level of security for the external and internal users as they get access to the Internet, it is critical that they are set appropriately. For the SRX650 Services Gateway firewall devices, the basic configurations are done using the J-Web setup wizard or the command line interface. The initial configuration entails defining the hostname of the services gateway. Subsequently, the domain name of the network has to be specified. Further, the root password and the various access rights are specified. Also, the IP address of the default gateway is optionally defined. The system time and time zone in which the firewall is located is specified. The server names the used in maintaining the databases for resolving hostnames and IP addressed as added. Ultimately, the settings are committed and saved for the configurations to take effect (Juniper networks, 2017).
Description of configuration based on the IP address
The firewall can be set to accept traffic from a specific range. Indeed, the network administrator can configure the firewall to prevent the traffic from a specific IP address.
Security impact of the configurations to the entire network
The firewall configuration provides the initial layer of security to the entire network. In this regard, it supports the secure communication from within a network by internal and external users. With the firewall, it becomes possible to filter email, FTP transfer of files, and the web content with the aim of eliminating potential compromised code and viruses.
Security features
The SRX650 Services Gateway firewall has security features including, first, the branch checks for traffic to ascertain its legitimacy. Second, use of zoning in inspecting traffic to determine whether the outgoing and incoming information within a session is acceptable in the specific zone. Third, the default shipping configuration is set to the untrust zone for the untrusted Internet interface. Fourth, it has hardware-based control and data plane separation. Finally, support for advanced security and routing services.
c. Router
Basic Configuration
The router maintains the complex routing tables enabling the determination of the correct paths of the packets. The basic configuration of the Huawei AR G3 Series Router entails setting up the system time, the Host Name, Login information and the command level. In essence, the system time should be configured for appropriate synchronization with other devices. The command level configuration is intended for security purposes, whereby the privileges of different users is set. It provides for the refined rights management in 16 levels.
Description of configuration based on the IP address
The router facilitates the setting up of the LAN’s IP address as well as the subnet mask, and part of the DHCP server. The set up for the range of IP addresses for the DHCP server is done by referring to the IP address of the router. For instance, given a router having the IP address 192.168.0.1, then the scope of IP addresses can should be set starting from 192.168.0.1 to 192.168.0.11 for 10 IP addresses.
Security impact of the configurations to the entire network
The router controls the movement of packets from the various sources to destination. Therefore, the configurations have to be carefully done to ensure that the entire network remains secure. Indeed, the in-built firewall forms another security layer that allows the filtering of information preventing malicious code transmission in the network.
Security features
The security features include; first encryption of information using the WPA2 framework. Second, support for guest access. Third, the inclusion of a built-in firewall. Fourth, availability of time-based restrictions. Finally, the VPN at the router.
d. Switch
Basic Configuration
The switch provides a central connection point for the cables from servers, workstations and peripherals. The configuration happens with the 8,12, or 24 RJ-45 ports. The Cisco Catalyst 9300 Series builds a port map containing the IP address that respond on individual port while broadcasting on all ports in circumstances where a packet’s target IP address in nonexistence.
2. The final network diagram
References
HPE. (2016). HPE ProLiant rack and tower Series: The world’s most Secure industry standard server. Palo Alto: Hewlett PAckard Enterpise.
Juniper networks. (2017). Configuring Basic Settings for the SRX650 Services Gateway with the CLI or the J-Web Interface. Sunnyvale: May.
Karris, S. T. (2009). Networks: Design and Management. Fremont, California: Orchard Publications.
