1. Describe how creating zones is helpful in the design of a DMZ and security solutions for the LAN-to-WAN Domain. The purpose is to add another layer of security to the LAN, an attacker can only access the equipment in the DMZ rather than anything else on the network.
2. How many zones does your design incorporate? Do you think an additional zone may be needed if the e-commerce server was implemented? Explain why or why not
Yes, the e-commerce server is expected to be high.
3. While supporting IP-SEC VPNs provides a secure, remote-access solution for mobile employees, it does not scale and requires stringent security operations and management procedures. What alternatives would you recommend for a scalable remote-access VPN solution for your design?
SSL would be most scalable, the clientless solution uses the web browser as the client and is a good solution if users only need access to web servers.
4. As per the functional and technical requirements, where must you terminate the VPN tunnels for remote-access users?
Users can be placed outside the network or on external servers depending on their needs.
5. Where would you put and email filter and quarantine system in place to scan and monitor emails and email attachments? Explain why.
Place it in the DMZ .
6. Where would you put a content filter system in place to prevent employees from non-business use of the Internet connect? Explain why.
Proxy servers are the best suitable, they sit between the computer and the internet, which handles the internet traffic.
7. Explain how your IDS/IPS positioning and solution achieves the C-I-A goals of the internal network.
8. Explain how the risk of data leakage can be mitigated with a data leakage prevention system and security monitoring controls.
By enabling in depth firewalls for extra security and also disabling ports that allow sharing of information and remote access.
9. Your organization is under governance and compliance...