After reviewing Corporation Techs Network Design layout with the existing and proposed networks I have found several possible security threats. To start with the original network design does not show any IPS, IDS devices or firewall protection at all, mainly for their servers in particular. Also there is no mention of any type of DMZ setup for the network. As for the proposed network expansion, again there are no IPS or IDS devices and no Firewalls as part of the planning. The Web Server is setup in a DMZ configuration but without the Firewalls correctly emplaced and active then it is not a true DMZ and creates a threat. Another thing that stood out is that they added is the Wireless network without any Firewall protection.
The Benefits of adding these countermeasures is obviously the benefit of Network Security where there basically was none. The first thing that should be done is to add an IPS device between the internet and the private network in order to help prevent intrusion. Another countermeasure that adds a layer of security would be by adding an IDS device behind the IPS device that will be able to detect suspicious activity while monitoring the network and acting as a detect and react measure. Firewalls are best used between each division or physical locations to filter incoming and outgoing traffic of the private network (Stewart, 2011). The benefit of adding the DMZ is so if an intruder gains access to the Web Server he/she is more or less isolated in a sub-network with no direct access to the rest of the private network or corporate assets. As for the Wireless Network, the best security strategy that could be done is to use a combination of a VPN connection and of course a Firewall to filter traffic.
Below is an illustration as to how the Newly Proposed Network will look:
Stewart, J. M. (2011). Network Security, Firewalls, and VPNs. Sudbury:...