ESP TASK 3- NOTES on Summer 2025

Your document should be professional, clear, and logically structured. Use Arial 12pt, black font, and save as PDF. Include:

  • Title page: Task number, your name, student number, date.
  • Headers & page numbers: “Page X of Y”.
  • Sections:
    1. Introduction
    2. Overview of the Plan
    3. Updated Network Topology Diagram
    4. Justification of Equipment & Services
    5. Cost Analysis (with maths)
    6. Potential Security Issues & Mitigations
    7. Implementation Strategy
    8. Summary
Outline current security issues:
  • SOHO router vulnerabilities (default credentials, WPA encryption).
  • Shared admin accounts on NAS.
  • VPN reliance for remote access.
  • Lack of centralized identity management.
  • Misconfigured firewall rules.
  • GDPR/DPA compliance risks.
Explain how you will meet all project requirements:
  • Centralized identity management (Active Directory or Azure AD).
  • Replace SOHO router with enterprise-grade router/firewall.
  • Remove VPN → implement Microsoft 365 Business Premium for cloud access.
  • Replace NAS → use SharePoint & OneDrive for secure file storage.
  • Enable remote device management (Intune).
  • Implement RBAC and remove local admin rights.
  • Secure wireless with WPA3 and VLAN segmentation.
  • Regular staff training on cybersecurity.
Show:
  • Router → Managed Switch → Servers → Cloud services.
  • VLANs for segmentation.
  • Wireless APs for mobility.
  • Integration of firewall, IDS/IPS.
  • Remote access flow via cloud (no VPN).
For each component:
  • Router: Compare Unifi Dream Machine Pro vs Cisco Meraki.
  • Managed Switch: Explain VLAN support and QoS.
  • Cloud services: Microsoft 365 (SharePoint, OneDrive, Azure AD, Intune).
  • Endpoint security: Defender for Business or CrowdStrike.
  • Firewall & IDS/IPS: Explain layered security benefits.
Link choices to business needs, scalability, and compliance.

Create a table:
  • Hardware/software costs (one-off and recurring).
  • Cloud subscription costs.
  • Subtotals and grand total.
Add comparison:
  • Option A: Full cloud migration.
  • Option B: Hybrid solution.
Show calculations clearly (addition, multiplication).

Discuss:
  • Insider threats → RBAC, MFA.
  • Misconfigured IAM → audits, Secure Score.
  • Firewall misconfigurations → strict rules, deny by default.
  • Wireless vulnerabilities → WPA3, strong passphrases.
Justify each mitigation.

Choose Pilot or Phased approach:

Explain why (minimizes risk, allows testing).

Include timeline and risk mitigation steps.

Recap:
  • Key problems.
  • Proposed solutions.
  • Benefits (security, scalability, compliance).
Mention future-proofing (3–4 years)


Comments

Popular posts from this blog

OS A3 Task 1

OS A3 Task 2