ESP TASK 3- NOTES on Summer 2025
Your document should be professional, clear, and logically structured. Use Arial 12pt, black font, and save as PDF. Include:
- Title page: Task number, your name, student number, date.
- Headers & page numbers: “Page X of Y”.
- Sections:
- Introduction
- Overview of the Plan
- Updated Network Topology Diagram
- Justification of Equipment & Services
- Cost Analysis (with maths)
- Potential Security Issues & Mitigations
- Implementation Strategy
- Summary
Outline current security issues:
- SOHO router vulnerabilities (default credentials, WPA encryption).
- Shared admin accounts on NAS.
- VPN reliance for remote access.
- Lack of centralized identity management.
- Misconfigured firewall rules.
- GDPR/DPA compliance risks.
Explain how you will meet all project requirements:
- Centralized identity management (Active Directory or Azure AD).
- Replace SOHO router with enterprise-grade router/firewall.
- Remove VPN → implement Microsoft 365 Business Premium for cloud access.
- Replace NAS → use SharePoint & OneDrive for secure file storage.
- Enable remote device management (Intune).
- Implement RBAC and remove local admin rights.
- Secure wireless with WPA3 and VLAN segmentation.
- Regular staff training on cybersecurity.
Show:
- Router → Managed Switch → Servers → Cloud services.
- VLANs for segmentation.
- Wireless APs for mobility.
- Integration of firewall, IDS/IPS.
- Remote access flow via cloud (no VPN).
For each component:
- Router: Compare Unifi Dream Machine Pro vs Cisco Meraki.
- Managed Switch: Explain VLAN support and QoS.
- Cloud services: Microsoft 365 (SharePoint, OneDrive, Azure AD, Intune).
- Endpoint security: Defender for Business or CrowdStrike.
- Firewall & IDS/IPS: Explain layered security benefits.
Create a table:
- Hardware/software costs (one-off and recurring).
- Cloud subscription costs.
- Subtotals and grand total.
Add comparison:
- Option A: Full cloud migration.
- Option B: Hybrid solution.
Discuss:
- Insider threats → RBAC, MFA.
- Misconfigured IAM → audits, Secure Score.
- Firewall misconfigurations → strict rules, deny by default.
- Wireless vulnerabilities → WPA3, strong passphrases.
Choose Pilot or Phased approach:
Explain why (minimizes risk, allows testing).
Include timeline and risk mitigation steps.
Recap:
- Key problems.
- Proposed solutions.
- Benefits (security, scalability, compliance).
Comments
Post a Comment