Old example

 INTRODUCTION

Longstaff Marketing Solutions is a fast-growing marketing agency which has recently 

moved from its original home office to a new city centre office within business centre. 

They have recently been major growth in the organization, with staff increasing to 25 

employees in the past year. Most of the equipment from the older home office has 

been moved to the newer office which forms the basis of the network. Currently, the 

organization has a single virtual private network server, however it uses features 

from its small office and home office network (SOHO) router provided by the internet 

service providers (IPS). The same router is used to protect the network through its 

implemented firewall. At the moment there are many key issues that affect the 

organizations connectivity and compatibility issues. Many of these include:

- SOHO router: They can pose several security concerns, including security 

vulnerabilities, limited features compared to higher-grade equipment, and 

difficulties in managing and maintaining a large network of SOHO routers. 

Most SOHO routers tend to be set with insecure default configuration and 

credentials, as stated in the controlled document. Currently uses default 

administrator username and password such as “admin”/ “admin”. 

Furthermore, it’s built-in firewall currently uses encryption protocols such as 

WPA which can be considered outdated which leaves vulnerabilities to new 

threats and attacks. 

- Network Attached Storage: Currently accessed using a shared administrative 

account. This approach removes all accountability for file access and 

changes, as activities cannot be traced back to specific users. Without audit 

trails or individual permissions, it is impossible to enforce the principle of least 

privilege, detect malicious behaviour, or respond effectively to accidental data 

deletions or alterations. Shared credentials are especially dangerous in a 

growing company where staff turnover is rising, as it becomes harder to 

ensure former employees no longer have access. Equally concerning is the 

fact that all users in the organization currently operate via the local 

administrator privileges on their devices. This permits the users to install any 

software- authorized or not- onto their systems. Such a setup has already 

resulted in unauthorized applications, including games and potential harmful 

software which could lead to high risk of malware infections and software 

conflicts. Additionally, placing the company in legal jeopardy, particularly if 

there is any harm to costumer and company data, absence of application 

control will also increase the likelihood of data leakage and insider threat. 

- Staff Induction: Staff training is crucial to keep staff members informed of new 

threats and vulnerabilities on a regular basis as it is proven that human error 

is approximately 90% of the cause to successful data breaches. 

Consequences of data breaches can be crucial in different aspects of the 

business, it can affect the company financially, legally, and socially. Longstaff 

Marketing Solutions tend to provide short presentations, which provides them 

Singh_H_107557087_Task3

Page 3 of 18

with a broad understanding on password security and working safely with 

equipment. It is important to carry out regular training sessions to encourage 

the users to learn and understand the importance on how to remain safe 

online. Implementing theses can make sure that employee understand what 

actions to take in times of threats.

- Firewall Configurations: Longstaff Marketing Solutions is currently facing a 

range of cybersecurity and network configuration issues that threaten both 

operational efficiency and information security. One of the most critical 

problems lies in the misconfiguration of the company's firewall rules. 

Specifically, the firewall currently denies internal SMB (Server Message 

Block) traffic for IP ranges outside of a narrow scope (192.168.1.251–253), 

which involuntarily blocks access for most office-based users trying to reach 

the NAS device. This issue has already resulted in users, being unable to 

access essential shared resources while working from the office. The 

misconfiguration not only disrupts workflows and collaboration but also leaves 

the network open to external threats due to the overly permissive "allow by 

default" firewall policy. If exploited, such weaknesses could lead to data 

breaches or unauthorized access to critical systems.

Negligible Minor Moderate Significant Severe

Very likely Low Med Medium Med High High High

NAS

Likely Low Low Med Medium Med High

SOHO routers

High

Firewall 

Possible Low Low Med Medium Med High Med High

Unlikely Low Low Med Low Med

Staff Induction

Medium Med High

Very Unlikely Low Low Low Med Medium Medium

KEY:

X-AXIS= SEVERITY

Y-AXIS= LIKELIHOOD

Singh_H_107557087_Task3

Page 4 of 18

REQUIRMENTS

The requirements are: 

• A centralised system to manage user identities and access is required, by simply 

implementing user access levels such as RBAC.

• Replacement of the SOHO router with a more suitable solution, in order to suit the 

organization growth and keep up-to-date with new threats and vulnerabilities.

• Securing access to customer data from both inside and outside of the network, by 

configuring firewall rules and making sure the highest level of encryption is currently 

in use (WPA2/WPA3).

• Removal of VPN and replacement with a more user-friendly solution, in order to 

accommodate hybrid workers and allowing them to access to resources in a stronger 

and easier way.

• Replacement of the network attached storage (NAS) solution and implement cloud 

environment in order to allow users to access resources from anywhere as well as 

maximizing security.

• Improved auditing of network access and activity in order to log any suspicious 

traffic.

• Remote management of devices outside of the network to keep track of user’s

progress and access.

• Systems that hold sensitive data should be adequately protected from network 

threats, to do so implementation of separate server should be issued.

Singh_H_107557087_Task3

Page 5 of 18

• Users should not be able to install unapproved software on their work computers, 

removal of shared administrator access will reinforce these rules.

• Any training or upskilling for staff to use the new systems should be considered and 

provided regularly with new content addressing new threats and vulnerabilities.

OVERVIEW OF THE PLAN

It will be ensured that all users have access to resources with data protection and 

secured network connectivity in place. In order to do so, it will require the 

organization to implement few new hardware and software to optimize and increase 

the security levels of the organization. By considering requirements and solutions 

stated as follows:

- A centralised system to manage user identities and access. This can be 

compromised by simply implementing user access levels and group policy 

which will allow control access and user behaviour to be monitored.

- A more suitable routing and security solution. This can be fixed by replacing 

the current SOHO router with a more suitable and security solution such as 

business-grade router which would include features such as; VLAN support, 

DPI (Deep packet Inspection), IDS/IPS, and redundant WAN connections.

- Protect costumer data from any access point, this is important as they require 

to comply to legislation and regulations. They could store sensitive data on 

secure file servers or cloud platforms such as OneDrive which are secured by 

third parties. They could also use MFA to authenticate the user and enforce 

RBAC and least privilege policies. 

- Replace VPN with a simpler, secure solution was one of the requirements 

which could be achieved by simply shift to a cloud environment such as 

OneDrive which will allow file and data access for hybrid users over the 

internet as well making sure that all data is kept secure.

- Replace NAS with secure storage could also considered. This would mean 

that the business fully migrated to cloud storage for scalability, access control, 

Singh_H_107557087_Task3

Page 6 of 18

and backups. However, I would also recommend a sort of file server where all 

confidential data would be stored and backed up safely.

- Improved auditing of network access and activity would enhance visibility and 

logging. By centralizing logs for firewalls, NAS, servers, and endpoints.

- It is required to have strong endpoint and network protection; therefore, I 

suggest the company to segment the network using VLANs, install endpoint 

detection and response (EDR), and enable full-disk encryption to enhance 

overall security over the sensitive data.

- At the moment users are able to download unapproved software at will. This 

can be seen as a threat to the network as it may contain malicious malware, 

therefore use of group policy will lockdown local admin rights and enforce 

application allow listing.

- By scheduling regular IT onboarding and security awareness training it will 

smoothen transition and user adaptation for new users and help grasp 

awareness on content such as new threats and security management 

techniques so that they can be aware of new threats as AI is evolving.

The following implementation suggestions will provide data protection and security 

network connectivity as well giving opportunity to further expand and suit their high 

rate of growth.

There will be a set of equipment that will be needed in order to meet the suggestions 

made above, these include:

1. DHCP server: a network server that automatically assigns IP addresses, 

default gateways, and other network configuration settings to devices on a 

network.

2. Domain Controller: a server that manages security authentication requests 

within a computer network domain, essentially acting as a “gatekeeper” for 

accessing domain resources.

3. Wireless Access point: connects wireless devices to a wired network, acting 

like the central hub for wireless communication. It allows devices like laptops, 

smartphones, and tablets to access the network or internet without needing to 

be plugged in.

4. Router: primary role is to forward data packets between networks. It 

determines the best path for data to travel between different LANs and/or the 

internet.

5. Backup File Server: it creates and stores copies of data from a main file 

server to protect against data loss. It can be used to restore data if the 

primary server fails or if data becomes corrupted or deleted.

6. Managed Switch: provides network administrators with control and monitoring 

capabilities for the network infrastructure. They also offer features like traffic 

prioritization, VLANs, security settings, and remote management.

7. Intrusion Detection System: a security technology that monitors network traffic 

and system activity for malicious activity or policy violations. It detects 

potential intrusions by comparing traffic against know attack or by analysing 

anomalies in network behaviour.

Singh_H_107557087_Task3

Page 7 of 18

8. Firewall: protect the network by allowing only authorized and safe 

communication while blocking potentially harmful or unauthorized access. It 

examines and filters the network traffic, ensuring that only safe and legitimate 

traffic passes through.

9. Encryption: protects data from unauthorized access by converting it into 

cyphertext that can only be decrypted with a specific key. It ensures 

confidentiality, authentication, and integrity of data.

There are different ways that a company can implement changes, with different 

techniques that organizations utilize, such as; parallel, phased, pilot, and direct.

DIRECT:

This involves a complete and immediate switch from the old system to the new one 

on a specific date. This can be fast and relatively inexpensive but comes with the 

high risk of disruption if the new system fails or has issues. 

PILOT:

This approach involves rolling out the new system to a small, representative group of 

users or a specific department to test out the system before it is implemented. This 

allows for testing and refinement of the new system with minimal impact on the 

overall organization. However, it can be time consuming and may not fully represent 

the entire user base.

PARELLEL:

This method involves running both systems concurrently for a period of time, 

allowing data comparison and user training before fully switching over. This has the 

least risks, as users can continue using the old system while transitioning. However, 

this is also the most expensive and resource-intensive, as it requires maintaining 2 

systems simultaneously.

PHASED:

This approach involves introducing the new system in stages, with different modules 

or functionality gradually being rolled out. This allows more controlled and less 

disruptive transition, with the ability to address issues as they arise.

The company should consider the best method to implement the system by 

evaluating the benefits and drawbacks. Personally, they should implement a pilot 

implementation technique as it will test out all the components and modules of the 

system without interfering with the current system. They should pick out a day where 

no staff is working when transitioning to the new system to reduce the likelihood of 

any risks and prevent disruption between users.

Singh_H_107557087_Task3

Page 8 of 18

Singh_H_107557087_Task3

Page 9 of 18

UPDATED NETWORK TOPOLOGY

Singh_H_107557087_Task3

Page 10 of 18

JUSTIFICATIONS OF EQUIPMENT

There has been a number of changes made to the network topology to provide the 

required security and foundations to the network in order to support the fast growth 

of the company. There are several hardware and software required to meet the 

organization requirements, due to several reasons as follows:

DHCP server: a network server that automatically assigns IP addresses, default 

gateways, and other network configuration settings to devices on a network. DHCP 

offers significant advantages in network management and configuration, making it a 

crucial component of modern networks. A single DHCP server manages IP 

addresses for the entire network, making it easier to control and change network 

configurations. New devices can be added to the network without requiring manual 

IP address configuration, simplifying the onboarding process. These will support the 

high demand of configurations to meet the growth of the organization.

Domain Controller: a server that manages security authentication requests within a 

computer network domain, essentially acting as a "gatekeeper" for accessing domain 

resources. A domain controller offers significant advantages for managing and 

securing networks, including centralized user management, streamlined resource 

sharing, enhanced security, and improved scalability. They simplify administration by 

allowing centralized control over user accounts, network resources, and security 

policies. This centralized approach also improves consistency and reduces errors 

compared to managing each device individually.

Wireless Access Point: connects wireless devices to a wired network, acting as a 

central hub for wireless communication. It allows devices like laptops, smartphones, 

and tablets to access the network or internet without needing to be plugged in. 

It offers several advantages, primarily related to network flexibility, scalability, and 

ease of use. They allow you to extend your Wi-Fi coverage to areas where the router 

signal is weak or non-existent, eliminating the need for expensive and unsightly 

wired connections. Allowing expansion of the office over multiple floors and rooms. 

Intrusion Detection System: a security technology that monitors network traffic and 

system activity for malicious activity or policy violations. It detects potential intrusions 

by comparing traffic against known attack signatures or by analysing anomalies in 

network behaviour. Early threat detection, improved incident response time, 

enhanced network visibility, and support for compliance with regulatory 

requirements. They monitor network traffic for malicious activity, alert administrators 

to potential threats, and provide detailed information for investigating security 

incidents. These will help in scenarios such as zero-day exploitation, which will 

provide the company more time to protect the network and leave less room for 

external attacks.

Backup File Server: it creates and stores copies of data from a main file server to 

protect against data loss. It can be used to restore data if the primary server fails or if 

data becomes corrupted or deleted. It allows for automated backups, minimizing 

downtime in case of disasters, and help prevent data loss from various causes like 

hardware failures or accidental deletions. It also helps with data management as it 

will make it easier or retrieve and find the data when needed.

Singh_H_107557087_Task3

Page 11 of 18

Managed Switch: provides network administrators with control and monitoring 

capabilities for the network infrastructure. They also offer features like traffic 

prioritization, VLANs, security settings, and remote management. It offers several 

advantages, primarily in terms of control, flexibility, security, and performance. While 

initially more expensive than unmanaged switches, managed switches can lower 

long-term operational costs by reducing downtime, enabling remote management, 

and improve overall network efficiency.

Router: primary role is to forward data packets between networks. It determines the

best path for data to travel between different LANs and/or the internet. Businessgrade routers offer several advantages over SOHO routers, primarily in terms of 

reliability, security, and network management capabilities. They are built to handle 

heavier workloads and more complex network configurations, making the ideal for 

upcoming organizations.

Firewall: protect the network by allowing only authorized and safe communication 

while blocking potentially harmful or unauthorized access. It examines and filters the 

network traffic, ensuring that only safe and legitimate traffic passes through. They 

allow protecting against viruses, malware, and hackers, as well as enhancing privacy 

and compliance with regulations such as GDPR.

Encryption: protects data from unauthorized access by converting it into cyphertext 

that can only be decrypted with a specific key. It ensures confidentiality, 

authentication, and integrity of data. Safeguarding information during transfer and 

storage, preventing data breaches and helping organizations meet compliance 

requirements.

Furthermore, I would like to recommend the organization to implement a cloud 

environment and dispose the idea of Network Attached Storage (NAS). It offers 

multiple benefits, of which include cost savings, flexibility, improved collaborations, 

and enhanced security. By allowing accessibility from anywhere with any device, it 

enables efficient resource utilization and allows the organization and employee to 

expand and work from different locations. This can create opportunity to target a 

wider range of costumers and clients and leads to the opportunity to move to 

different countries. By using cloud computing it can reduce the cost by removing the 

need of physical hardware and software, it will allow them to scale their resources up 

or down as needed, providing flexibility and efficiency in response to changing 

business needs. To expand storage, its much easier and cheaper compared to 

buying physical memory as you can buy plans to increase the storage required 

depending on the organization needs. 

Singh_H_107557087_Task3

Page 12 of 18

EXPENSES

Quantity Device Name Device/

Component

Vendor Current 

specification

Proposed 

specification

One-off 

cost

Annual cost Link 

1 TP-LINK Archer 

VR2100

Router Curry’s SOHO router 

with built on 

firewall

AC 2100, dual 

band 

£79.99 Buy TPL: TP-LINK Archer VR2100 WiFi Modem Router - AC 2100, Dualband | Curry’s

25 Dell Inspiron 16 plus Laptops Dell Not stated Intel Core I7, 

Windows 11,

2X8GB RAM, 

512GB 

memory

£478.99 

each.

£11974.75

All.

Dell Inspiron 16 Plus | Dell UK

4 T360 Tower Dell Servers (For 

various 

reasons)

Dell Not in use 3X 2TB HD, 

5600MHz, 

Intel Xeon 

2.6G

£3351.31 

each. 

£13405.24

PowerEdge T360 Tower Server | Dell 

UK

1 TP-Link EAP225 Wireless 

Access 

Point

Amazon Not in use 5GHz 

frequency, 

Dual-Band 

Wi-Fi

£69.99 TP-Link EAP225 Access Point, AC1350 

Wi-Fi Dual Band Wireless Access 

Points, Gigabit Ethernet Port Support 

802.3af/Passive PoE, Omada Mesh, 

Easily Mount to Wall or Ceiling, Free 

Controller Software: Amazon.co.uk: 

Computers & Accessories

1 Dell Networking 

S3148P

Managed 

Switch

Curry’s Not Stated 48 ports, L3, 

front to back 

airflow

£750.00 Dell Networking S3148P - switch - 48 

ports - Managed - rack-mountable -

Dell Smart Value - 210-AIMP - Curry’s

Business

Vendors such as Curry, Dell, AWS, and Microsoft were prioritized. However, some items were suitable from other vendors 

with consideration of cost, efficiency, and overall product value for money.

Singh_H_107557087_Task3

Page 13 of 18

Singh_H_107557087_Task3

Page 14 of 18

Category Current 

Solution

Proposed 

Solution

Vendor One-Off Cost Annual Cost Purchase/Info Link

BitLocker Encryption None BitLocker 

(Windows 

native)

Microsoft $0 Included in OS https://www.microsoft.com/bitlocker

CrowdStrike 

Falcon

Endpoint 

Protection

Windows 

Defender

CrowdStrike 

Falcon Pro

CrowdStrike $0 $85/user/year https://www.crowdstrike.com

Azure Firewall Basic ISP 

Router 

Firewall

Azure Firewall 

with secured 

virtual hub

Microsoft £0 £1.307 per 

deployment 

hour

£0.0012 per 

GB processed.

https://www.netgate.com

Snort3 Intrusion 

Prevention

None Snort IPS Cisco/Talos Free Free Snort Rules and IDS Software 

Download

ITEMS ONE-OFF COST ANNUAL COST TOTAL COST

Router £79.99 / £79.99

25 Laptops £11,974.75 / £12,054.74

4 Servers £13,405.24 / £25,459.98

Wireless Access Point £69.99 / £25,529.97

Managed Switch £750.00 / £26,279.97

Encryption / / £26,279.97

Endpoint Protection (per year) / $2125 ~ £1586.58 £27,866.55

Firewall (per year) / £7842 per deployment in an 

organizational year (250 days)

1TB of processed data= £1.20

£35,709.75

Intrusion Prevention System / / £35,709.75 FINAL COST

Singh_H_107557087_Task3

Page 15 of 18

POTENTIAL NETWORK AMD SYSTEM SECURITY ISSUES

One of the major security risks currently faced Longstaff Marketing Solutions is the 

use of shared administrator logins. As outlined in Control Document D, all users 

have access to shared administrative accounts, which allows them to access and 

modify any data on the network. This poses significant security concerns. For 

instance, it eliminates accountability since it is impossible to trace actions back to 

individual users. Furthermore, malicious employees could exploit these privileges to 

access or manipulate sensitive data, potentially leading to data breaches. Such 

breaches would violate data protection laws including the General Data Protection 

Regulation (GDPR) and the Data Protection Act (DPA), which emphasize the 

principles of integrity, confidentiality, and accountability. Failure to comply with these 

regulations could lead to heavy fines, legal action, reputational damage, loss of 

clients, and diminished stakeholder trust. To mitigate this risk, it is essential to 

introduce user access levels by implementing role-based access control (RBAC). 

This approach restricts users to only the data and systems necessary for their job 

roles, ensuring that administrator accounts are secured with strong, regularly 

updated passwords and multi-factor authentication. Implementing Role-Based 

Access Control, however, presents its own challenges. 

As the company grows and new job roles emerge, the number of roles may increase 

dramatically, potentially leading to role explosion. Poorly designed roles can result in 

excessive permissions being granted, increasing the risk of unauthorized actions 

such as the installation of unapproved software or malware infections that could 

compromise the network. To address these challenges, it is critical to carefully define 

roles based on a thorough analysis of job functions and business needs. 

Permissions should be assigned following the principle of least privilege, granting 

users only the access necessary to perform their tasks. Assigning users to roles or 

groups simplifies management and enhances security. Regular audits of access 

rights are necessary to ensure permissions remain appropriate and to detect any 

unauthorized access promptly. When transitioning from the current system to the 

proposed RBAC framework, the company should carefully consider the 

implementation method. A direct cutover, while fast and inexpensive, carries high 

risk if issues arise, potentially disrupting business operations.

Insider threats pose a significant risk to Longstaff Marketing Solutions due to the 

high level of access currently granted to employees through shared administrative 

accounts and weak access controls. An insider, whether intentionally malicious or 

unintentionally negligent, can exploit these privileges to steal, manipulate, or leak 

sensitive company and customer data. Such breaches not only compromise the 

integrity and confidentiality of information but also put the company at risk of severe 

legal and financial penalties under regulations like GDPR and the Data Protection 

Act. Additionally, insider threats can result in reputational damage and loss of 

customer trust, which may have long-term impacts on business viability. To mitigate 

these risks, Longstaff Marketing should implement strict access controls using rolebased access control (RBAC), ensuring users have only the permissions necessary 

to perform their job functions, which limits the potential damage caused by insiders. 

Continuous monitoring and auditing of user activity through security information and 

Singh_H_107557087_Task3

Page 16 of 18

event management (SIEM) tools will help detect unusual or unauthorized behaviour

promptly. Furthermore, enforcing multi-factor authentication (MFA) and unique user 

accounts increases accountability and reduces the risk of compromised credentials 

being used. Regular staff training on security awareness, data protection policies, 

and the consequences of insider threats will cultivate a culture of security 

mindfulness. Lastly, implementing clear disciplinary procedures for policy violations

will deter intentional misuse of access.

As Longstaff Marketing Solutions transitions its infrastructure to cloud services such 

as Microsoft 365 or AWS, the risk of misconfigured access controls and permissions 

increases significantly. Incorrectly configured Identity and Access Management 

(IAM) settings can lead to unauthorized users gaining access to sensitive corporate 

or customer data. This may result from overly permissive roles, failure to enforce the 

principle of least privilege, or lack of proper monitoring, all of which increase the 

likelihood of data breaches. Such vulnerabilities can expose the company to 

compliance violations under GDPR and other data protection regulations, which 

mandate strict control over personal and sensitive information. To mitigate this risk, 

Longstaff should implement a robust IAM framework that enforces role-based access 

control (RBAC) combined with the principle of least privilege, ensuring users only 

have access necessary for their roles. Enabling multi-factor authentication (MFA) 

across all cloud accounts will add an extra layer of security against credential 

compromise. Additionally, the company should regularly audit cloud access logs and 

permissions to detect and remediate any anomalies promptly. Leveraging cloudnative security tools such as Microsoft Secure Score or AWS IAM Access Analyzer 

can assist in identifying and correcting misconfigurations, ensuring continuous 

compliance and minimizing exposure.

As for the Firewall currently in use at Longstaff Marketing, its rules allow inbound and 

outbound access for all HTTP, HTTPS, IMAP, SMTP traffic from a broad IP range to 

any destination. This could expose internal systems to external threats if not properly 

filtered at another layer like the application layer. Allowing inbound/outbound IMAP 

and SMTP traffic can be risky without strong authentication and spam/malware 

protection. Port 25 is commonly known for being exploited for spam distribution

which increases the risk of human error. SMB is seen to be inconsistent as it has 

been allowed between specific IPs and denied for a broader range. If this is not 

ordered or prioritized correctly in the firewall, the deny rule might override the allow 

rule unintentionally or vice versa, leading to unintended access or blocking. Most 

rules list the destination address as "ANY", which is risky. Traffic should ideally be 

limited to known, trusted endpoints or services. In order to prevent these issues, it is 

important to configure these rules. For example, Port 80 should be restricted to 

known web servers only, therefore it is important to change the destination address 

for inbound traffic to specific web server address (192.168.1.100). Similarly, HTTPS 

secures all inbound traffic, whereas only the web server requires to be secured. 

Lastly, the SMB protocol should keep limited access for specific systems only and 

deny all other SMB access to protect shared files.

Singh_H_107557087_Task3

Page 17 of 18

SUMMARY

Longstaff Marketing Solutions asked to assess the specification of requirements and 

prepare a proposal that addresses their needs. We were provided with concerns and 

used our understanding to outline the possible issues that could have affected the 

organization and created suggestions based off the issues. Not only did we suggest 

hardware and software for the company to use on-site, but also to use as a 

standardisation for each individual employee. We also included a justification for 

each suggestion, and provided a cost table to show the business expenses for the 

initial year and outlined specification such as the quantity, vendor, and product 

specification. Issues with unnecessary high-level access and shared credentials, 

which should have been eliminated, have all been taken care of as acceptable 

suggestions are made on how they could mitigate those issues. Additionally, the 

misconfigured firewall rules have been addressed removing any unauthorized traffic 

entering the network. It is also made possible for hybrid workers to easily access 

resources online as they there have been a suggestion of a virtual server which 

allows the users to access, store, and share data from anywhere at any times 

making it more efficient as well as meeting on of their requirements. Furthermore, 

there has been changes to the network as classroom and office network have been 

standardized which makes sure that there is no IP address errors and that rightful 

data is accessible for each employee and student. All changes implemented into the 

new proposal tend to meet all guidelines of different legislations such as DPA and 

GDPR. This will help them maintain a safe network and make sure that all 

client/costumer data is kept safe, this will increase the trust of the client and Swift 

FinTech which will help them build a good relationship and maintaining a loyal client 

for a long period of time. In term of long term, we can ensure the proposal to remain 

the same for about 3-4 years, the reason for that is because technology is evolving 

at a rapid rate and it is important for a company to exploit the technology available to 

them to compete with their competitors. If they don’t implement changes, it will 

restrict the company from accessing new services and features which would give 

their competitors an advantage. Therefore, it is vital for an organization to keep 

changing their operating system to keep track of new services which could improve

their deliverables. As for software licensing they tend to update in terms of payment 

lengths and services which means they also need to be changed after a while to 

have the full access to software’s.

Singh_H_107557087_Task3

Page 18 of 18

REFERENCES

Router:

Buy TPL: TP-LINK Archer VR2100 Wi-Fi Modem Router - AC 2100, Dual-band | 

Curry’s

Laptops:

Dell Inspiron 16 Plus | Dell UK

Servers:

PowerEdge T360 Tower Server | Dell UK

Wireless access point:

TP-Link EAP225 Access Point, AC1350 Wi-Fi Dual Band Wireless Access Points, 

Gigabit Ethernet Port Support 802.3af/Passive PoE, Omada Mesh, Easily Mount to 

Wall or Ceiling, Free Controller Software: Amazon.co.uk: Computers & Accessories

Managed Switch:

Dell Networking S3148P - switch - 48 ports - Managed - rack-mountable - Dell Smart 

Value - 210-AIMP - Curry’s Business

Encryption:

Install BitLocker on Windows Server | Microsoft Learn

Endpoint Protection:

CrowdStrike: We Stop Breaches with AI-native Cybersecurity

Firewall:

Netgate

Intrusion Prevention software:

Snort Rules and IDS Software Download





Comments

Popular posts from this blog

OS A3 Task 1

OS A3 Task 2