You are a newly hired civilian contractor for the U.S. Navy at a naval air station. Your position is a security engineer. This project has recently been consolidated to this location from several coastal areas. The team is a small department that focuses on unmanned naval surveillance vehicles.
You have been asked to perform the initial network design while you wait for your security clearance to get approved. You have to bear in mind the requirements that the Navy has for this project. There is a 2 terabyte UNIX DB2 database, which is used for craft designs, part lists, and experimental results; additionally, a smaller Oracle database running on Windows servers takes care of scheduling, administration, and personnel data.
The network will require 200 hosts in the design and development department, 20 in the personnel department, and 40 in the acquisition department. The acquisition department will need access to the secure internal network and external Department of Defense suppliers, whose networks are not considered secure. Both of these departments will need access to Windows laser printers and UNIX-based design plotters. The captain in charge of the project and his staff of 10 need a wireless virtual private network (VPN).
This work is considered top secret and outside of the requirements of the acquisition department; the network is considered a secure one that must meet the requirements of common criteria and evaluation assurance level 4 + (EAL 4 +). The internal, border, wireless, and default gateway duties are handled by a major equipment company. Data availability is important because the government has tens of millions of dollars already invested in this project.
In preparation for your network design project, address the security vulnerabilities in the network design by addressing the following:
Outline your ideas in a 5-paragraph word document.