I based my capstone project on a network upgrade and redesign project my company completed to update the local area network (LAN) from Gigabit Ethernet to Ten Gigabit Ethernet. The project was inspired by my company’s decision to virtualize its data center, update its physical security system, and expand its passenger processing system. All these technologies require a robust network to.... Additionally, the network firewalls were outdated and lacking security features that protects the network against current cyber threats. Obviously, I create a fictitious company to present the project in the paper. This capstone project will present the methods Acme Regional Airport (AAE) used to upgrade its enterprise network and simultaneously secure it for PCI DSS regulations. Ultimately, this project will measure: improvements to the network’s efficiency; the savings from a more efficient network; the changes in the airport’s information security posture (and its effects on PCI DSS); the difference between the risks before and after the project; the preparedness for future security awareness programs, security policies, and security procedures.
…show more content…
As a final point, the capstone will treat the airport Information Technology department and Director of IT as the contract client for the project.
The airport’s initial network topology was complex, consisting of two physically separated networks: one was a standard local area network (LAN) and the other was an air-gap LAN for credit card processing networks. To clarify, an air-gap network isolates payment card systems from less secure networks. Subsequently, AAE decided to integrate the networks to simplify the network topology because complicated network designs often leave gaps in security. Incidentally, the simpler network also improves network efficiency...and simplicity the network topology. Thus, I use the Cisco Enterprise Campus Model because it is simple, modular, scalable, and flexible. As previously mentioned, all the network information in any diagrams or tables were created for the project. The diagrams consist of the new core switch, the new network firewall, and the PCI VLANs. All technical diagrams and detailed data will be included in the appendix section of the paper. Thus, the project will include sanitized network diagrams of the project completed at the airport. Specifically, my goal is to demonstrate the importance of secure network design by completing the following objectives: research PCI security controls and processes to determine the best network design for AAE’s PCI compliance; use the Cisco Enterprise Campus Model to redesign the network topology; secure the PCI networks at the core switch and firewall using NIST SP 800-41: Guidelines on Firewalls and Firewall Policy; make recommendations to secure the PCI devices using NIST SP 800-123: Guide to General Server Security; complete an internal PCI Self-Assessment Questionnaire (SAQ); conduct a vulnerability assessment according to NIST SP 800-115: Technical Guide to Information Security Testing; train IT staff to be security conscious according to NIST SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems. First, I will research PCI DSS and conduct an SAQ to determine the best network design to meet PCI compliance. Second, I will design the new network using Cisco’s Enterprise Campus Model. Third, I will use the NIST SP 800-41 to configure the firewall and core switch to comply with PCI standards. Fourth, I will explain how the computers on the card processing
As a final point, the capstone will treat the airport Information Technology department and Director of IT as the contract client for the project.
The airport’s initial network topology was complex, consisting of two physically separated networks: one was a standard local area network (LAN) and the other was an air-gap LAN for credit card processing networks. To clarify, an air-gap network isolates payment card systems from less secure networks. Subsequently, AAE decided to integrate the networks to simplify the network topology because complicated network designs often leave gaps in security. Incidentally, the simpler network also improves network efficiency...and simplicity the network topology. Thus, I use the Cisco Enterprise Campus Model because it is simple, modular, scalable, and flexible. As previously mentioned, all the network information in any diagrams or tables were created for the project. The diagrams consist of the new core switch, the new network firewall, and the PCI VLANs. All technical diagrams and detailed data will be included in the appendix section of the paper. Thus, the project will include sanitized network diagrams of the project completed at the airport. Specifically, my goal is to demonstrate the importance of secure network design by completing the following objectives: research PCI security controls and processes to determine the best network design for AAE’s PCI compliance; use the Cisco Enterprise Campus Model to redesign the network topology; secure the PCI networks at the core switch and firewall using NIST SP 800-41: Guidelines on Firewalls and Firewall Policy; make recommendations to secure the PCI devices using NIST SP 800-123: Guide to General Server Security; complete an internal PCI Self-Assessment Questionnaire (SAQ); conduct a vulnerability assessment according to NIST SP 800-115: Technical Guide to Information Security Testing; train IT staff to be security conscious according to NIST SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems. First, I will research PCI DSS and conduct an SAQ to determine the best network design to meet PCI compliance. Second, I will design the new network using Cisco’s Enterprise Campus Model. Third, I will use the NIST SP 800-41 to configure the firewall and core switch to comply with PCI standards. Fourth, I will explain how the computers on the card processing