Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
11 views3 pages

Part 2

Uploaded by

zizaplerpludes
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
11 views3 pages

Part 2

Uploaded by

zizaplerpludes
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Problem Statement for Cyber Security stream

Cyber Shield: Defending the network


Problem Statement: PART 2 (Solutions):

 Updated network diagram with new hybrid access


components.
 Technical documentation explaining chosen solutions,
technologies, risks, and advantages.

1. Introduction
This document outlines a proposed secure hybrid network
design for the college, enabling faculty to work remotely while
ensuring internal resources remain protected from direct
internet exposure. Students will continue to use personal
devices with restricted network privileges.

2. Architecture Overview Components Used:


 VLAN Segmentation:
VLAN 10 – Admin
VLAN 20 – Faculty
VLAN 30 – Student
VLAN 40 – IoT
 VPN Gateway: Cisco ASA or AnyConnect SSL VPN appliance.
 Firewall with ACLs: Controls traffic between VLANs and from VPN
users.
 Authentication Server: RADIUS/LDAP with MFA.
 Policy Enforcement: ACLs + Identity-based access.

3. Authentication Flow
1. Remote Faculty:
o Connect to SSL VPN via client app.
o MFA verification.
o VPN assigns IP from Faculty VLAN range.
o Firewall applies faculty-specific ACL policies.
2. On-Campus Faculty:
o Auto VLAN assignment via switch port configuration or 802.1X
authentication.
3. Students:
o Connected to Student VLAN (campus Wi-Fi or wired).
o Access limited to academic portal and lab systems.

4. Security Advantages
 No Direct Exposure: Internal apps accessible only via VPN or campus
LAN.
 Role-Based Access: VLANs + ACLs ensure separation.
 Scalable: SASE or Identity-Aware Proxy can be integrated later for
cloud-based learning tools.
 Simple for Users: VPN client is straightforward for faculty.

5. Risks & Mitigation

Risk Mitigation

Compromised faculty
MFA + password rotation
credentials

Scale with cloud VPN or


VPN gateway overload
SASE

Misconfigured ACLs Regular audits & testing

Student VLAN compromise Network isolation + IDS

6. Fallback Strategies
 Backup VPN appliance in hot-standby mode.
 Manual ACL override for emergency faculty access.
 Temporary web-based proxy for critical teaching tools.

7. Conclusion
The proposed hybrid model allows secure, role-based access
for faculty and students, protecting sensitive resources while
supporting remote work. By using VLAN segmentation, VPN
access with MFA, and strong policy enforcement, the
architecture achieves security without overwhelming existing
infrastructure.

You might also like