Designing A Secure Network Infrastructure For An Internet-Based Bank

Task

In regards to the bank that carries out most of the business related activities through the usage of internet, there stands a particular need for the increasing the security of all the relative services that are to be provisioned by the bank to all of its customers (Perlman et al., 2016). In addition to the security architectures, cloud based services shall also be implemented to support the needs of data security that include the likes of customer information.

Cloud computing and relative architectures refer to the delivery of all cloud related services belonging to the field of computing including the likes of servers, data storages and other forms of services over the usage of internet. There is a shared existence of multiple companies, which carry out the business of provisioning other business organizations with the required amount of services having a complete dependency upon the cloud (Acemoglu et al., 2016). The services that are provided by these specific companies can be divided into four primary categories based on the cloud location. These are,

1. Public cloud- this refers to the computing infrastructure that is located within the premise of the organization that acts as a cloud service provider.
2. Private cloud- this refers to the hosting of all computing related infrastructure within the premise of the company that is using it entertaining no sharing of the same.

• Hybrid cloud- this refers to the usage of both public as well as private cloud that have a dependency upon the carried out purpose of the organization.

1. Community Cloud- this the cloud location that refers to the fact of sharing a common cloud space between a community of people and all of individuals have a personal authorization key to access their dedicated cloud storage space (Kanget al., 2016).

In regards to the above four categories of cloud locations, the type of cloud that shall be installed into the network of the undertaken bank is private. The cloud server will have a stagnant location at the data center that belongs to the cloud and will allow all the cloud related services to the main office and the branch office of the bank (Rathore et al., 2017). However, private cloud has been selected since the bank contains all the sensitive information that belongs to the customer. Such information needs to be protected with appropriate security measures. As a reason, a private cloud will maintain the integrity of the customer data without having any other form of access to the dedicated place rather than the bank and in turn, the employees working in the bank.

In addition to this, cloud services can also be divided on the basis of the types of services provisioned by the same. In regards to this, the following three primary categories of cloud based on the services type are,

1. Infrastructure-as-a-Service- this refers to the most basic category of all the cloud computing services that provisions with an allowance to rent the information and technology as well as the relative architecture (Shinet al., 2016).
2. Platform-as-a-Service- this refers to the fact of supplying with an on-demand environment for the development, managing as well as delivering of software applications.

• Software-as-a-Service- this refers to the primary method of delivering various applications of software through the internet on the basis of the demand as well as relating to a subscription plan.

In regards to this, the cloud service type that entirely belongs on the basis of the cloud services, SaaS has been typically used within the network of the bank to put forward the fact that the customers have a particular software that also consists of security mechanisms to allow them to carry out their banking activity on a daily basis.  

Cloud Computing and Security Architechture

The bank consists of a head office branch and a remote branch in the network that has been designed for the internet based bank undertaken in the discussion. Each of the head office and the branch office consists of a router and switch, where all the workstations of different departments and the employees working in the same are connected to the routers through a switch (Luong et al., 2017). Each of the workstations and other IT components such as the likes of printers and scanners are to be provisioned with all the required connectivity such as internet connection, data services and application based services.

In addition to this, there is a shared existence of wireless access points in both the head office and the branch office that are also connected directly to the switch of the routers in the head office as well as the branch office respectively. The wireless access points have been provided for the customers of the bank to connect to the network as and when required for allowing them to get hold of resources while at the bank sites regarding some banking activity.

The network consists of a data center that is responsible for maintaining a track of all the data that belongs to the bank. Such data can be the likes of employee details, banking information as well as personal information of the customers (Ramos et al., 2017). The data center has a direct connection to the cloud server and the cloud storage to store all the data on the cloud as a part of the backup procedure for preventing potential loss of data as well as to provision the data with the required amount of security.

The network gets hold of all the web related services and runs the application with the help of the Amazon Web Services, which is a web service provider for the bank. The AWS site has a server and a router that shares a direct connection with the router of the head office and the branch office.

Lastly, all the ATM’s of the bank have an individual router provided to them to share a connection with the internet connectivity as well as the router of the bank head office. The ATM’s consists of a server along with an ATM Machine (Lu et al., 2018). The server has been termed as the authorization server to grant the access to the application portal to all of the customers accessing the ATM through their debit/credit cards.

Types of Cloud and Services

Head office has a direct connection to the data center, ATM, application site and the branch office of the bank. On the other hand, the branch office has a direct connection to the application site for allowing the customers to connect to the web portal for banking service. In addition to this, the branch office has via connection to the data center and the ATM through the head office of the bank in regards to maintain the security of internet banking (Kang et al., 2016). Lastly, each of the head office and the branch office router has a connection to the firewall to maintain the security of the business procedures on a daily basis.

Figure-1: Logical network diagram

(Source- Created By Author)

The following security services are to be provided through the network design,

1. Firewall connected to the routers of head office and branch office to keep a constant monitoring over the entry points of the network to carry out packet filtering and remove harmful threats or vulnerabilities (Saxenaet al., 2017).
2. Password protected wireless access points to grant authorization to users only with a password provided by the bank.

• Access control policies between the different departments of the bank to disallow inter-departmental access for maintaining the integrity of customer data.

1. Cloud security maintenance at the data center of the bank to prevent unauthorized or external access for barging in and hampering integrity of bank and customer information.
2. Authorization server at the ATMs to cross check the passwords of the customers accessing the ATM and grant the access if the passwords match to the bank database (Zouet al., 2016).
3. Amazon web service that has the primary inclusion of strong architectures for security that will keep the web and application data of the bank secure as well as safeguarded from any external access that is not authorized.

The following networking services are to be provided,

1. Routers to the head office, branch office, data center, ATM and application center for connection across the network.
2. Wireless access point at the branch office and the head office for allowing customers connect to the network and access the application services (Duxburyet al., 2019).

• Workstations at the head office, branch office, data center and the ATM for allowing employees to access the networking services.

1. Servers at the Application site, data center and ATM for respective services.

Figure-2: Physical network diagram

(Source- Created By Author)

The bank should have a detailed costing specification of all the labour, hardware as well as software applications that will be required for the bank to carry out the banking procedures on a daily basis as well as to maintain the security of the data dealing on a regular basis (Lopez et al., 2018). The costing specifications include the costing for the following,

1. Hardware and equipment.
2. Software applications.

• Manual labour.

The hardware connected to the network of the bank are the likes of routers, switches, servers, workstations, printers, and wireless access points.

Routers:

Manufacturer: Cisco

Model: Cisco RV340 Dual WAN Gigabit Router

Cost: $484.79.

Servers:

Manufacturer: Synology (Frigault et al., 2017).

Model: Synology DiskStation DS218

Cost: $730.27.

Switches:

Manufacturer: Netgear.  

Model: NETGEAR GS752TPv2

Cost: $1126.79.

Workstations:

Manufacturer: Dell.  

Model: Dell Optiplex 3050

Cost: $469.41.

Wireless Access point:

Manufacturer: D-link.  

Model: D-Link DWL-6610AP

Cost: $517.11.

Amazon Web services:

Manufacturer: Amazon.

Cost: $955 per year.

Antivirus applications:

Manufacturer: McAfee.

Model: McAfee Total Protection.

Cost: $13.53.

The network of the bank is to be made secure in regards to the confidential customer information that is a part of the daily business procedures and is communicated to and from the server regularly for efficient banking services to be provisioned to the individual customers. Hence, to keep the entire security network working properly, the company needs to hire a network engineer, who will keep a constant check upon the entire network and resolve network related issues on a daily basis (Liyanage et al., 2016). The company needs to pay an amount of $85,000 per year to the network engineer as a part of the salary.

Logical Network Diagram

In addition to this, all the hardware equipment and network devices need to be delivered to the respective sites for setting up the banking network along with security. For the delivery purposes, the company needs to hire a logistics team on an hourly basis. $400 an hour is the revenue to be incurred by the company to carry out the delivery of the hardware.

The designed network needs to be installed as per the diagram provisioned to the bank to have all the business procedures running in a smooth manner with efficient amount of security to secure the information belonging to the customers and the bank. As a reason, the listed equipment and labouring costs that needs to be incurred by the company has been provided to set the planning budget in accordance to the same (Zhou et al., 2017). Hence, the entire cost and the budget that needs to be set by the company has been properly highlighted with the help of the following table.

Equipment	Type	Cost
Routers	Hardware	$484.79
Servers	Hardware	$730.27
Switches	Hardware	$1126.79
Computers	Hardware	$469.41
Wireless access points	Hardware	$517.11
AWS	Software	$955 per year
Antivirus	Software	$13.53
Network engineer	Human labour	$85,000
Logistics	Human labour	$400
	Total budget:-	$89, 696.9 /year

For completing the network designing of the company as well as to carry out the security maintenance through the designed network in a proper manner to safeguard the bank data and customer information, the following resources will be specifically required to perform the entire work (Sengupta et al., 2020). These are,

1. Network devices-, which includes the likes of routers, switches, servers and efficient connecting wires.
2. Hardware devices and equipment- computers and printers.

• Software- AWS applications and services as well as antivirus programs.

1. Human labour- network engineer for monitoring and keeping the network secure and properly working as well as logistics to deliver all the required resources to the respective site of the bank.

The following security services are to be provisioned to the banking activities with the help of the network that has been designed for the bank (Lin et al., 2018). These are,

1. Wireless access points for allowing the customers of the bank to connect to the network. However, the customers will be provided with passwords to access the wireless connectivity that prevents unauthorized access into the network.
2. Firewall connected to both the routers of the head office and the branch office to monitor the entry points of the network and disallow malicious content or threats to enter the network.

• Cloud server and storage present at the data center. The cloud services consists of security architecture beforehand that will safeguard the information stored on the same. In addition to this, cloud storages also mitigate the possibility of data loss.

1. Presence of authorization server at the ATM that will tally the customer password entered through the ATM machine with the database of the bank (Abu Elreeshet al., 2019). On matched passwords, the server will grant the access or else prevent access. This secures the accounts of clients from unauthorized access.
2. Web services to be taken from external vendors who provide with web hosting and internet connectivity that contain higher levels of security to protect the bank and customer information from threats and vulnerabilities.

The list of equipment to provide the banking services with the required amount of data security are,

2. Password protected wireless access points.

• Cloud security and storage services.

1. Authorization server at ATM.

	Assets (What)	Motivation (Why)	Process (How)	People (Who)	Location (Where)	Time (When)
Contextual	Business Decisions	Business risks	Business processes	Business governance	Business geography	Business time dependencies
Conceptual	Business knowledge and risk strategy	Risk management objectives	Strategies for process assurance	Roles and responsibilities	Domain framework	Time management framework
Logical	Information assets	Risk management policies	Process maps and services	Entity and trust framework	Domain maps	Calendar and timetable
Physical	Data assets	Risk management practices	Process mechanisms	Human interface	ICT infrastructure	Processing schedule
Component	ICT components	Risk management tools and standards	Process tools and standards	Personnel management tools and standards	Locator tools and standards	Step timing and sequencing tools
Service Management	Service delivery management	Operational risk management	Process delivery management	Personnel management	Management of environment	Time and performance management

References: 

Abu Elreesh, J. Y., & Abu-Naser, S. S. (2019). Cloud Network Security Based on Biometrics Cryptography Intelligent Tutoring System.

Acemoglu, D., Malekian, A., & Ozdaglar, A. (2016). Network security and contagion. Journal of Economic Theory, 166, 536-585.

Duxbury, S. W., & Haynie, D. L. (2019). Criminal network security: An agent?based approach to evaluating network resilience. Criminology, 57(2), 314-342.

Frigault, M., Wang, L., Jajodia, S., & Singhal, A. (2017). Measuring the overall network security by combining cvss scores based on attack graphs and bayesian networks. In Network Security Metrics (pp. 1-23). Springer, Cham.

Kang, M. J., & Kang, J. W. (2016). Intrusion detection system using deep neural network for in-vehicle network security. PloS one, 11(6).

Kang, M. J., & Kang, J. W. (2016, May). A novel intrusion detection method using deep neural network for in-vehicle network security. In 2016 IEEE 83rd Vehicular Technology Conference (VTC Spring) (pp. 1-5). IEEE.

Lin, H., Yan, Z., Chen, Y., & Zhang, L. (2018). A survey on network security-related data collection technologies. IEEE Access, 6, 18345-18365.

Liyanage, M., Abro, A. B., Ylianttila, M., & Gurtov, A. (2016). Opportunities and challenges of software-defined mobile networks in network security. IEEE Security & Privacy, 14(4), 34-44.

Lopez, D., Lopez, E., Dunbar, L., Strassner, J., & Kumar, R. (2018). Framework for interface to network security functions. draft-ietf-i2nsf-framework-04. pdf, IETF I2NSF WG.

Lu, Z., Qu, G., & Liu, Z. (2018). A survey on recent advances in vehicular network security, trust, and privacy. IEEE Transactions on Intelligent Transportation Systems, 20(2), 760-776.

Luong, N. C., Hoang, D. T., Wang, P., Niyato, D., & Han, Z. (2017). Applications of economic and pricing models for wireless network security: A survey. IEEE Communications Surveys & Tutorials, 19(4), 2735-2767.

Perlman, R., Kaufman, C., & Speciner, M. (2016). Network security: private communication in a public world. Pearson Education India.

Ramos, A., Lazar, M., Holanda Filho, R., & Rodrigues, J. J. (2017). Model-based quantitative network security metrics: A survey. IEEE Communications Surveys & Tutorials, 19(4), 2704-2734.

Rathore, S., Sharma, P. K., Loia, V., Jeong, Y. S., & Park, J. H. (2017). Social network security: Issues, challenges, threats, and solutions. Information sciences, 421, 43-69.

Saxena, N., Grijalva, S., Chukwuka, V., & Vasilakos, A. V. (2017). Network security and privacy challenges in smart vehicle-to-grid. IEEE Wireless Communications, 24(4), 88-98.

Sengupta, S., Chowdhary, A., Sabur, A., Alshamrani, A., Huang, D., & Kambhampati, S. (2020). A survey of moving target defenses for network security. IEEE Communications Surveys & Tutorials.

Shin, S., Xu, L., Hong, S., & Gu, G. (2016, August). Enhancing network security through software defined networking (SDN). In 2016 25th international conference on computer communication and networks (ICCCN) (pp. 1-9). IEEE.

Stallings, W. (2016). Network security essentials: applications and standards. Pearson.

Zhou, Q., & Luo, J. (2017). The study on evaluation method of urban network security in the big data era. Intelligent Automation & Soft Computing, 1-6.

Zou, Y., Zhu, J., Wang, X., & Hanzo, L. (2016). A survey on wireless security: Technical challenges, recent advances, and future trends. Proceedings of the IEEE, 104(9), 1727-1765.