.. include:: global.rst ====================================================== Regional Insurance Group: Enterprise Network Redesign ====================================================== **Author:** Brayden Mitchell **Project Type:** Networking Capstone **Organization:** Regional Insurance Group **Focus Areas:** Network Security, Architecture Design, SIEM, VPN Deployment .. note:: This project builds on previous portfolio entries: - :doc:`Part 1 – Network Analysis and Redesign ` - :doc:`Part 2 – VPN and SIEM Implementation ` Overview ======== This capstone project presents a comprehensive redesign of an enterprise network for a mid-sized organization, Regional Insurance Group. The goal of the project was to analyze an existing insecure and inefficient network architecture and develop a scalable, secure, and modernized solution aligned with industry best practices. The redesign emphasizes segmentation, layered security, secure remote access, and centralized monitoring to improve both cybersecurity posture and operational efficiency. Problem Statement ================= The original network infrastructure suffered from several critical weaknesses: - Lack of internal network segmentation - Reliance on a single perimeter firewall - Limited monitoring and visibility into network activity - No secure remote access solution - High risk of lateral movement in the event of a breach These issues increased the organization’s exposure to cyber threats and limited its ability to detect and respond to incidents effectively. Objectives ========== The primary objectives of this project were: - Improve network security through segmentation and layered defenses - Reduce attack surface and prevent lateral movement - Implement secure remote access for distributed users - Introduce centralized logging and monitoring - Ensure scalability for future organizational growth Solution Architecture ===================== The redesigned network introduces a defense-in-depth strategy built on multiple key components: **1. VLAN Segmentation** - Accounting (VLAN 10) - Sales (VLAN 20) - Server Network (VLAN 30) - Authentication Network (VLAN 40) - DMZ (VLAN 50) This logical separation isolates departments and critical systems, reducing unauthorized access and improving traffic control. **2. Layered Firewall Design** - Perimeter firewall (pfSense) - Internal segmentation firewall (OPNsense) - Host-based firewalls (Windows Defender) This approach ensures multiple inspection points and follows the principle of defense in depth. **3. DMZ Implementation** - Public-facing web server isolated from internal network - Strict firewall rules limiting inbound and outbound traffic This prevents external threats from directly reaching sensitive internal systems. **4. Active Directory Authentication** - Centralized identity management - Role-based access control (RBAC) - Enforcement of least privilege Authentication services are isolated within a dedicated VLAN to enhance security. SIEM Implementation =================== A Security Information and Event Management (SIEM) solution was introduced using Splunk Enterprise Security. **Key Capabilities:** - Centralized log aggregation - Real-time monitoring and alerting - Event correlation and threat detection - Incident investigation support **Data Sources Integrated:** - Firewall logs - VPN logs - Server and endpoint logs - Active Directory logs - Network device logs **Example Detection Rules:** - Multiple failed login attempts (brute force detection) - Suspicious VPN activity - Unusual outbound traffic patterns - Privileged account misuse This significantly improves visibility and reduces incident response time. VPN Deployment ============== To support secure remote work, an SSL/TLS VPN solution was implemented. **Advantages:** - Browser-based access (no client required) - Strong encryption using TLS - High firewall compatibility (HTTPS-based) - Granular access control **Additional Security Enhancements:** - Multi-factor authentication (MFA) - Zero Trust Network Access (ZTNA) principles - Endpoint compliance checks This enables secure, scalable remote connectivity without exposing internal systems. Implementation Strategy ======================= The deployment follows a phased approach: 1. **Planning & Design** - Finalize architecture and tools - Conduct risk assessment 2. **Network Deployment** - Configure VLANs and routing - Implement firewall rules 3. **SIEM Integration** - Connect log sources - Tune detection rules 4. **VPN Rollout** - Configure secure access - Train users 5. **Validation & Optimization** - Perform testing and audits - Refine configurations This structured approach minimizes disruption and ensures system stability. Results and Impact ================== The redesigned network delivers several measurable improvements: - Reduced risk of lateral movement - Faster detection and response to threats - Improved network performance and reliability - Secure remote access for employees - Enhanced audit and compliance readiness These changes position the organization for long-term growth while maintaining a strong security posture. Official Report ================ .. raw:: html Key Takeaways ============= This project demonstrates practical application of core networking and security concepts, including: - Network segmentation using VLANs - Defense-in-depth architecture - SIEM deployment and log analysis - Secure remote access design - Enterprise-level network planning It highlights the importance of aligning technical solutions with business needs while adhering to cybersecurity best practices. Future Enhancements =================== Potential future improvements include: - Intrusion Detection/Prevention Systems (IDS/IPS) - Network Access Control (NAC) - Automated incident response (SOAR integration) - Cloud-based infrastructure integration These additions would further strengthen the organization's security maturity.