Regional Insurance Group: Enterprise Network Redesign

Author: Brayden Mitchell Project Type: Networking Capstone Organization: Regional Insurance Group Focus Areas: Network Security, Architecture Design, SIEM, VPN Deployment

Note

This project builds on previous portfolio entries:

Overview

This capstone project presents a comprehensive redesign of an enterprise network for a mid-sized organization, Regional Insurance Group. The goal of the project was to analyze an existing insecure and inefficient network architecture and develop a scalable, secure, and modernized solution aligned with industry best practices.

The redesign emphasizes segmentation, layered security, secure remote access, and centralized monitoring to improve both cybersecurity posture and operational efficiency.

Problem Statement

The original network infrastructure suffered from several critical weaknesses:

  • Lack of internal network segmentation

  • Reliance on a single perimeter firewall

  • Limited monitoring and visibility into network activity

  • No secure remote access solution

  • High risk of lateral movement in the event of a breach

These issues increased the organization’s exposure to cyber threats and limited its ability to detect and respond to incidents effectively.

Objectives

The primary objectives of this project were:

  • Improve network security through segmentation and layered defenses

  • Reduce attack surface and prevent lateral movement

  • Implement secure remote access for distributed users

  • Introduce centralized logging and monitoring

  • Ensure scalability for future organizational growth

Solution Architecture

The redesigned network introduces a defense-in-depth strategy built on multiple key components:

1. VLAN Segmentation

  • Accounting (VLAN 10)

  • Sales (VLAN 20)

  • Server Network (VLAN 30)

  • Authentication Network (VLAN 40)

  • DMZ (VLAN 50)

This logical separation isolates departments and critical systems, reducing unauthorized access and improving traffic control.

2. Layered Firewall Design

  • Perimeter firewall (pfSense)

  • Internal segmentation firewall (OPNsense)

  • Host-based firewalls (Windows Defender)

This approach ensures multiple inspection points and follows the principle of defense in depth.

3. DMZ Implementation

  • Public-facing web server isolated from internal network

  • Strict firewall rules limiting inbound and outbound traffic

This prevents external threats from directly reaching sensitive internal systems.

4. Active Directory Authentication

  • Centralized identity management

  • Role-based access control (RBAC)

  • Enforcement of least privilege

Authentication services are isolated within a dedicated VLAN to enhance security.

SIEM Implementation

A Security Information and Event Management (SIEM) solution was introduced using Splunk Enterprise Security.

Key Capabilities:

  • Centralized log aggregation

  • Real-time monitoring and alerting

  • Event correlation and threat detection

  • Incident investigation support

Data Sources Integrated:

  • Firewall logs

  • VPN logs

  • Server and endpoint logs

  • Active Directory logs

  • Network device logs

Example Detection Rules:

  • Multiple failed login attempts (brute force detection)

  • Suspicious VPN activity

  • Unusual outbound traffic patterns

  • Privileged account misuse

This significantly improves visibility and reduces incident response time.

VPN Deployment

To support secure remote work, an SSL/TLS VPN solution was implemented.

Advantages:

  • Browser-based access (no client required)

  • Strong encryption using TLS

  • High firewall compatibility (HTTPS-based)

  • Granular access control

Additional Security Enhancements:

  • Multi-factor authentication (MFA)

  • Zero Trust Network Access (ZTNA) principles

  • Endpoint compliance checks

This enables secure, scalable remote connectivity without exposing internal systems.

Implementation Strategy

The deployment follows a phased approach:

  1. Planning & Design - Finalize architecture and tools - Conduct risk assessment

  2. Network Deployment - Configure VLANs and routing - Implement firewall rules

  3. SIEM Integration - Connect log sources - Tune detection rules

  4. VPN Rollout - Configure secure access - Train users

  5. Validation & Optimization - Perform testing and audits - Refine configurations

This structured approach minimizes disruption and ensures system stability.

Results and Impact

The redesigned network delivers several measurable improvements:

  • Reduced risk of lateral movement

  • Faster detection and response to threats

  • Improved network performance and reliability

  • Secure remote access for employees

  • Enhanced audit and compliance readiness

These changes position the organization for long-term growth while maintaining a strong security posture.

Official Report

Key Takeaways

This project demonstrates practical application of core networking and security concepts, including:

  • Network segmentation using VLANs

  • Defense-in-depth architecture

  • SIEM deployment and log analysis

  • Secure remote access design

  • Enterprise-level network planning

It highlights the importance of aligning technical solutions with business needs while adhering to cybersecurity best practices.

Future Enhancements

Potential future improvements include:

  • Intrusion Detection/Prevention Systems (IDS/IPS)

  • Network Access Control (NAC)

  • Automated incident response (SOAR integration)

  • Cloud-based infrastructure integration

These additions would further strengthen the organization’s security maturity.