School of Digital, Technologies and Arts

Department of Computing

COMP60013: IT Infrastructure Security

Assignment Specification
Weighted at 100% of the module mark

Submission Guidelines

All submissions are only electronic and should be submitted via Blackboard. If you have any
questions/queries, please contact the tutor.

Submission deadline: Monday 7 Oct 2024 (17:00)

Learning outcomes being assessed by this assignment are:

1. CRITICALLY DISCUSS THE PRINCIPLES AND CONCEPTS INVOLVED IN THE SECURING OF INFORMATION
TECHNOLOGY INFRASTRUCTURE FOR BOTH STANDALONE SET-UPS AND NETWORKS.
2. DESIGN A SECURE INFRASTRUCTURE AND APPRAISE THE INTERRELATIONSHIPS
AMONG ELEMENTS THAT COMPRISE A MODERN SECURITY SYSTEM.
3. DEMONSTRATE AN UNDERSTANDING OF HOWTO MANAGE ENTERPRISE INFRASTRUCTURE SERVICES
ON MODERN OPERATING SYSTEMS.
4. DEPLOY AND MAINTAIN A SECURE ENTERPRISE IT INFRASTRUCTURE (NETWORK
SERVICES) ON UNIX/LINUX BASED SYSTEMS.

This is an individual assessment. Please check that your report and/or script/tool is entirely written by
yourself and any quoted sections are referenced.

This assignment consists of one part

•
Submission deadline: Monday 7 October 2024 (17.00)
Design and Implementation of end to end secure IT Infrastructure for “London Store Fashion House”
Ltd.

This assignment is weighted at 100%. It is expected that this part of the assignment will be in the region
of 3000-3500 words. London Store Fashion House Ltd (LSFH) focus the delivery of variety of products
and services which are related with Fashion for mankind. Currently, LSFH Ltd hosting their internal and
external web servers, billing & payment servers, proxy servers, RADIUS servers, internal DNS resolvers,
mail servers, and databases for various applications internally at their in-house premises data center.

Internal web server is used for intranet purpose and other external webserver is used as public
webserver, billing server is to store the customer transactions, payment server for tracking the
payment ,proxy servers is used for internet access to employees, RADIUS server is used for
authenticating various services, DNS resolvers are used to DNS lookup with internal and external DNS
authoritative servers, databases are used for maintaining customer profiles and their daily transactions
details, internal employee information and external supplier related details.

The LSFH organization would like to move for digital driven infrastructure which has end to end
digitalization processes. Further, according to the cloud technology advancements, new norms and
traditions in the market landscape, the LSFH organization intended to expand their business and its IT
infrastructure (Network, System and Applications etc.).

Securing the modern IT infrastructure is vital and mandatory for compliance purposes. You as
information security architect is tasked by your company (MIT Pvt Ltd.) to perform information security
assessment, designing and implementing secure IT Infrastructure (network, compute, storage,
applications and processes) for LSFH Ltd, according to the best practices and above business vision.

IT Infrastructure Overview of LSFH Ltd

The current status of IT infrastructure of LSFH Ltd

 Operating System - Red hat Linux version 5.2

 Web server- Apache 2.1-12
 FTP server- VSFTPD
 Proxy Server - Squid Proxy Server 2.4.0
 DNS Server- Bind 9.18.4
 DHCP Server- ISC DHCP- 4.3.2
 RADUIS Server- Open Radius Server 2.0.19
 Mail Server- Sendmail mail server
 Database - MySQL database 5.0
 OS level security - Kernel level security,IPtables
 The application is using PHP (5.0),perl with aid of external libraries/frameworks and
JaveScript,.Net
 100k customers, expected to be 80k within a year.
 25k transaction per month, significant increase expected.
 120 GB size backup for every month
 70 Mbps internet bandwidth usage
 One HQ and 150 Branches, 8 factories
 1750 employees including HQ and all branches.

High level scope (requirements)-infrastructure modernization of LSFH Ltd.

With the pace of change having increased like never before, you want to shape your infrastructure to
reflect the way your business is changing. And to do it faster than you were originally planning. You can
get the flexibility and agility you need with new software defined services, cloud capability and network
options. But, the key to success is combining the right technology with the right security, service,
management, expertise and commercials so you can mould your infrastructure into the shape you want.

Billions of devices connect to the internet every day with little or no security, and cybercriminals are
using sophisticated and innovative malware to infiltrate and move laterally through organizations.
Global security threats are everywhere - stolen identities, systems held to ransom, and phishing scams.
The transformation of your infrastructure means you’re needing to think about security in a new way,
and whilst there are many security challenges to consider, there are three key ones:

• securing your business from the network to the cloud - as you ramp up cloud adoption, IT security gets
more difficult and complex. You need to make sure your journey to third-party cloud services is secure,
considering network security services, such as next generation firewalls and intrusion prevention
solutions.

• knowing if you’re doing enough to secure your business - with breaches hitting the headlines every
week, do you worry you could be next? You need to make sure every process, application, and area of
your infrastructure revolves around the protection of your core assets. And you need a complete
understanding of your security posture in order to do it. To outline the steps you need to take you need
a defined roadmap that's aligned with your business objectives and digital transformation process.
• keeping up with the changing threat landscape - cyber threats are always evolving, so your security
should do the same. You need an agile, proactive approach to security that keeps pace with the rapidly
evolving threat landscape. And you need the ability to predict where digital threats will come from and
defend against them before they impact your organization. That means combining intelligence from
multiple sources – including government, partners and your own global network – to get a birds-eye
view of what’s going on, and accurately address your risk and measure its impact.

Low level Requirements

 LSFH requires all of their infrastructure services to be deployed on top of Linux based
distribution. You can choose Red Hat based or even Debian Based distribution as operating
system.
 Explain how you will perform an effective security audit/assurance for the LSFH’s (i.e. phases,
standards, methods, procedures etc...)
 Provide ”as sample” a chain of overall IT policies such as (you can present this in a table):
o Internal and external employee’s application access including how
sysadmin/superadmin will access the infrastructure.
o Password policy.
o Logging policy.
o Backup policy.
o Customer data security policy.
o Third party applications management policy
o Online customer registration policy
o Supply chain data policy

 Architect, design, deploy and configure a secure web server for internal and external purposes
with high availability (HA) with disaster recovery (DR).
 Architect, design, deploy and configure a secure email mail server with AI/Machine learning
based spam filtering capability.
 Design, deploy and configure, DNS resolvers and caching with HA and DR.
 Design, deploy and configure, DHCP with HA and DR.
 Design, deploy and configure, FTP with HA and DR.
 Design, deploy and configure Proxy servers(Forward proxy & Reverse Proxy) with HA and DR
 Design, deploy and configure RADIUS servers with HA and DR
 Deploy and configure shared file share server (Accessible from any operating system).
 Explain how you would provide a solution for securing the company’s new database and data
based related APIs which are exposed to internal and external networks.
 Provide a recommended solution for a secure backup for the database. Give example(s) and
illustration(s). Your solution should have disaster recovery plans as well.
 How you could improve overall end to end security of LSFH’s Ltd current architecture? - Provide
illustration and brief explanation with diagrams.
 Provide a recommend design for robust firewall, Intrusion Detection System (IDS) and Intrusion
Prevention (IPS) solutions. You can go for next generation firewalls as well.
 Explain about suitability of hybrid type of public cloud integration with premise IT infrastructure
for LSFH Ltd
  How to integrate IOT based platforms and applications with infrastructure and applications.
Proper security analysis has to be done and explain it accordingly
 What do you think about the integration of ML (Machine Learning) and AI (Artificial Intelligent)
with infrastructure and its services? You need to critically evaluate and explain.
 You should test and verify the each deployed service before moving to the production phase/go
live.
 You are expected to provide examples of your own implementation and testing (i.e. commands,
configurations, screenshots, etc...). You have to give proper evidence of your own work.
 You can use virtual machine or container based virtualization techniques to deploy and test the
infrastructure related services.
 You can use networking related simulators such as packet tracer to design and configure
network topologies
 Proper High Level Design (HLD) and Low Level Design (LLD) should be included in the report.

Submission Guidelines
You should to submit your report before the deadline. Your documentation should be submitted in
electronic format through the university VLE, Blackboard using the Turnitin system. Please submit DOC
or PDF version of the report otherwise it might NOT be recognized by the Turnitin system. If you have
any questions/queries, please contact your tutor.

Advice

• Read the relevant literature in this area and make sure you understand what is being asked from you.
• It is important that you start your preparation early.
• Upload your script, report, diagram and/or flow charts using the provided links through blackboard.
You are expected to approach all parts of this assignment as small but comprehensive academic reports.
As such the following report structure is expected:

1. Introduction, where you will discuss your plan for solving the problem introduced by the instructor

2. Main Body, where you will develop your arguments

3. Conclusions, where you will critically discuss your findings

4. References

5. Appendixes (if needed)

You are expected to demonstrate an insight into the implications of the problem introduced in each task
by using clear and concise arguments. The report should be well written (and word-processed), showing
good skills in creativity and design. Sentences should be of an appropriate length and the writing style
should be brief but informative. The report should have a consistent layout and be divided into
enumerated sections, sub- sections, sub-sub sections, etc. For the references and bibliography you are
expected to use appropriate peer reviewed sources for developing your arguments, and an appropriate
referencing style as per the University regulations.

Marking criteria

100 points

Criteria Maximum points

Introduction
– Includes a clearly stated thesis (5 Marks). /15
– Concise and precise presentation of IT/IS security audit/assurance (5 Marks).
– Indicates how the paper is organized (5 Marks).
Based on the quality of the introduction and relevant details marks will be
reduced from the maximum points
Main body
– The report is insightful (30 Marks).
– Coherent arguments, clearly, concisely and directly presented (10 Marks).
– It addresses clearly the assignment requirements in a way that indicates your /75
comprehension over the required task (10 Marks).
– Clear presentation of the information with precise explanation (15 Marks).
– Providing examples, diagrams, illustrations, etc...(10 Marks)
Based on the quality of the body and relevant details marks will be reduced from
the maximum points
Overall paper style
– Concise and precise ( 5 Marks)
– Including sections, subsection, etc... /10
– Free of jargon and cliches.
– Cites and references are correct( For above 3 points 5 Marks)
Based on the quality of the conclusions and relevant details marks will be
reduced from the maximum points