DESIGN AND IMPLEMENTATION OF SYSTEM AND NETWORK SECURITY FOR AN ENTERPRISE WITH WORLDWIDE BRANCHES

Postgraduate

ABSTRACT
The basic reasons we care about information systems security are that some of our information needs to be protected against unauthorized disclosure for legal and competitive reasons; all of the information we store and refer to must be protected against accidental or deliberate modification and must be available in
a timely fashion. We must also establish and maintain the authenticity (correct attribution) of documents we create, send and receive. Finally, the if poor security practices allow damage to our systems, we may be subject to criminal or civil legal proceedings; if our negligence allows third parties to be harmed via
our compromised systems, there may be even more severe legal problems.
Another issue that is emerging in e-commerce is that good security can finally be seen as part of the market development strategy. Consumers have expressed widespread concerns over privacy and the safety of their data; companies with strong security can leverage their investment to increase the pool of
willing buyers and to increase their market share. We no longer have to look at security purely as loss avoidance: in today’s marketplace good security becomes a competitive advantage that can contribute directly to revenue figures and the bottom line. Networks today run mission-critical business services that
need protection from both external and internal threats.
In this paper we proposed a secure design and implementation of a network and system using Windows environment. Reviews of latest product with an application to an enterprise with worldwide branches are given.

Keywords: Network design, LAN, WAN, Security, Encryption, VPN, IPSec, Active Directory.

INTRODUCTION 
 
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The terms information security, computer security and information assurance are
frequently used interchangeably. These fields are interrelated and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These
differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Governments, military, financial institutions,
hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic
computers and transmitted across networks to other computers. Should confidential information about businesses customers or finances or new
product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an
ethical and legal requirement. For the individual, information security has a significant effect on Privacy, which is viewed very differently in different cultures.
The field of information security has grown and evolved significantly in recent years. As a career choice there are many ways of gaining entry into the field. It offers many areas for specialization including Information Systems Auditing, Business.