Enjoy Upto 50% off on all Your Assignments ORDER NOW

Enterprise Security Design and Implementation


1. Context

Privilege Identity Management (PIM) is a domain in the IT infrastructure which are responsible in managing, monitoring and having accounting in the governance accounts related with the Enterprise. (Kobashi, et al., 2013) Usually the governance of the Privileged Identity is not done in the straighten way in the Enterprise. To ensure this safety and governing the accounts, PIM is used within the enterprise. (D, 2005)

The privilege management in this enterprise allows the Bastion host to remove the privileges of System Administrator. A benefit rise work process will be required whereby the Operations Manager will affirm time-boxed solicitations for root get to. (ZIN, 2006)

2. Conceptual Design

a. Requirements

The requirements of the PIM are listed below:

  • The commands used to execute on the SSH session to be secured.
  • Sys Admins can't associate legitimately from their workstations to a protected server.
  • Sys Admins must demand authorisation from the Operations Manager before an SSH meeting can be set up to a protected server.
  • A solicitation to get to a safe server must be temporarily (for example 10 minutes.)
  • The Operations Manager must favour a period boxed solicitation for access to a protected server.
  • Sys Admins associate with the protected server by means of Bastion.
  • The Bastion approves the host authentication of the protected server.
  • Validation among Bastion and secure host is by means of authentications. (W., 2006)

b. Assumptions

It is assumed that only 3 system administrators are connected to the Bastion Host. These are connected using a switch which enables to connect the different host to a single server using the parallelization of network.

We assume that there is equal network coverage to all the three system administrators from the Bastion Host. Initially, it is assumed that all the system administrators are privileged with the system access rights.

c. Constraints

Only a single cloud is connected to both the system end at the Operator management plan. There are only 2 Linux 7 centos server connected at that side. SSH Policy is used as the constraint to be used in-scope.

3. Logical Design

a. Bastion Host

Internet Cloud – The data of the enterprise is saved onto the Internet cloud.

Linux 7 centos Servers – It is highly secured data sever at the Operations Manager end.

Router – It enables to connect the Bastion Host (HarshiCorp – Vault) to the servers.

HarshiCorp Vault – It eliminates the Sysadmin’s Standing privileges.

Switch – It allows the multiple devices or to connect to a host.

Sysadmin – System Administrator host to access the data with the privileges.

b. Approval Workflow

Linux servers can access the Internet cloud to approve the data workflow. Bastion Host blocks the standing privileges of the system administrator to avers the data directly from the server.

c. Auditing

  • Too much System Administrator do not have scope to connect into this network.
  • It plans specifically for the data privileges at the system administrator end.
  • No administrator with non-standing privileges can use the service. (Kadry, 2008)

Use Cases

1. Use Case

The sysadmin user cannot connect to secure01.

2. Use Case

The sysadmin logs into Bastion and requests approval to login to secure01.

The opsman approves sysadmin’s request.

The sysadmin can login to secure01 from Bastion.

3. Use Case

The sysadmin logs into Bastion and requests approval to login to secure01 for 10 minutes.

The opsman approves sysadmin’s request.

The sysadmin can login (SSH) to secure01 from Bastion (within 10 minutes.)

The sysadmin attempts to login (SSH) to secure01 after 10 minutes and access is denied.

References for Enterprise Security Design and Implementation

D, S., 2005. How the Windows Rights Management Service can Enhance the Security of your Documents. [Online] Available at: www.windowsecurity.com [Accessed 2020 06 14].

Kadry, S. &. K. S. &. H. W., 2008. Design and Implementation of System and Network Security for an Enterprise with World Wide Branches. Journal of Applied Sciences Research, Volume 4, pp. 1361-1370.

Kobashi, T. et al., 2013. Validating Security Design Pattern Applications Using Model Testing.. Regensburg, Germany, 8th International Conference on Availability, Reliability and Security (ARES2013).

W., S., 2006. Cryptography and Network Security. 4/E Prentice Hall, s.n.

ZIN, S. K., 2006. Performance parameters of wireless virtual private network. s.l., Master Thesis, Middle East University.

Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help

Upto 50% Off*
Get A Free Quote in 5 Mins*
Applicable Time Zone is AEST [Sydney, NSW] (GMT+11)
Upload your assignment

Why Us

Complete Confidentiality
All Time Assistance

Get 24x7 instant assistance whenever you need.

Student Friendly Prices
Student Friendly Prices

Get affordable prices for your every assignment.

Before Time Delivery
Before Time Delivery

Assure you to deliver the assignment before the deadline

No Plag No AI
No Plag No AI

Get Plagiarism and AI content free Assignment

Expert Consultation
Expert Consultation

Get direct communication with experts immediately.

500 Words Free
on your assignment today

It's Time To Find The Right Expert to Prepare Your Assignment!

Do not let assignment submission deadlines stress you out. Explore our professional assignment writing services with competitive rates today!

Secure Your Assignment!
Order Now

Online Assignment Expert - Whatsapp Tap to ChatGet instant assignment help