County bank Network Infrastructure

This paper presents the County bank financial institution with two branches; Western county bank and eastern county bank. The institution performs all financial activities such as;

i. Maintaining personal credit and savings accounts for individuals saving their money in the bank.

ii.  Lending money (loans) to individuals and organization at an interest.

iii. Performs currency exchange for all countries in the world.

iv. Regulating the flow of money in the other country’s banks by limiting the amount they can lend.

v. Preparing the state’s financial budget and allocate finances to other organizations depending on the budget.

All the above transactions are subjected to security and a proper network infrastructure that ensures high security is important.

The size of the County bank

The institution covers an area of 3 square kilometers at the main office, 2 square kilometers (western branch), and 1.3 square kilometers in the eastern branch.  The bank loans out up to 20 billion in a year and receives a revenue of 2.6 billion annual. The transaction recorded monthly is at 2 million and the number of people served daily is 3000 in the whole branches. The bank has 1300 workers of which 600 works at the main, 400 works at the western branch and 300 works at the western branch. The data center at the main office stores billion of transactions and provides a copy of all servers in the two branches (DeLong, Ingham, Carter, Franke, Wehrle, Biever, & Kneifel, 2017).

Diagram 1 County Bank Network Diagram

Description of the Network Infrastructure

The two branches of the County bank are connected together to the main office through a wireless network. The County bank has two internet service providers at IP1 = 4.4.4.0/24 an IP2 = 4.4.4.1/24. The network infrastructure of the County bank is segmented into wireless and WAN for both western and eastern branch. WAN links establish wireless connections between the main office and the branches (Dhuse, Thornton, Resch, Volvovski, Hendrickson, & Quigley, 2018).

Security

The network infrastructure is designed to offer the security of data in transit and data at rest. This is achieved by adding security components on the network.

Firewalls. The infrastructure leverages security principles of firewalls interfacing between the file servers and the users (computers and phones). All data moving in and out of the servers must pass through the firewalls. The traffics are properly controlled by the firewall through blocking of unrecognized IP addresses of a particular request (DeLong et al., 2017).

Network Segmentation. Different workstations of the county banks are connected to different Wide Area Networks to achieve segmentation. This ensures that the data security breach in one network segment does not affect the other segments.

Data Encryption. All the data stored in the servers in the infrastructure are encrypted using cryptographic functions to make it unreadable in case it is accessed by unauthorized people.

Data Classifications. The network infrastructure of the County bank consists of several file servers attached to Storage Area Networks (SAN fabric). Sensitive data are classified and stored in one special server and can only be accessed as a block through the Storage Area Network facilitated by SAN fabric. The Storage Area Network provides file-level – access to classified sensitive data on file servers.

Routing and Switching. The entire connection between the servers and the users (computers and phones) of the County bank network infrastructure are controlled by routers and switches. The router in the network will either forward genuine network traffic to the server or block untrusted traffic. Switches are layer 3 devices of the OSI layer and provide port security to device ports against unauthorized wired devices from being attacked (Dhuse et al., 2018).

References

DeLong, M. R., Ingham, A., Carter, R., Franke, R., Wehrle, M., Biever, R., & Kneifel, C. (2017). Protecting sensitive research data and meeting researchers needs: Duke University’s Protected Network. arXiv preprint arXiv:1710.03317.

Dhuse, G., Thornton, V., Resch, J., Volvovski, I., Hendrickson, D., & Quigley, J. (2018). U.S. Patent No. 9,996,413. Washington, DC: U.S. Patent and Trademark Office.