The scenario that will be being discussed is based on a fictional business titled, Fox’s Breast Milk Supply Bank. This company is based in the Bahamas and is a breast milk bank facility. The purpose of Fox’s Breast Milk Supply Banks is to provide breast milk for infants who are in emergency situations such as those impacted by disasters, illness, and prematurity. Fox’s Breast Milk Supply Banks relies on their partnership with local hospitals to connect their end users (infants) with donated breast milk. They initially get donated breast milk at their facilities from Mothers who have recently given birth at the local hospitals. This process entails the collection and sanitization of breast milk. From there, Fox’s Breast Milk Supply Bank transports the breast milk to its recently opened satellite banks on the other islands within the country of the Bahamas. Due to the latest expansion, they are looking to also expand their networks to ensure that business can run smoothly between its central hub and its newly opened satellite banks. The following sections will discuss the options for network expansion, the network components, and the network security implementation.
Fox’s Breast Milk Supply Bank initial location is in Nassau, the biggest city in the Bahamas which is located on the island of New Providence. Fox’s Breast Milk Supply has opened three more satellite offices on the islands of Andros, Grand Bahama Island, and lastly Abaco. The furthest away island is approximately 128 miles away. The main bank in Nassau will serve as the central hub for all of the other satellite offices. It’ll house servers, database systems and management tools. The distance informs Fox’s Breast Milk Supply that they will need to implement a WAN or wide area network which “consist of two or more LANs (local area networks) connecting the devices which are geographically far apart.” (Vien, 2018). For the scenario there will need to be a LAN created not only in Nassau but for the three additional locations as well which include Andros, Grand Bahama Island, and Abaco. For each location, the Milk Banks will consist of one main computer with additional laptops that can easily be moved around to collect donor information and/or milk supply status/storage information as well. LANs can be established at each location by using routers at each location. This is critical because routers are intermediary network devices used to connect LANs and WANs which is what the goal is for Fox’s Breast Milk Supply Bank. Furthermore, due to the massive distance between the offices and the mobility of devices needed in the office Fox’s Breast Milk Supply Bank can utilize wireless ethernet with the offices for the LANs and use a Full Mesh topology for the WAN due to it having a redundant number of links creating better performance and having the lowest possibility of interruption due to a single broken link not causing much of affect on data transmission. Expanding on the networks of this business each bank will have high speed encrypted Wi-Fi connections available as well as additional guest Wi-Fi for its donors. Furthermore, VoIP (Voice over Internet) and video conferencing software will be implemented as well to be able to communicate between banks, central management, and medical partners. This encompasses a general ideal of the network design; however, a networks design can only be as good as the security of that network. The next section will discuss the security measures implemented on the aforementioned network.
The following section will discuss the security measures used to secure Fox’s Breast Milk Supply Bank through firewalls, access control, physical security, and data encryption. The first step in securing Fox’s Breast Milk Supply Bank is by implementing a firewall. A firewall is something that protect networks and network devices from unauthorized access by preventing network traffic to or from these systems (Acharya, 2020). The implementation of the firewall will consist of a network firewall as well as a host firewall. A network firewall is a device/hardware that will be developed and placed within the network to be a first line of defense. Further, a host firewall will be utilized for the network which is the firewall that comes with the operating systems of the computers/laptops as a second layer of defense.
The next line of defense for the network is utilizing access control. This section will discuss the definition of access control and what that looks like for the network and physical locations. Access control is a data security process that enables organizations to manage who is authorized to access corporate data and resources. Access control consist of multiple components such as authentication, authorization, and access. For the network and physical space authentication is a vital part for Fox’s Breast Milk Bank. Authentication is the initial process of establishing the identity of a user. For the network, all locations will require a login of a username and password with an additional multifactor application software that the employees could download on their phone. For the physical location, the banks will have physical locks, cameras, and most importantly key cards that only enable authorized employees to enter the bank.
Lastly, data encryption is critical to protect the information of the donors and the data exchange between Fox’s Breast Milk Bank and the partnering hospitals. To be able to ensure our network is encrypted we can connect all of the LAN’s in each office to VPN (virtual private networks). By doing this all data exchanged to and from the network will be encrypted. This can be done due to the fact that VPN software changes the IP addresses and automatically encrypts all internet traffic. Encryption usually is based on whichever protocol is enforced. For this network Fox’s Breast Milk Bank can utilize the protocol, OpenVPN. OpenVPN is a very secure, highly configurable protocol. Part of the reason for this is because it utilizes Perfect Forward Secrecy (PFS), which is a security protocol within itself regarding encryption. PFS works by creating unique session keys, so that potential attackers can only see the data specifically to a particular exchange if they do discover a key and not have access to the entire server leading to a lot less data being compromised.
Acharya, R. (2020). Cryptography and Network Security. NEW AGE International Publishers.
Crawford, D. (2020, June 30). OpenVPN vs IKEv2 vs PPTP vs L2TP/IPSec vs SSTP - Ultimate Guide to VPN Encryption. ProPrivacy.com. https://proprivacy.com/vpn/guides/vpn-encryption-the-complete-guide
How organizations can consistently reduce Cyberrisk. (n.d.). ISACA. https://www.isaca.org/resources/news-and-trends/industry-news/2023/how-organizations-can-consistently-reduce-cyberrisk
Sectigo. (2023, July 12). What is perfect forward secrecy? PFS explained. Sectigo® Official. https://www.sectigo.com/resource-library/perfect-forward-secrecy#What%20Is%20Perfect%20Forward%20Secrecy?
What is access control? - Network cybersecurity systems. (n.d.). Fortinet. https://www.fortinet.com/resources/cyberglossary/access-control
What is Encryption? Definition, Types & Benefits | Fortinet. (n.d.). Fortinet. https://www.fortinet.com/resources/cyberglossary/encryption
Quoc-Tuan Vien. (2018). Network Design, Modelling and Performance Evaluation. The Institution of Engineering and Technology.