This project focuses on the engineering and implementation of a secure network environment connecting the Corporate Headquarters (HQ) to an Internet Service Provider (ISP). The infrastructure was designed with a primary emphasis on Perimeter Security, utilizing NAT Overload (PAT) to obfuscate internal network identities and optimize addressing costs. Furthermore, a Role-Based Access Control (RBAC) model was deployed, integrated with advanced SSHv2 encryption and Access Control Lists (ACLs). This ensures the strict enforcement of the "Principle of Least Privilege" while fortifying management channels against unauthorized access.
Technologies & Protocols
NAT Overload (PAT): Facilitates sharing a single public IP address across the internal network, enhancing endpoint security and reducing public IP procurement costs.
Role-Based Access Control (RBAC): Configured customized privilege levels (5, 10, and 15) to restrict administrative command sets based on specific user roles.
Standard Access Control Lists (ACLs): Implemented to harden Virtual Typewriter (VTY) lines, restricting remote management access exclusively to the Network Engineer’s workstation (Host 192.168.1.11).
SSHv2 & RSA 2048-bit Encryption: Deployed to secure all remote management sessions, effectively mitigating eavesdropping and man-in-the-middle (MITM) attacks.
DHCP Automation & Exclusions: Automated IP address allocation for end-users while engineering precise exclusion ranges to prevent IP conflicts with static infrastructure.
Device Hardening: Applied Type-5 password encryption and configured Banner MOTD (Message of the Day) for security compliance and legal notification.
Technical Achievements
Granular Privilege Engineering: Significantly reduced operational risks by isolating administrative environments; providing "Read-Only" access for the CEO, "Diagnostic" access for the Deputy, and "Full Control" for the Senior Engineer.
Management Plane Hardening: Successfully integrated ACLs with the SSH protocol, making unauthorized internal or external attempts to access the device's management interface virtually impossible.
Seamless Interoperability: Engineered a robust routing architecture that bridges the corporate network with the ISP while maintaining optimal bandwidth efficiency and traffic stability
