Security Automation Enterprise Network Construction

Lingpei Meng


Supervised by Shancang Li; Moderated by Amir Javed

Cybersecurity firm Check Point Research recently released its 2021 Security Report, showing a 50% increase in overall weekly attacks on enterprise networks in 2021. Therefore, it is crucial to building a secure enterprise network. In addition, with the development of NetDevOps related technologies in recent years, automated management networks have become a hot topic.

I will use images of Cisco security equipment to design and build an automated secure enterprise network for small and medium-sized companies on my server. The following security functions can be achieved:

1. Firewall High Availability (HA). 2. Firewall Security Policy -- Based on traffic detection and filtering at layer four or lower. 3. Secure VPN -- IPSec/SSL VPN. 4. Intrusion Detection and Prevention. 5. Perform visual security analysis on traffic using NetFlow and AI technologies. 6. AAA authentication -- 802.1x, MAC and Portal. 7. Set up the trusted network device domain -- Trustsec. 8. Web and Email security. 9. Router and Switch Security -- DHCP Snooping, DAI, etc.

In the NetDevOps section, I will first deploy the K8s private cloud environment. Then, I could harden the security of the K8s environment, such as using K8s authentication, authorization and audit. After completing the K8s environment hardening, I can continue to use GitLab's CI/CD function to deploy the Network Management Web system (building by Python Django framework and some open source technologies) on K8s. This system could achieve the following functions:

1. Display summary information -- Device Health Summary, CPU Utilization Summary and Memory Utilization Summary. 2. Display devices information -- Add device type, View device type, Add device and View device. 3. Device configuration -- Use Restconf, Netmiko, Nornir configure devices and Manage Device Configurations. 4. Device monitor -- Indicator monitoring: Telegraf-Influxdb-Grafana, Log collection and analysis: ElasticSearch-Filebeat-Kibana.

Final Report (21/10/2022) [Zip Archive]

Publication Form