Cybersecurity-Master-Journey
Capstone 3: Design a Secure Network for Increased Security
Network Security Architecture Implementation
đ Simulation-Based Capstone Project
Completed as part of the IBM SkillsBuild Cybersecurity Certificate program. This project demonstrates applied learning in network security design, host-based protection, and infrastructure hardening through hands-on configuration and architecture planning.
đ¯ Challenge
Design and implement a secure network architecture that integrates host-level protection, device hardening, and layered security controls to minimize unauthorized access and reduce organizational risk.
đ§ Practical Implementation & Configuration
1. Host Operating System Firewall Configuration
- Action: Configured inbound/outbound firewall rules to filter traffic and enforce access controls
- Security Principle Applied: Principle of Least Privilege, Attack Surface Reduction
- Outcome: Restricted network traffic to only required services, adding a critical host-level security layer
2. Router Firmware Update & Device Hardening
- Action: Installed latest firmware patches on network router
- Security Principle Applied: Proactive Maintenance, Vulnerability Management
- Outcome: Closed known device-level vulnerabilities, ensuring infrastructure integrity and compliance with security baselines
3. Secure Network Architecture Design
- Action: Designed and implemented a layered network security model
- Security Principle Applied: Defense in Depth, Network Segmentation
- Outcome: Integrated firewall controls, firmware standards, and architectural segmentation to minimize breach impact and unauthorized access
đ Theory-to-Practice Application
| Practical Activity | Theory Applied | Real-World Skill |
|---|---|---|
| Firewall Configuration | Host OS security, access control, port/service management | Configuring Windows Defender Firewall / Linux iptables/nftables |
| Router Firmware Update | Firmware vulnerability patching, device lifecycle security | Router administration, patch management procedures |
| Network Design | Defense in depth, segmentation, security architecture | Enterprise network planning and control integration |
đĄī¸ Security Principles Demonstrated
| Principle | Implementation | Business Impact |
|---|---|---|
| Defense in Depth | Host firewall + device firmware + network architecture | Multi-layered protection prevents single-point failures |
| Least Privilege | Strict firewall rule sets allowing only required traffic | Reduces attack surface and limits lateral movement |
| Proactive Maintenance | Scheduled firmware updates before exploitation | Prevents known CVE exploitation and ensures compliance |
| Risk Management | Architectural design minimizing unauthorized access | Lowers breach probability and protects critical assets |
đŧ Employer-Ready Competencies
Technical Skills
â
Host-based firewall configuration & rule management
â
Network device firmware patching & lifecycle management
â
Secure network architecture design & segmentation
â
Infrastructure hardening (OS + network layer)
â
Security control implementation & validation
Professional Skills
â
Translating security theory into working configurations
â
Risk-based decision making in design & implementation
â
Technical documentation & change management
â
Continuous security posture improvement
đ ī¸ Tools & Technologies
- Host OS Firewall: Windows Defender Firewall / Linux iptables/nftables
- Network Infrastructure: Enterprise-grade router firmware management
- Architecture Framework: Defense-in-depth model, network segmentation principles
- Validation: Configuration testing, traffic flow verification
đ Learning Outcomes Verified
Upon completion, I can confidently:
- â Secure host operating systems through precise firewall rule configuration
- â Maintain infrastructure integrity by applying timely firmware updates and patches
- â Design secure network architectures that integrate layered controls and minimize attack vectors
đ Official Microcredential
| Field | Details |
|---|---|
| Credential | IBM SkillsBuild: System and-Network Security |
| Issued | May 11, 2026 |
| Credential ID | 94df282e-0b75-45d6-9da7-7dbfc5d3921e |
| Verify | đ View Badge |
Badge Display
âšī¸ Completed in a controlled simulation environment. Badge issued via IBM SkillsBuild platform. Verification link confirms authenticity.