Mohamed Hisham

Secure Network Architecture for Modern EnterprisesFreelance / Project

• Job Details:For my graduation project, I successfully designed and implemented a highly secure, enterprise-grade network infrastructure for the Faculty of Engineering at Shoubra, integrating advanced networking and cybersecurity practices. The project focuses on creating a reliable, scalable, and secure environment that mirrors real-world institutional networks. Project Highlights 1. Network Architecture The network is structured using layer 2 and layer 3 switches, multiple routers, and redundant links, ensuring resilience and high availability. VLANs were created for each department (e.g., Civil, Architecture, MIS, Finance, Energy, etc.) to ensure segmentation and traffic isolation. Inter-VLAN routing was configured using multilayer switches to enable controlled communication between departments. 2. Routing and Internet Access Implemented OSPF (Open Shortest Path First) routing protocol across all routers and multilayer switches to ensure dynamic and efficient routing. OSPF authentication was configured to secure the routing process. NAT (Network Address Translation) was applied to enable internal users to access the internet securely via public IPs. 3. Security Implementations Deployed two FortiGate firewalls (outer and inner) to establish a DMZ (Demilitarized Zone) and apply deep packet inspection, content filtering, and threat mitigation. Configured IPSec VPN tunnels to securely connect geographically separated network branches (e.g., ROD and Obour branches). Integrated Snort IDS to monitor and detect intrusions or malicious activities within the network. Employed AAA (Authentication, Authorization, and Accounting) on all routers using a RADIUS server for centralized user management and enhanced security. 4. Network Services Configured essential servers including: DHCP Server – For automatic IP addressing across VLANs. DNS Server – For domain resolution. Mail Server – For faculty-wide email communication. Web Server & FTP Server – For hosting content and secure file transfer. NTP Server – For synchronized network timekeeping. Syslog Server – To centralize logging from all network devices for monitoring and auditing. RADIUS Server – For AAA support across all networking equipment. 5. Testing and Validation Multiple virtual machines (VMs) such as web terminals and simulated attackers were included to test firewall rules, IDS alerts, and VPN integrity. The network design includes host-based testing for services like mail, web, and FTP from different VLANs, validating both functionality and security measures.