Draw network design using the following descriptions The network design ideas presented focus on creating a secure and efficient infrastructure for an ASX wealth management and investment company. Let's break down each component and its purpose. $1.$ Layered Security Architecture Client Access Layer: This is the entry point for clients and employees who need secure$,$ remote access. By using a VPN Gateway, users connect to the network through an encrypted $$tunnel$,$ which keeps data safe while traveling over the internet.Firewall $1$ sits at the network's edge to control what enters and leaves the network. This firewall only allows approved VPN traffic and essential services, providing the first layer of security. DMZ $($Demilitarized Zone$)$: The DMZ is a neutral zone between the public internet and the company$$s private network. It hosts: Web Server: This handles the client portal or any public$-$facing applications.Application Server: This server processes the business logic of applications, such as investment management software. The Application Server and Web Server interact, but only limited$,$ controlled traffic can access the internal network. Firewall $2$: Separates the DMZ from the internal network. This second firewall adds an additional layer of protection, allowing only necessary communication between the DMZ and more sensitive internal resources. Internal Network Layer: This layer holds sensitive assets, including the Database Server $($for storing client data$)$ and Financial Applications Server $($for backend processing like trade execution$).$ These servers are isolated from direct internet access to protect sensitive information.Switches and Routers provide network segmentation, which separates different types of traffic, adds security, and reduces the potential damage if any area of the network is compromised. $2.$ Security Monitoring and Threat Detection Intrusion Detection and Prevention System $($IDPS$)$ monitors the network, identifying and blocking suspicious activity in real$-$time. Placing the IDPS to cover traffic across the DMZ and Internal Network adds another layer of security, as it can detect potential threats before they reach sensitive resources. Security Information and Event Management $($SIEM$)$ consolidates logs from the IDPS, firewalls, and other devices, allowing real$-$time visibility into network events. This setup helps detect and respond to security incidents quickly. $3.$ Compliance and Data Protection Compliance Monitoring and Audit Logs ensure that sensitive data is accessed in line with regulatory requirements $($like those from ASX$).$ This is critical for audit trails and reporting. For example, if someone tries to access sensitive financial data, the activity is logged and monitored. Data Encryption protects data in two states: At rest $($when stored in databases$)$ protects against unauthorized access if data is breached.In transit $($when moving between systems$)$ prevents interception by malicious actors. $4.$ High Availability and Redundancy Load Balancers distribute client requests across multiple servers in the DMZ $($e$.$g$.,$ web and application servers$),$ which makes the network more scalable and ensures it can handle high traffic without crashing. Redundant Network Paths $($using multiple switches and routers$)$ ensure that if one path fails, traffic can take an alternate route, which improves reliability and reduces the risk of downtime. $5.$ Cloud Integration for Scalability Using a Hybrid Cloud approach, the company can keep sensitive data on$-$premises $($to comply with regulations$)$ while using the cloud for flexible, on$-$demand resources for less sensitive workloads. A Cloud Security Gateway is essential to monitor and control access to cloud resources, ensuring security policies are enforced even when using external cloud services. Example Network Flow Summary Clients access the network through a VPN Gateway that connects them to the DMZ through Firewall $1.$ The DMZ hosts public$-$facing services like a Web Server and Application Server, which are separated from the Internal Network Layer by Firewall $2.$ The IDPS oversees traffic between the DMZ and Internal Network, blocking potential threats. The Internal Network Layer houses sensitive systems like the Database Server and Financial Applications Server. Management and Monitoring servers track compliance and log security events.