This project details the security merger of Company A and Company B, migrating servers to Microsoft Azure and replacing obsolete hardware. It strengthens the network's posture by enforcing the principle of least privilege and defense in depth while ensuring compliance with GDPR and PCI DSS standards.
- Vulnerability Remediation: Addresses critical risks such as open ports (21-90, 3389), unencrypted logins (rsh/rlogin), and reachable PostgreSQL admins.
- Access Control: Implements the Principle of Least Privilege by removing unnecessary administrative rights and enforcing Multi-Factor Authentication (MFA).
- Defense in Depth: Utilizes a multi-layered defense strategy featuring Fortinet FortiGate 200F edge firewalls and internal Sophos XGS 2100 firewalls.
- Cloud Migration: Transitions Exchange, File, and SharePoint servers to Azure to improve resource management and shrink the physical attack surface.
- New Hardware: Replaces outdated Cisco 7600 routers and 3750X switches with modern Cisco Catalyst C8200L routers and 9200 series switches.
- Endpoint Security: Upgrades all legacy workstations (Windows XP/7/10) to Windows 11 to ensure continued security patching and compliance.
- Regulatory Compliance: Ensures the network topology meets GDPR and PCI DSS standards for protecting personally identifiable information and cardholder data.
- Threat Mitigation: Provides a framework to manage insider threats through employee training and addresses patch management to eliminate legacy system vulnerabilities.