In the given network diagram, several domains need to be considered. This diagram includes the User, Workstation, LANA, and LANA-to-WAN domains. Security controls and their implementation are discussed below. In the user domain, the most important security control is training. Regular training on the User and best practices of IT assets is a must. Users need to be trained (and regularly refreshed) on how to create strong passwords, as well as avoid allowing unauthorized access to their system.
They need to be trained to identify social engineering and pushing scams, as well as how to physically secure their system when they are not using it. For the workstation domain, password policies should be in place in the event a user does not do what they should. The workstations should be set up to require a certain complexity of passwords, as well as an inactivity timeout and failed password lockout to prevent brute force attacks.
Each workstation should also have regular SO patches in place, as well as an up- to-date antivirus and application based firewall. This can be accomplished by setting up the proper Goops in Active Directory for enforcement across the entire domain. In the LANA domain, multiple intrusion detection/prevention systems should be utilized to scan network traffic to make sure no unauthorized access is occurring. The LANA should also be set up to scan incoming emails, as well as having a server level virus scanner.
Since this LANA also has wireless access points, the Aps need to be configured with wireless encryption to protect the ATA transfers there, and they need to be configured to only allow authorized computers to access them, perhaps by way of MAC filtering. The LANA-to-WAN domain seems to already be in place. A firewall is needed to help filter out the unauthorized traffic coming into the network, as well as block certain data trying to leave the network. Ensuring the firewall is configured correctly and is being monitored will help protect the network from outside attacks.