Professional host Network Security
- or -
Post a project like this€100(approx. $107)
- Posted:
- Proposals: 3
- Remote
- #1096594
- Expired
Description
Experience Level: Expert
In this project you are asked to configure ACLs for a Cisco Packet Filter Firewall.
1. Task
Consider the following network:
This network has the following components:
• The Internet: any machine.
• Partner (class A network 20.0.0.0/8): a business partner with privileged access rights.
• Evil Group (class B network 66.60.0.0/16): known to have malicious intent.
• Your own corporate network (class B network 136.201.0.0/16), which has the following subnets:
o 136.201.5.0/24 Public Servers
o 136.201.10.0/24 Internal Servers
o 136.201.100.0/24 Workstations
The Border Router in the Corporate Network has the following interfaces:
• GigabitEthernet 0/0: Connected to the ISP (Internet)
• FastEthernet 1/0: Connected to the Public Network
• FastEthernet 2/0: Connected to the Workstation Network
• FastEthernet 3/0: Connected to the Server Network
Your task is to configure the router to implement the following security policy (only IPv4 needs to be considered) - use reflexive ACLs where appropriate:
• Perform sensible ingress and egress filtering (filtering out obviously bad traffic such as private address ranges, etc.).
• All devices from EvilGroup are denied access to any machine in the corporate network (in the following items “everybody”/”any” excludes devices from EvilGroup).
• Any outside machine can access Mail Relay server 136.201.65.30 via SMTP (on port
TCP/25).
• Relay Mail server can access any (outside) machine and Mail Server via SMTP (port
TCP/25).
• Everybody can access the Web server 136.201.5.20 at port TCP/80 – make sure the client cannot use any server port (1-1023)
• Any outside machine can access the NNTP (Network News) server 136.201.5.10 on ports TCP/119 and TCP/433.
• NNTP server 136.201.5.10 can only initiate connections to other machine on port
TCP/433.
• Web server can only initiate connections to the DataBase Server (136.201.10.30:1433). All other traffic from the web server must be return traffic to previous requests.
• Only machines in the workstation subnet can access Mail Server via IMAP (on port
TCP/143) and SMTP (on port TCP/25).
• Mail server can access Relay Mail server via SMTP (port TCP/25)
• DataBase Server can only be accessed by Web server, your own workstations (136.201.100.0/24) and your business partner (20.0.0.0/8) for SQL queries (TCP/1433). It can only react to incoming requests and is not allowed to initiate connections.
• Workstations (136.201.100.0/24) can access:
o Any web server on ports TCP/80, TCP/8080 and TCP/443.
o DataBase server for SQL queries (TCP/1433).
o Only the business partner’s DNS server 20.1.1.1 for DNS queries (TCP/53 and UDP/53)
o Mail server for IMAP and SMTP.
o NNTP server on port TCP/119
Make sure that only traffic that is a response to a request from any of the workstations can reach this network! You must use reflexive ACLs for this purpose.
• Create your own policy for the ICMP protocol (as outlined below, you need to justify your ICMP policy).
• Allow some form of routing protocol (RIP, EGP, BGP or any other) to reach your router.
• All other connections should be denied!
2. Instructions
• Configure the router with reasonable IP addresses and your chosen routing protocol.
• Implement ACLs to achieve the behaviour as outlined above and assign the ACLs to the corresponding interfaces.
3. Deliverables
• A text-file containing the list of commands you used to configure your router (including configuration of interfaces, creating the ACLs and assigning them to interfaces).
• Document containing:
o Explanation for each item in the security policy above how/where (i.e. which rule(s) at what interface(s)/direction) it is implemented.
o Your ICMP protocol policy (including a justification why your policy is a sensible policy) and how you implemented it.
o Your selected routing protocol and what rules ensure that it works properly.
please note that only zip or rar archives will be accepted!
please note there is important point I have to mention it please put in the documention where is the location of every commonad like guideline bacause it is easily to find it inside code when I read the docume nt and explain everything even small details. The number of pages in the documentation 30 page wanted.
the deadline for this project is 30/03/2016 at 5 pm
For more details please find the attachement below
1. Task
Consider the following network:
This network has the following components:
• The Internet: any machine.
• Partner (class A network 20.0.0.0/8): a business partner with privileged access rights.
• Evil Group (class B network 66.60.0.0/16): known to have malicious intent.
• Your own corporate network (class B network 136.201.0.0/16), which has the following subnets:
o 136.201.5.0/24 Public Servers
o 136.201.10.0/24 Internal Servers
o 136.201.100.0/24 Workstations
The Border Router in the Corporate Network has the following interfaces:
• GigabitEthernet 0/0: Connected to the ISP (Internet)
• FastEthernet 1/0: Connected to the Public Network
• FastEthernet 2/0: Connected to the Workstation Network
• FastEthernet 3/0: Connected to the Server Network
Your task is to configure the router to implement the following security policy (only IPv4 needs to be considered) - use reflexive ACLs where appropriate:
• Perform sensible ingress and egress filtering (filtering out obviously bad traffic such as private address ranges, etc.).
• All devices from EvilGroup are denied access to any machine in the corporate network (in the following items “everybody”/”any” excludes devices from EvilGroup).
• Any outside machine can access Mail Relay server 136.201.65.30 via SMTP (on port
TCP/25).
• Relay Mail server can access any (outside) machine and Mail Server via SMTP (port
TCP/25).
• Everybody can access the Web server 136.201.5.20 at port TCP/80 – make sure the client cannot use any server port (1-1023)
• Any outside machine can access the NNTP (Network News) server 136.201.5.10 on ports TCP/119 and TCP/433.
• NNTP server 136.201.5.10 can only initiate connections to other machine on port
TCP/433.
• Web server can only initiate connections to the DataBase Server (136.201.10.30:1433). All other traffic from the web server must be return traffic to previous requests.
• Only machines in the workstation subnet can access Mail Server via IMAP (on port
TCP/143) and SMTP (on port TCP/25).
• Mail server can access Relay Mail server via SMTP (port TCP/25)
• DataBase Server can only be accessed by Web server, your own workstations (136.201.100.0/24) and your business partner (20.0.0.0/8) for SQL queries (TCP/1433). It can only react to incoming requests and is not allowed to initiate connections.
• Workstations (136.201.100.0/24) can access:
o Any web server on ports TCP/80, TCP/8080 and TCP/443.
o DataBase server for SQL queries (TCP/1433).
o Only the business partner’s DNS server 20.1.1.1 for DNS queries (TCP/53 and UDP/53)
o Mail server for IMAP and SMTP.
o NNTP server on port TCP/119
Make sure that only traffic that is a response to a request from any of the workstations can reach this network! You must use reflexive ACLs for this purpose.
• Create your own policy for the ICMP protocol (as outlined below, you need to justify your ICMP policy).
• Allow some form of routing protocol (RIP, EGP, BGP or any other) to reach your router.
• All other connections should be denied!
2. Instructions
• Configure the router with reasonable IP addresses and your chosen routing protocol.
• Implement ACLs to achieve the behaviour as outlined above and assign the ACLs to the corresponding interfaces.
3. Deliverables
• A text-file containing the list of commands you used to configure your router (including configuration of interfaces, creating the ACLs and assigning them to interfaces).
• Document containing:
o Explanation for each item in the security policy above how/where (i.e. which rule(s) at what interface(s)/direction) it is implemented.
o Your ICMP protocol policy (including a justification why your policy is a sensible policy) and how you implemented it.
o Your selected routing protocol and what rules ensure that it works properly.
please note that only zip or rar archives will be accepted!
please note there is important point I have to mention it please put in the documention where is the location of every commonad like guideline bacause it is easily to find it inside code when I read the docume nt and explain everything even small details. The number of pages in the documentation 30 page wanted.
the deadline for this project is 30/03/2016 at 5 pm
For more details please find the attachement below
Ahmed A.
0% (0)Projects Completed
-
Freelancers worked with
-
Projects awarded
0%
Last project
6 May 2024
Ireland
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
There are no clarification messages.
We collect cookies to enable the proper functioning and security of our website, and to enhance your experience. By clicking on 'Accept All Cookies', you consent to the use of these cookies. You can change your 'Cookies Settings' at any time. For more information, please read ourCookie Policy
Cookie Settings
Accept All Cookies