User Account

All Pages

Designing and executing a network that spans across

Assignment Help Computer Network Security
Reference no: EM133558516

Network Security

Overview

The learning objective of this assignment is for you to gain a first-hand experience on designing, implementing, testing and ethically using an enterprise network.

This is an individual assignment and you are not allowed to discuss any aspect of it with others (excluding teaching team members). Failing this requirement (e.g. helping other students, discussing solutions towards answering assignment questions in any platform) will result in penalties in accordance with the University's Academic Integrity guidelines:

Scenario for the Assignment

You have been hired to design and implement a secure network - containing several servers, firewalls, routers, clients etc. - for Monash University. The network spreads across three campuses: Caulfield, Clayton, and Peninsula. The location of the primary data-center (Primary DC) depends on your student ID as follows. StudentID is your Monash student ID number.

StudentID mod 3 Primary DC
0 Clayton
1 Peninsula
2 Caulfield
You will be asked to carry out different tasks depending on the location of the Primary DC. If you solve a question based on an incorrect Primary DC value (or any other value computed based on
your student ID), you will receive a zero mark (regardless of the correctness of your answer based on a different Primary DC).

4 Secure Network Design and Implementation

This task entails designing and executing a network that spans across the three Monash campuses, utilizing GNS3. The network's architecture should prioritize security considerations. Your design should establish inter-connectivity between the three campuses leveraging the perimeter firewalls or routers present. While an illustrative example of a topology configuration file has been provided, it remains incomplete. You can use your own network topology if you would like. Please use the following command to download the example configuration file:

Additionally, there are supplementary network prerequisites that must be addressed.
• All campuses must have at least one perimeter firewall/router.
• All campuses must have a Client LAN, each LAN should contain at least one client container.
• The network must have the following servers: DNS, CA (Certificate Authority), SSH and SMTP.
• DNS and CA are internal servers and WEB, SMTP and SSH are externally accessible servers. All external servers must be placed in your Primary DC. Internal servers can be placed in any appropriate location.
• Add a Metasploit container directly to the ISP switch and name it as External-Attacker.
• Assign different subnets to campuses and configure perimeter firewalls/routers.
• SSH server should be a Metasploitable container.
• For the DNS, WEB and SMTP servers, any open-source server can be installed. Using lab material is also fine. CA can just be a regular container with OpenSSL. Web server should host a web page designed by you where your student ID is displayed. DNS can be a forwarding DNS server to Google DNS.
• WEB and SMTP servers should use TLS with certificates issued by the CA. Use your student ID as domain name for both WEB and SMTP servers. E.g., for student ID 111222333, use 111222333.com as domain name.
• At this stage all devices should be able to reach each other and all services should be active.
Note: If you use the provided GNS3 project most of the above network configurations are already done. However, you may need to add more LANs in your network. Instructions are provided in appendix section on steps to add a new LAN.
Note: It's recommended to go through the Firewall and IDS questions before completing this task.

Submission Requirement

Video: Video should demonstrate access to DNS, WEB, SMTP and SSH services from a different campus from which the server is hosted. You can use any client side tool to access the services (E.g: Lynx, OpenSSL SClient, dig etc.). Use Wireshark to show that all secure services are encrypted (WEB, SMTP and SSH).

Report: Report should include a screenshot of the network topology (GNS3), IP subnets of any new subnets, IP addresses of all nodes, name of your Primary DC. You can mention all these in the GNS3 topology itself and capture them in the screenshot.

5 BGP

Configure the perimeter firewalls in each campus with BGP routing. Each campus should be a separate BGP AS and all directly connected networks to each firewall should be advertised on BGP. If you are using the provided GNS3 topology, this is already configured. Perform the following tasks on the firewalls:

• Perform a BGP prefix-hijacking attack from any of the firewalls other than your Primary DC firewall, to redirect the traffic going to the Primary DC. Demonstrate the live attack and the live re-direction of the traffic in your video.
• Apply a countermeasure to temporally fight back from the victim firewall. Live demonstrate the configurations and the change of the direction of traffic using Wireshark.

Note: You have to perform this task before attempting the other tasks to avoid the complications with VPNs and firewall rules. Revert back all changes before proceeding to the next tasks.

5.1 Submission Requirement
Video: Recording of the demonstration of the attack and the fight back.
Report: N/A.

6 VPN

For this task, your objective is to establish VPN tunnels using IPSec with ESP between the three campuses, forming a mesh network topology. The primary goal is to ensure that all inter-campus traffic is securely protected by these VPN tunnels.
6.1 Submission Requirement

Video: Record a video showing ESP traffic using Wireshark capture on all three paths. You will have to generate some traffic between the campuses to demonstrate this.
Report: Provide the result of the command "/ip ipsec installed-sa print" from all three firewalls in the report. (2 marks per router for the command result)

7 Firewall Configuration

In this task, you will configure firewalls to make the network secure and control access. Here are general requirements (4 marks):
• DNS server should only be accessible from clients from the 3 campuses.
• WEB server should be accessible from all internal and external clients.

Additionally, configure the firewall according to one of the options below.

Compute the result of your student ID modulo 4 - e.g., if your student ID is 111222333, then student ID mod 4 = 1. Configure the firewall according to the following options:
• If student ID mod 4 = 0:
- Restrict access to the CA server to clients located exclusively within the Clayton campus.

- Restrict access to the SSH server to clients located exclusively within the Caulfield campus and all external clients.
- Restrict access to the MAIL server to clients located exclusively within the Peninsula campus.
• If student ID mod 4 = 1:
- Restrict access to the CA server to clients located exclusively within the Clayton campus.

- Restrict access to the SSH server to clients located exclusively within the Peninsula campus and all external clients.
- Restrict access to the MAIL server to clients located exclusively within the Caulfield campus.
• If student ID mod 4 = 2:
- Restrict access to the CA server to clients located exclusively within the Caulfield campus.

- Restrict access to the SSH server to clients located exclusively within the Clayton campus and all external clients.
- Restrict access to the MAIL server to clients located exclusively within the Peninsula campus.
• If student ID mod 4 = 3:
- Restrict access to the CA server to clients located exclusively within the Peninsula campus.

- Restrict access to the SSH server to clients located exclusively within the Caulfield campus and all external clients.
- Restrict access to the MAIL server to clients located exclusively within the Clayton campus.

Note: Only the respective service port should be allowed in all firewall rules. E.g: TCP 443 for CA and WEB, UDP 53 for DNS etc.

7.1 Submission Requirement

Video: Record a video showing that the firewall rules work as expected. First try connecting the service from a node where it was permissible and then from a node where it was not allowed.
Report: Provide a screenshot of the firewall rules of each firewall. You can use the command "/ip firewall filter print"(2 marks)

8 Security Analysis

Perform a security analysis of the network that you configured in the previous tasks. More specifically, discuss the following in the report (no actual configuration is required for these questions, please limit your answer to under 100 words):
• Can the firewall configuration be bypassed? 
- If so, explain how it can be bypassed and how to counter it?
- If not, explain what rules are in effect to prevent bypassing?
• Discuss how the security of the network (including the servers) you have constructed be further improved. Your discussion can also include removing/adding servers and network devices. 
Note: No video demonstration is required for this task.

9 IDS

In this task, you are required to exploit an internal server as an external attacker and configure IDS to detect and alert on these intrusion attempts. Perform the following tasks:
- Configure a Snort IDS node to the same network where your public servers (WEB, SSH and SMTP) are connected. Configure the switch to send all traffic in/out from the public servers to the IDS, similar to our approach in the IDS lab.
- Exploit two vulnerabilities in SSH server (Metasploitable container) using Metasploit framework. You can use the External-Attacker node as Metasploit. Capture the traffic in Wireshark and discuss how IDS rules can be made to detect these attacks.
- Create custom rules in the IDS to generate alerts in response to the above attempts by attackers to exploit vulnerabilities within the Metasploitable Docker. Perform the above two attacks again to show the IDS detection.

Video: Demonstrate in the video a live exploitation of the vulnerabilities in Metasploitable and the IDS detection alerts.
Report: Provide the IDS rule configuration in the report.

10 Ethical Conduct

With all suggested security improvements from Task 8, identify unethical activities a network user (staff or a student) can perform in the above network. Develop an Ethical Network Usage policy with a list of guidelines to Monash staff and students regarding appropriate network conduct, prohibited activities, and behaviors classified as unethical. List a minimum of five policy directives. Ensure your response falls within the 150 to 500 word limit. For this task, you need to conduct some research, and appropriately cite and acknowledge the resources you have consulted.

Quality of Presentation

The remaining 10 marks are allocated to the quality and clarity of presentation in the report and the video.

Appendix

Attachment:- Network Security.rar

Reference no: EM133558516

Questions Cloud

Do you think that the auteur theory is a useful way to look : Do you think that the Auteur theory is a useful way to look at the Cinema? why or why not? Do you agree with it or even partially agree? Do you think that one
How do the lyrics match the aaba form of 12-bar blues : Can you hear the chord changes? How do the lyrics match the AABA form of 12-bar blues? How is this song typical of the blues
What is one element you would change if you had prepared : Share feedback, and pose questions about any element of the presentation. What is one element you would change if you had prepared this paper?
Corporate citizenship : Does corporate citizenship continue outside the organization for employees? Is this always a good thing? Why or why not?
Designing and executing a network that spans across : Designing and executing a network that spans across the three Monash campuses, utilizing GNS3. The network's architecture should prioritize security
Discusses the digital investigation process models : discusses the digital investigation process models. Select two of the process models and compare them. the book Digital Evidence and Computer Crime by
Why did the gold standard collapse : Why did the gold standard collapse? How did the Bretton Woods System solve the problems with the gold standard?
Which topics did you find most interesting and why : Which topics did you find most interesting and why? How did the virtual aspects of the course help broaden your view of international business?
How business decisions are made : What role do you think research does/should play in how business decisions are made? Back up your assertion with input from examples

Reviews

Write a Review

Computer Network Security Questions & Answers

  How many people affected by the breach

How many people affected by the breach? Was person caught and were they a part of the company? What are steps they have to prevent the breach from reoccurring?

  Analyze the means in which data moves within organization

Analyze the means in which data moves within the organization and identify techniques that may be used to provide transmission security safeguard

  Can you use wireshark to capture voip packets

Can you use Wireshark to capture VoIP Packets.? Explain the process? Write about the advantages of replacing an existing PBX to support VoIP. Explain.

  Define encryption

In a given encryption system where the messages are expressed only as numbers and "e" is an integer.

  Why is it considered best practice to properly close project

Why is it considered a best practice to properly close a project?

  Illustrate three security services-confidentiality-integrity

Illustrate that three security services: Confidentiality, Integrity, and Availability are enough to deal with threats of: (a) Disclosure, (b) Disruption, (c) Deception (deceive = to cause to accept as true.

  Identify the virus software running on your computer

Explain the origin and effects of at least 3 different types of viruses/malicious programs as well as how your computer can become vulnerable to these threats.

  CHCPOL003 Research and apply evidence to practice Assignment

CHCPOL003 Research and apply evidence to practice Assignment Help and Solution - Describe the methods you used to systematically gather information

  Describe the level of education

Describe the level of education and professional development that is needed for staff who manage cybersecurity operations in the organization.

  Information about the cases

Most of the questions are based on actual cases, so information about the cases can be googled if wanted. (Example Search Term: Dodona I, LLC vs. Goldman Sachs & Co.)

  Do any coders need to be placed on probation

Do any coders need to be placed on probation? Do any coders need to be considered for termination? Are any coders in their probationary period in jeopardy of not meeting the probationary expectations?

  What is the second message

What is the main advantage of first distributing a session key and then using symmetric-key cryptography rather than using public-key.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd