User Account

All Pages

INFO8490 Information Technology Network Security Assignment

Assignment Help Computer Networking
Reference no: EM133187731

INFO8490 Information Technology Network Security - Conestoga College

Packet Filtering Firewall

Overview

This Lab will be recorded in your lab book and requires you to configure packet filtering firewalls. You will gain practical experience configuring packet filtering. This type of configuration is common on border routers assuming there are no extensive firewall functions on the edge device (i.e. there is a firewall with more capability behind the edge device).

Remember you must follow all standard naming conventions (including when name Access Control Lists)

Read through the entire lab first so that you completely understand what you are trying to achieve and create a basic plan. This will likely save you problems and having to repeat work later on.

Please note that this Lab is an individual activity you will not be sharing your network devices or work.

Preparation
You will need:
1. The most current version of Packet Tracer
2. The packet tracer file that you created in Lab 4
3. You will use the IP addresses assigned to you in Lab 4.
4. All passwords must be Secret55

Description
This lab expects that you have fully completed the requirements for Lab 1through 5. In Lab 6 you will be adding IP security to the topology deployed in lab 4 (See Figure 1-1). You will configure or reconfigure the networking devices and hosts as necessary. You will be submitting only one packet tracer file for this LAB. Make sure that each part is complete and functioning before you move on to the next part,

Part 1 - Initial Configuration of the Topology (Assumes that you have completed the following on all network devices)
1. Configure the Privileged Mode Password
2. Enforcing Login
3. Configure Telnet and Secure Shell
4. Configuring IP Addresses
5. Configure routing

Test your initial configuration
1. Each PC can communicate with all other PC's
Save the packet tracer file and the running config to startup config.
Screenshots
Although the No screenshots are necessary for Part 1, those steps must be completed before moving on.

Part 2 - Configure Standard Access Lists

Description
In your own words, provide a description of the expected goals and results as you understand them.

Create Standard ACL
You will configure simple packet filtering in this part. The goal in our topology is to allow the hosts in spoke 1 and spoke 2 to communicate with hosts on all other spokes but not with each other. There will not be any traffic that is not defined below.

Using your topology from Part 1-6, configure as follows:

1. On Spoke-1:
Create and name a standard access list that
Denies traffic from the LAN networks on Spoke-2 and Spoke-4
Allows traffic from any other network
Apply that access list inbound on the external interfaces on Spoke-1
2. On Spoke-2:
Create and name a standard access list that
Denies traffic from the LAN networks on Spoke-1 and Spoke 4 2.1.2.Allows traffic from any other network
Apply that access list inbound on the external interfaces on Spoke-2
3. Test your access lists
Ensure that all other PC's can communicate with the PC's on Spoke-1, Spoke-2 and Spoke-4
Ensure PC's on Spoke-1 and Spoke-2 cannot communicate with each other
Ensure that the PC on Spoke-4 cannot communicate the PC's on Spoke-1 and Spoke-2

Now Remove the ACE from each Spoke that Allows Traffic from "any" other network. Rerun the tests above, write and detailed explanation of the results, be sure to explain what happens and why.
**Be sure to put the ACE back in your ACLs***

Screenshots
Include a screenshot of:
1. Each Spoke using a command (not sh run) to show the ACL name, any ACE's and any filtering caused by the ACLs.
2. Each Spoke showing which interfaces the access-lists are assigned to.
3. Each step involved in testing your access lists as outlined in step 3 above.

Observations
Record your observations including details on any problems encountered or solved.

Reflection

Write a reflection about this part of the lab. Discuss things like: the path the ping traffic takes from the one spoke to another, where that traffic stops, and why; how you would modify the packet filtering configuration using standard access lists to achieve the same effect but configured on spoke-4 rather than Spoke-1 and Spoke-2. (try configuring it). Also, be sure to reflect on what happened when you removed the ACE to allow any source, why did this happen? Record any additional reflections based on your observations and problems you encountered.

Wrap Up
Remember to save your Packet Tracer File (You will be using the same file in Part 3)

Part 3 - Configure Extended Access Control Lists Preparation
In addition to the topology, you will continue using the same packet tracer file and configuration completed in Parts 1 and 2. Do not remove the ACL's that you created in Part 2.

Description
You will configure more complex packet filtering in this part. The goal in our topology is to allow the users in the LAN connected to HUB A and HUB B to access hosts in all other LAN's while network hosts on other LANS will access only specific ports on HUBs A and B. Telnet traffic will only be permitted from the PC's connected to Spokes 1-3 from the LAN interface on HUB A. SSH traffic will only be permitted from the PC's connected to Spokes 4-6 to the LAN Interface on HUB B. Ping traffic will be allowed from all sites.

Note that we will be using telnet and ssh from the PC's to the LAN interfaces on the routers rather than to the actual workstations. Unfortunately Packet Tracer doesn't support Telnet/SSH to PC/Server objects. With that said, the same principles still apply.

In your own words, provide a description of the expected goals and results as you understand them.

Create Extended ACL
You can use the topology settings you saved from Parts 1 and 2. Remember that you must be specific. You must be able to differentiate between LAN interface, Hosts and Networks when configuring access control entries. You will lose marks for ambiguous entries. There will not be any traffic that is not defined below.

Configure as follows:

1. On HUB A:
Create and name an extended access list.
Add a rule to the extended access list that allows EIGRP traffic from any network. Make the rule as specific as possible.
Add a rule to the extended access list that allows ping traffic from any host on HUB B LAN, Spoke-1 and spoke 2 to the PC on HUB A. Make the rule as specific as possible.
Add a rule to the extended access list that allows telnet traffic from the PC (Host) on HUB B as well as Spokes 1 and 2 to the LAN on HUB A. Make the rule as specific as possible.
Add a rule that denies all other traffic
Apply that access list inbound on to each of the external (WAN) interfaces connecting to HUB A.

2. On HUB B:
Create and name an extended access list.
Add a rule to the extended access list that allows EIGRP traffic from any network. Make the rule as specific as possible.
Add a rule to the extended access list that allows ping traffic from any host on HUB A LAN, Spoke-3 and spoke-4 to the PC on HUB B. Make the rule as specific as possible.
Add a rule to the extended access list that allows SSH traffic from the PC (Host) on HUB A as well as Spoke- 3 and Spoke-4 to the LAN on HUB B. Make the rule as specific as possible.
Add a rule that denies all other traffic
Apply that access list inbound on to each of the external (WAN) interfaces connecting to HUB B.

3. Test your access lists
Ensure that only PC's on the LAN's defined in your access lists can ping the PC's on HUB A and HUB B LANS as required.
Ensure that only the PC's on Spokes 1 and 2 can telnet into the HUB A LAN interface.
Ensure that only the PC's on Spokes 3 and 4 can SSH into the HUB B LAN interface.
Ensure that no other traffic is permitted

Screenshots
Include a screenshot of:

1. Each HUB using a command (not sh run) to show the ACL name, any ACE's and any filtering caused by the ACLs.
2. Each HUB showing which interfaces the access-lists are assigned to.
3. Each step involved in testing your access lists as outlined in step 3 above.
Observations
Record your observations including details on any problems encountered or solved.

Reflection
In your own words provide a detailed explanation of what each of the ACE's mean and how they are affecting network traffic. Describe what would happen (and why) if you tried to telnet from PC4 to the LAN on HUB B or SSH from PC6 to the LAN on HUBA. Also explain the benefit of using extended access lists over standard access lists. Be sure to record and additional reflections and solutions to problems that you encountered.

Attachment:- Packet Filtering Firewall.rar

Reference no: EM133187731

Questions Cloud

What type of liability cover would jack need to have : Jack and Leanne W have a house insurance package with cover that includes a $10 million liability policy. What type of liability cover would Jack need to have
Attracting new customers and developing existing services : Why are social networks becoming an increasingly important marketing tool? Find an example oniine in which a company has improved the effectiveness of its marke
Preliminary district benchmark testing results : The preliminary district benchmark testing results for your school have been reported, and your campus appears to have performed at a significantly lower level
Calculate new ltd share of profit for the year ended june : On 1 January 2020, New LTD sold a building costing RS504.000 to York LTD for RS522.000. Calculate New LTD share of profit for the year ended June
INFO8490 Information Technology Network Security Assignment : INFO8490 Information Technology Network Security Assignment Help and Solution, Conestoga College - Assessment Writing Service
What are the firm average and marginal tax rates : Use the corporate tax rates shown in the popup window to calculate the corporation's tax liability. What are the firm's average and marginal tax rates
What was the over or underapplied overhead for the period : At the end of the period, the factory overhead control account for Department A had a balance of P265500; What was over or underapplied overhead for period
How much is the percentage tax arising from all insurance : Local life insurance with PhilamDeath (20% of premium paid to reinsurer) 20,000. How much is the percentage tax arising from all insurance
Owner-operated companies are called small businesses : Business sizes vary. Small owner-operated companies are called small businesses. They are normally run by one person or a small group of people.

Reviews

len3187731

7/29/2022 11:18:06 PM

I need the Software Design Template File fixed up to be aligned with the software design rubrik file and the submission part 2 guidelines and rubrik completed as well.

Write a Review

Computer Networking Questions & Answers

  Networking and types of networking

This assignment explains the networking features, different kinds of networks and also how they are arranged.

  National and Global economic environment and ICICI Bank

While working in an economy, it has a separate identity but cannot operate insolently.

  Ssh or openssh server services

Write about SSH or OpenSSH server services discussion questions

  Network simulation

Network simulation on Hierarchical Network Rerouting against wormhole attacks

  Small internet works

Prepare a network simulation

  Solidify the concepts of client/server computing

One-way to solidify the concepts of client/server computing and interprocess communication is to develop the requirements for a computer game which plays "Rock, Paper, Scissors" using these techniques.

  Identify the various costs associated with the deployment

Identify the various costs associated with the deployment, operation and maintenance of a mobile-access system. Identify the benefits to the various categories of user, arising from the addition of a mobile-access facility.

  Describe how the modern view of customer service

Describe how the greater reach of telecommunication networks today affects the security of resources which an organisation provides for its employees and customers.

  Technology in improving the relationship building process

Discuss the role of Technology in improving the relationship building process Do you think that the setting of a PR department may be helpful for the ISP provider? Why?

  Remote access networks and vpns

safekeeping posture of enterprise (venture) wired and wireless LANs (WLANs), steps listed in OWASP, Securing User Services, IPV4 ip address, IPV6 address format, V4 address, VPN, Deploying Voice over IP, Remote Management of Applications and Ser..

  Dns

problems of IPV, DNS server software, TCP SYN attack, Ping of Death, Land attack, Teardrop attack, Smurf attack, Fraggle attack

  Outline the difference between an intranet and an extranet

Outline the difference between an intranet and an extranet A programmer is trying to produce an applet with the display shown in Figure 1 below such that whenever one of the checkboxes is selected the label changes to indicate correctly what has..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd