User Account

All Pages

Implement network security on edge routers

Assignment Help Computer Network Security
Reference no: EM13744411

Scenario

UKSports is a supplier of Taekwondo sparring equipment to TKD schools in the UK and Europe. The company has recently acquired new administration premises in London and you have been asked to implement network security on their edge routers and LAN switches  and provide evidence that it is secure.

IP Addressing Table

Device Interface IP Address Subnet Mask Default Gateway Switch Port
LONDON

Fa0/0

10.10.20.1

255.255.255.0

NIA

SL Gig 1/1
 

SO/0/0

192.168.1.1

255.255.255.252

N/A

N/A
ISP

S0/0/0 (DCE)

192.168.1.2

255.255.255.252

N/A

N/A        
  S0/0/1 (DCE)

192.168.1.6

255.255.255.252

N/A

N/A
GERMANY

Fa0/0

10.10.30.1

255.255.255.0

N/A

 SG Gig 1/1
 

SO/0/1

192.168.1.5

255.255.255.252

N/A

N/A
SL1

VLAN 100

10.10.20.2

255.255.255.0

10.10.20.1

SL2 Gig1/2-11
SL2

VLAN 100

10.10.20.3

255.255.255.0

10.10.20.1

SL1 Gig1/2
SG

VLAN 100

10.10.30.2

255.255.255.0

10.10.30.1

N/A
PC-L

NIC

10.10.20.15

255.255.255.0

10.10.20.1

SL1 Fa0/1
HTTP Server

NIC

10.10.20.16

255.255.255.0

10.10.20.1

SL2 Fa0/10
PC-G

NIC

10.10.30.10

255.255.255.0

10.10.30.1

SG Fa0/21

You have been given a detailed security plan for UKSports and have been specifically asked to undertake the following implementation tasks:

Part 1 - Basic network device configuration

Step 1 - Basic router configuration

• Configure router hostnames (as specified in the scenario)
• Configure IP addresses as described in the IP Addressing Table
• Configure a clock rate of 64000 in the appropriate serial interfaces

Step 2 - Static Routes

• Configure a static default route on edge routers LONDON and GERMANY
• Configure a static route on the ISP router, from GERMANY to the LONDON's LAN and from LONDON to the GERMANY's LAN, specify an interface as the exit parameter.

Step 3 - PC Configuration

• Configure appropriate IP addresses, subnet masks and default gateways for each PC

Question 1. In your report, include several screenshots showing that there is communication between the routers and the PCs.

Part 2 - Secure Network Routers

Step 1 - Configure Passwords and login banner

• Define a minimum length of 8 for all passwords
• Encrypt all plain text passwords
• Configure the password class123 as the privileged password and cisco123 on the console line
• Configure the warning banner: Unauthorised access prohibited

Step 2 - Configure Local Authentication using AAA on edge routers (LONDON and GERMANY)

• Create a local user account of UKAdmin01 with a secret password of UKAdmin01pa55 and a the highest privilege level
• Enable AAA services
• Create a default login authentication method list using local authentication as the first option and the enable password as the backup option

Question 2. In your report, provide evidence that the local database and the default login method is working correctly.

Step 3 - Configure SSH Server on the edge routers (LONDON and GERMANY)

• Configure the domain name UKSPORTS.com
• Configure all the incoming vty lines to specify that Level 15 users will default to privilege exec mode when accessing the VTY lines. All other users will default to exec mode. Specify that only SSH connections will be allowed
• Configure the RSA keys with 1024 bits

Question 3. In your report, provide evidence that SSH is working correctly.

Step 4 - Secure against login attacks on LONDON and GERMANY

• Set blocking period when login attack detected to 60 seconds
• Maximum login failures with the device to 2
• Maximum time period for crossing the failed login attempts to 30 seconds
• Log all failed login attempts

Step 5 - Configure a Zone-based policy firewall on LONDON

• Create two security zones named: INTERNAL_ZONE and EXTERNAL_ZONE

• Create access list 150 that permits all IP traffic from LONDON's LAN to any destination

• Create the INTERNAL_CMAP class map of type inspect that matches all statements of the class map, inside the class map define the match to access list 150

• Define the IN_2_OUT_PMAP policy map, and define it to use the INTERNAL_CMAP class map and to inspect

• Define the IN_2_OUT_ZP zone pair with INTERNAL_ZONE as the source and EXTERNAL_ZONE as the destination, the policy of the pair should be to inspect the IN_2_OUT_PMAP

• Define the interface S0/0/0 as part of the EXTERNAL_ZONE and interface Fa0/0 as part of the INTERNAL_ZONE

Question 4. In your report, explain the purpose of this configuration. Provide evidence that the firewall is working correctly, which devices should be able to communicate between them, which shouldn't and why?

Step 6 - Configure IPS on GERMANY

• Create a directory in flash named IPSDIR
• Configure the IPS signature storage location to the new directory
• Create an IPS roule named IOSIPS
• Configure the IPS so only the basic category is used
• Apply the rule to the outbound direction of interface S0/0/1
• Un-retire the echo request signature (signature 2004, subsig ID 0), enable it and change the signature action to alert, and drop

Question 5. In your report, explain the purpose of this configuration. Provide evidence that the IPS is working correctly, which devices should be able to communicate between them, which shouldn't and why?

Part 3 - Configure a Site-to-Site VPN between LONDON and GERMANY

• Configure the following VPN settings:

Parameter

Value

Policy number

10

Key distribution method

ISAKMP

Encryption algorithm

AES

Hash algorithm

SHA-1

Authentication method

Pre-share

Key Exchange

DH 2

IKE SA Lifetime

86400 seconds

ISAKMP key

uksportsvpnpa55

o Set the VPN to be from LONDON's int s0/0/0 to GERMANY's int s0/0/0
o Use the following parameters for ISAKMP Phase 1 policy

Parameter

LONDON

GERMANY

Transform set

VPN1

VPN1

Algorithms

esp-3des esp-sha-hmac

esp-3des esp-sha-hmac

Peer hostname

GERMANY

LONDON

Crypto Map name

VPN-MAP1 Policy 10

VPN-MAP1 Policy 10

SA Establishment

ipsec-isakmp

ipsec-isakmp

o The interesting traffic in LONDON is the IP traffic from its LAN to GERMANY's LAN, and the interesting traffic in GERMANY is the IP traffic
from its LAN to LONDON's LAN
o Use the following parameters for IPSEC Phase 2 policy

Question 6. In your report, explain the purpose of this configuration. Provide evidence that the VPN is working correctly, which devices should be able to use the VPN, which shouldn't and why?

Part 4 -Secure Network Switches

Step 1 - Configure IP address to the management VLAN

• Make VLAN 100 the management VLAN and assign the IP address. It is not necessary to configure a name to VLAN 100
• Configure the default gateway in all switches

Step 2 - Configure Passwords and a login Banner on Switches

• Configure the hostname of all switches
• Configure the enable secret password of class
• Configure the console line with a password of cisco
• Configure the vty ports with a password of cisco with an exec-timeout of 5 minutes
• Configure a the login banner: Unauthorised access prohibited

Step 3 - Secure Trunk Ports

• Configure port Gig1/2 on SL1 as a trunk port
• Configure port Gig1/2 on SL2 as a trunk port
• Configure the native vlan to be 99. It is not necessary to configure a name to VLAN 99
• Prevent the use of DTP on the trunking ports of SL1 and SL2
• Enable storm control for broadcasts with a 50% suppression level in all trunking ports

Question 7. In your report, provide evidence that the trunking ports are working correctly and that trunking is enabled.

Step 4 - Secure Access Ports

• On SL1, configure ports Fa0/1 and Gig1/1 as access mode for VLAN 100
• On SL2, configure ports Fa0/10 as access mode for VLAN 100
• On SG, configure ports Gig1/1 and Fa0/21 as access mode for VLAN 100

Question 8. In your report, show that there is internal connectivity between the devices of each LAN.

Step 5 - Protect against STP Attacks

• Enable PortFast on all ports that have been defined as access ports
• Enable BPDU guard

Step 6 - Configure Port Security and Disable Unused Ports

• Configure basic port security on all ports that have been defined as access ports: set maximum MAC addresses to 1 and on violation shutdown the interface, the switch must learn the MAC address of the device that is already connected in that port
• Disable unused ports on all switches

Question 9. In your report, provide evidence that port security is working correctly. Explain how would you test the correct functionality of port security.

Reference no: EM13744411

Questions Cloud

Write an essay on rationale for the biblical worldview : Write an essay on Rationale for the Biblical Worldview. Begin your essay with an interesting introduction that contains a precisely stated thesis. End your essay with a strong conclusion that summarizes your main points.
Write a detailed summary describing your intake : Review your Food Groups and Calories Report and use the data to write a detailed summary describing your intake from each of the food groups
Results of a nursing or health research study : Go to the online library and find a recent (no older than 3 years) article reporting the results of a nursing or health research study in which a t-test analysis or its non-parametric analog is used.
Safety disciplines or your professional expertise : What have you accomplished in the past twelve months which you consider an important contribution to safety disciplines or your professional expertise. This is to be answered in no more than 100 words.
Implement network security on edge routers : Implement network security on edge routers and LAN switches  and provide evidence that it is secure.
Marketing of a new breakthrough drug : Your boss has just told you that tomorrow the federal drug Administration will announce its approval of your firm's marketing of a new breakthrough drug. As a result of this information, you are considering purchasing shares of stock in your firm ..
Write an essay on muscles and muscle tissue : Write an essay on Muscles and Muscle Tissue
What territory should be included within its borders : what territory should be included within its borders? How do you suggest Palestinian claims to the contested territories be handled?
Race to the bottom : The term "race to the bottom" refers to:

Reviews

Write a Review

Computer Network Security Questions & Answers

  What is the plaintext for the ciphertext 10000001

What is the ciphertext (in binary form) generated by the encryption of the character T (Please show your work.)

  Protecting intellectual property rights in software

Explain the reason of each of these approaches and explain how each of them can be used to protect property rights in software. Please include any experiences you have had with these methods.

  Why is network security particularly difficult to achieve

Why is network security particularly difficult to achieve?

  A digital evidence and computer crime and technology and law

Digital Evidence, Computer Crime, Technology and Law- As digital criminals have become more sophisticated, security-related incidents have become substantially more diverse in nature, and their impact on society is increasingly more destructive.

  Symmetric encryption algorithms

block cipher and a stream cipher, Caesar cipher, cryptanalytic attacks, mono alphabetic cipher and a poly alphabetic cipher, Mix Columns, Add Round key, PGP services, traffic padding, contrast link and end-to-end encryption

  Assessment of the risks associated with collection

Identify and provide an assessment of the risks associated with collection, processing, and storage of confidential client information (loss of confidentiality).

  Paper on physical secuirty

You will write a paper on what area you chose and why. You will explain what in this area you want to expand also why this important to the company.

  Compute value of shared secret key

You have secretly picked value SA = 17. You begin session by sending Bob your computed value of TA. Bob responds by sending you value TB = 291. What is the value of your shared secret key?

  Problem on network security planning

Securing a large internetwork remains a daunting challenge. Cloud computing and social networks add to this complexity. In two to three (2-3) pages, and using the CISCO SAFE reference architecture.

  Prepare a security checklist for new century

You decide to prepare a security checklist for New Century. Prepare a list of security issues that the firm should evaluate and monitor. Be sure to organize the items into categories that match the five security levels.

  Consider now the inheritance of properties of new processes

Consider how a system with capabilities as its access control mechanism could deal with Trojan Horses.

  Biometric authentication methods for on-line transactions

What is the weakness for Biometric authentication methods for online transactions

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd