User Account

All Pages

Firewall rules based on a fictitious organisation, Computer Networking

Assignment Help:

Question 1 requires you to develop firewall rules based on a fictitious organisation.

Scenario:

You work for a security-conscious company, xC-Cure, who develop encryption technologies for large corporate and defence customers world-wide.  Your role is a junior security specialist and you have recently been asked to plan for the deployment of a new firewall.

The firewall is structured around an external filtering router (using NAT)with three(3) interfaces.  The external (public) interface is Internet facing and has a public IP of 120.9.20.1.  The second interface has an IP of 10.1.0.1 and is the gateway to the DMZ network (10.1.0.0).  The third interface has an IP of 10.2.0.1 and is the gateway to the intranet (10.2.0.0). The firewall also acts as a VPN tunnel server on its public Internet interface.

While certain traffic can flow between the DMZ and the intranet, Internet initiated connections should not enter the intranet.  Two sets of filtering rules are applied:  one for traffic flowing in and out of the Internet interface, another for traffic flowing between the DMZ and the intranet.

The DMZ contains the following servers:

  • A publicSecure Web Server (10.1.0.101) that accepts incoming https connections and makes connections to the Oracle Database inside the Intranet
  • The Mail server (10.1.0.102) that accepts POP3 connections from the intranet and initiates and accepts SMTP connections to the Internet

The Intranet contains the following servers:

  • The Oracle Database Server (10.2.0.10) that accepts SQLNet traffic from the Web Server in the DMZ
  • The Intranet Web Server (10.2.0.11) that accepts HTTP traffic ONLY from within the intranet
  • A File Share Server (10.2.0.12) that accepts SMBtraffic ONLY from with the intranet

Your rules should ensure that Internet access will be restricted to the following:

Only the following services will be permitted as OUTBOUND traffic (to the Internet from the DMZ or intranet):

  • HTTPS and HTTP (from the intranet). Note: it is assumed that external Web access provides the ability to connect to the local Secure Web Server - no additional firewall rules are required.
  • SMTP (from the Mail Server)

Only the following services will be permitted as INBOUND traffic (to the DMZfrom the Internet):

  • HTTPS (to the Secure Web Server)
  • SMTP (to the Mail Server)

Access between the Intranet and the DMZ will be restricted to the following.
Only the following services will be permitted as OUTBOUND traffic (to the DMZ from the intranet):

  • POP3 (from the intranet to the Mail Server)
  • SSH (from the system administrators' subnet (10.2.5.0) to all DMZ servers)

Only the following services will be permitted as INBOUND traffic (from the DMZ to the intranet) traffic:

  • Oracle (from the Secure Web Server)

The firewall is not to be accessible remotely on any interface - i.e. it should not accept connections on any of its IP addresses EXCEPT on its VPN port on the external interface.

Related Discussions:- Firewall rules based on a fictitious organisation

The command to show the frame relay map table, Recognize the command to sho...

Recognize the command to show the Frame Relay map table Ans) Router# show frame-relay map is the the command to show the Frame Relay map table

Explain data processing, Question - 1 Define MIS and its objectives. What ...

Question - 1 Define MIS and its objectives. What are the characteristics of MIS? Question - 2 Explain data processing Question - 3 What are the recent developments in database

CCNA, What is basic purpose of Routers

What is basic purpose of Routers

Banking industry, Will like to know what is the standard industrial practic...

Will like to know what is the standard industrial practice for a bank network design? Preferably with complete paper on the network design covering security, domain segregation, vi

Describe rip timers in detail, RIP timers

RIP timers

Simple Pendulum, Give me a wide idea about simple pendulum and its types wi...

Give me a wide idea about simple pendulum and its types with equation and tables as usual assignment?

Tcp-ip and osi differences, Q. TCP-IP and OSI Differences - TCP/IP com...

Q. TCP-IP and OSI Differences - TCP/IP combines the Presentation and Application Layers - TCP/IP combines the OSI Data Link and Physical Layers into 1 Layer - TCP/IP app

Data types in distributed enrollment protocol, Data Types Each data typ...

Data Types Each data type of Table 1 must be sent according to the specifications below. [INT] Each value of this type is sent as the string representation of the corre

Retransmission of packets - transport layer, Retransmission of packets ...

Retransmission of packets The disadvantage  of thronging away a correctly received packet is that  the subsequent retransmission  of the  packet might  be lost  or garbled and

Switching via memory - network layer and routing , Switching  via memory ...

Switching  via memory Traditional  computers with switching  between  input and output  being  doen under  direct  control  of the CPU input and output  ports  functioned as tr

Write Your Message!

Captcha
Order Assignment

Featured Services

Order Now

Popular Subjects

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd