Question: extranet firewall extranet proxy server application server database server web server firewall administrator SMTP server external firewall internal firewall untrusted network untrusted network DMZ DMZ
extranet firewall extranet proxy server application server database server web server firewall administrator SMTP server external firewall internal firewall untrusted network untrusted network DMZ DMZ internal corporate network switch alias address device external firewall port service 25 SMTP 80 http (web) 107 internal application 156 database session extranet firewall internal firewall interface untrusted network DMZ DMZ extranet DMZ internal network DMZ DMZ DMZ extranet extranet internal network IP address 20.22.20.1 20.22.20.2 20.22.20.3 20.22.20.4 20.22.20.5 192.168.0.1 20.22.20.7 20.22.20.8 20.22.20.9 20.22.10.11 20.22.10.12 192.168.0.2 20.22.11.6 SMTP server web server proxy server application server database server firewall admin. 20.22.11.20 DMZ extranet internal network 20.22.20.* 20.22.10.* 20.22.11.* 1. [20 pts.] Create firewall rules for the untrusted network port on the external firewall which will: a.) block spoofing of all internal corporate network addresses b.) allow traffic from any host and any port on the untrusted network into the DMZ for the * SMTP server on the SMTP port; * web server on the http port; * proxy server on the internal application port; * and, extranet database server on the database session port. c.) allow re-mapped response traffic from any host and any port to the extranet database server d.) explicitly disallow any inbound traffic requesting a desitnation port of either 7 or 23 e.) disallow all other traffic 2. (10 pts.] Create firewall rules for the DMZ port on the extranet firewall which will: a.) allow traffic from any port on the proxy server to the internal application port on the application server b.) allow traffic to the databae session port on the database server from these specific sources only (representing preferred customers): * network 42.40.0.0 * network 77.7.77.0 * host 112.92.4.3 c.) disallow all other traffic 3. [20 pts.] Create firewall rules for the internal network port on the internal firewall which will: a.) specifically deny traffic spoofing the firewall ports b.) deny traffic to the firewall ports, except from the local firewall administrator (allow that traffic) c.) allow all other outbound traffic out d.) disallow all other traffic extranet firewall extranet proxy server application server database server web server firewall administrator SMTP server external firewall internal firewall untrusted network untrusted network DMZ DMZ internal corporate network switch alias address device external firewall port service 25 SMTP 80 http (web) 107 internal application 156 database session extranet firewall internal firewall interface untrusted network DMZ DMZ extranet DMZ internal network DMZ DMZ DMZ extranet extranet internal network IP address 20.22.20.1 20.22.20.2 20.22.20.3 20.22.20.4 20.22.20.5 192.168.0.1 20.22.20.7 20.22.20.8 20.22.20.9 20.22.10.11 20.22.10.12 192.168.0.2 20.22.11.6 SMTP server web server proxy server application server database server firewall admin. 20.22.11.20 DMZ extranet internal network 20.22.20.* 20.22.10.* 20.22.11.* 1. [20 pts.] Create firewall rules for the untrusted network port on the external firewall which will: a.) block spoofing of all internal corporate network addresses b.) allow traffic from any host and any port on the untrusted network into the DMZ for the * SMTP server on the SMTP port; * web server on the http port; * proxy server on the internal application port; * and, extranet database server on the database session port. c.) allow re-mapped response traffic from any host and any port to the extranet database server d.) explicitly disallow any inbound traffic requesting a desitnation port of either 7 or 23 e.) disallow all other traffic 2. (10 pts.] Create firewall rules for the DMZ port on the extranet firewall which will: a.) allow traffic from any port on the proxy server to the internal application port on the application server b.) allow traffic to the databae session port on the database server from these specific sources only (representing preferred customers): * network 42.40.0.0 * network 77.7.77.0 * host 112.92.4.3 c.) disallow all other traffic 3. [20 pts.] Create firewall rules for the internal network port on the internal firewall which will: a.) specifically deny traffic spoofing the firewall ports b.) deny traffic to the firewall ports, except from the local firewall administrator (allow that traffic) c.) allow all other outbound traffic out d.) disallow all other traffic
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help