Hello I am in need of help with the second part to my lab. I need help
Fantastic news! We've Found the answer you've been seeking!
Question:
Hello I am in need of help with the second part to my lab. I need help filling out tables 1,2, and 3 based on the policies another tutor helped me make before hand. I will attach the policies as well as the Lab document of what the tables need to be filled with.
Transcribed Image Text:
MicroComputers (MC) Lab: Firewall ACLs Introduction In this simulated lab assignment, you are going to research and write up firewall policy and implement the policy by translating it into firewall rules based on the scenario detailed below. At the end, you must present your results to your customer. The scenario is multipart, and you must read repeatedly the information given, to understand the tasks and execute carefully as required. Scenario Micro Computers (MC), is a small computer retail shop that sells computers and computer accessories to its customers in the Balitmore area. You are employed by MC, and your group is the team selected to create the company's security policy. The primary purpose of the security policy is to create a firewall-based network security solution for MC's network. There are 80 employees working in different roles ranging from sales to senior manager. MC has the following departments: Sales/Marketing, Store, Management where the accounting department is also hosted. The departments communicate internally within MC network and with the outside world via the internet regarding the operations and transactions related to the business processes. 7 Mgmt & Accounts Sales/Mkting Store MS Windows 2016 Active Directory/File 192.168.12.11/27 Subnet0 Subnet1 Subnet2 Subnet3 Subnet4 Subnet Name Subnet5 Subnet6 Subnet7 Switch 2 SW2 www.bo Switch 3 SW3 Technical Environment 1. The company has a Microsoft Active Directory environment (Windows 2016+ servers, Windows 10 workstations & laptops, MS Office applications). Internal servers include Microsoft Active Directory Services (File/Print/DNS as part of AD), MS Terminal Services, MS Exchange (email), MS SQL (database) server, and MS IIS (Internet Information Services) for a Webserver. 2. There is an external e-mail spam filter appliance as the public point of presence provided by ISP, which forwards mail to the internal mail server. Outside e-mail users can't send e-mail messages directly to the different departments and must go via spam filter. Switch 4 SW4 3. All employees are authorized telecommuters (mobile workers), who access the Terminal Server from their homes as well as company provided laptops when traveling. Remote workers include system administrators who work remotely and can connect to the internal network critical services via the internet, but this doesn't include remote access to the MS SQL Server. Inbound 4. The sales and customer service departments use a CRM (customer relations management) application through a web portal which uses data on the MS SQL server. Internally, the Sales' associates have no direct access to the SQL Server, but only the database manager can do so. Inbound 5. Data related to computers and peripherals is stored on the MS SQL Server that interfaces with the MS IIS (Web Server). This means that customers can only search products via the Web Server using their local browsers. 6. The Webserver hosts a public website for searches and viewing products as well as a "business to business" and regular customer's e-commerce site, meaning it allows customers to securely log in, place orders, and review their account. The e-commerce site, running from the Webserver, accesses (interfaces with) the SQL server for customer, inventory, and pricing information. 7. The company operates a "flat" network, meaning all internal devices share the same LAN with the same subnet mask. 8. All switches are configured and operational, and don't have to be concerned about them. This applies also to all servers as they are configured and fully functional. 9. The placement of the firewall in the topology follows the "Bastion Host" model. 10. The firewall is not configured and must be configured at the start with device initial/base configuration plan which is going to be one of your first steps in deployment stage. 11. The firewall that is used in the topology is Dell SonicWall TZ-300 model which has three types of link interfaces LAN (4 ports), WAN, and DMZ. Direction Summary of your team's tasks Your team will provide inputs to the MC management in three phases; each phase will take 1 week. At the end of each week, you will submit your results to the MC management. 6. The e-mail Outbound MS Windows 2016 Exchange Server 3. For each This exercise will be worth 100 total points to your lab de. All members of your team must contribute to the work; your instructor may ask any member of the team to explain part of the work to verify their participation. Inbound Inbound Phase 0 is to set up your teams. You will work in teams of 2-3. Phase 1 will be a firewall policy. Explore and research the operations that relate to MC's business process and based on your finding create a firewall policy that is going to serves as the basis for creating the firewall rule sets. The policy must be at least 2 pages long and should have a title, overview, purpose, scope and policy statements that articulates and details the firewall configuration settings and Audit and Controls of the firewall policy. The firewall policy should also capture enforcement and measures in the case of policy violations. It must be formatted in a professional manner using a word-processor such as Word or Google Docs. Please include page numbering and the version of the document e.g. policy version history. You can use a template from the internet but must adapt it to the needs/context and business processes of Micro Computer (MC) retail shop. 1. You 2. Further to this, you must acknowledge where you got the template from by providing the source of the template. 192.168.12.12/27 A link is given below, and you can download a document to give you an idea of what a firewall policy looks like: https://www.cde.state.co.us/dataprivacyandsecurity/networkfirewallpolicy. Keep in mind that this document is model and is not specific to the MC organization. Item to turn in: firewall policy document. Task 1: Complete the IPv4 addressing plan for the 4 subnets in the diagram Task 2: Create Firewall Rules using descriptive terms Task 3: Create Firewall Rules using IP addresses and port numbers Direction Outbound Phase 2 will be a subnetting table and the needed firewall rules. Phase 3 will be a presentation (using Voice Thread) describing your solution and any recommendations you may have. Task 1: IPv4 Addressing Plan (Scheme) for MC As part of your task to implement a secure network, you must have a plan for your IP addressing scheme and apply the IP addressing in a professional manner. For this purpose, you are given a base IP address of 192.168.12.0/24 that you must subnet for the network segments layer 3 switches though the switches currently operate as layer 2. These can be configured potentially as layer 3 in the future with VLANs and VLAN switch trunking to increase separated by network efficiency. Don't worry about VLANs for now. and you don't Outbound Subnetting Requirements: 1. The base IP address given, 192.168.12.0/24, must be subnetted to allow a maximum of Network Address 192.168.12.0/27 192.168.12.32/27 192.168.12.64/27 192.168.12.96/27 only 30 useable host addresses per network segment separated by the switches. 2. The first subnet (subnet0) must be used by the critical devices: the IP address assignments for the servers are shown in the topology. This has been done for you already. 3. The next available subnet (Subnet1) is assigned to the management subnet, the third subnet (subnet 2) to Sales and the fourth (subnet3) to the Store department. The rest of the IP address assignments are shown on the table below, but you must complete the remaining of the table. 4. Except for those devices/servers for which IP assignment is shown, the first available address in each subnet is kept aside for an intermediary or a critical device such as routers, firewall or even servers. Though the switches currently are used as layer 2 devices, reserve the first available and useable address in each subnet for the switch's administrative/default VLAN. 5. A table is given to help you plan the addressing scheme and you must complete the table to create the inventory of your IP addresses. You may use a subnetting calculator or other tool to verify your table. Table 3: ACL Item to turn document MS Windows 2016 Terminal Services must To show the provided in the subnet1 subnet2 Outbound ANY Table 2: Firewall Rules (descriptive) DMZ is, so VoiceThread, subnet3 ANY you Customers Subneto 192.168.12.224/27 192.168.12.225 - 192.168.12.254 Item to turn in: Voice Thread to *** E It is time to turn (translate) the firewall devices understand better. Take them into an ACL using IP addresses and Table 1: Subnet Note: MC is planning to open a branch office in Kalamazoo, MI next year, so subnets 4-7 are reserved for the new office. They are not needed for this exercise but you need to leave the IP addresses for those subnets available for the new office. create way 192.168.12.13/27 gateway (spam filter) is provided by the ISP and is assigned a Public IP address as shown on the topology. Firewall internal (LAN) interface is assigned available IP of subnet5 address 7. The the first and the external/outer (WAN) interface is assigned the first available address of the Public IP address of the ext_subnet0 of 220.51.79.0/28 as shown in the topology Webserver (IIS) ANY diagram. This assignment is shown on not appear on this table. 8. Customers and Mobile workers have no specific IP addresses, could be anything. ANY ANY a VoiceThread Task 2 Using the information provided and the IP addresses as a lead, create firewall rule sets using the table provided below. This table uses descriptive terms rather than IP addresses and port numbers. firewall 1. The first inbound given as an example. 2. Add four more rules for reference to determine in: Tables 1, 2 and and upload MS Windows 2016 SQL Server Switch 1 SW1 Task 3: Translate the firewall rules into an ACL 192.168.12.15 192.168.12.14/27 Source it, After completing Phase 2, you network and no demilitarized or Prepare from phases 1 and 2 network (additional hardware, Phase 1 (30 points) you Voice Thread get credit. subnet0 and what Phase 2 (40 points) Useable IP Address Range firewall Inbound and outbound rules. Use the business process as a the protocols needed to create the rules. direction, cleanup rule is added at the table have to do anything on those. Source realize zone MS Windows 2016-IIS Webserver presentation will need to explain but you must give a corresponding ACL on how to do it the table below. Note: the Firewall changes new 192.168.12.15/27 ANY that (DMZ) irewall Ext. Interface 220.51.79.1/28 ACLs, why it ANY rule as well as the corresponding reciprocal outbound rule are Customers 3 completed may create for ACL ANY lasting you Email Gateway Spam Filter 220.51.79.15/28 ANY Destination Type of Traffic Webserver (IIS) HTTP/TCP ANY above is the firewall outer interface. Ext_subnet0 does the for the Destination 192.168.12.15 Broadcast Address 192.168.12.31 192.168.12.255 Phase 3 (30 points) Telecommuter Mobile Worker rows in table Customers Users Design by Ma valuable. rules into ACL that the SonicWall or any of the other the firewall rules from the table above and translate port numbers. the MC is putting itself at inside the network. no more would recommend etc). Your customers ANY HTTP/TCP ANY at the end of the rules' list rows Address Assignment All Servers Management ANY Sales Store Reserved for Kalamazoo Management Reserved for Kalamazoo Sales Type of HTTP/TCP Reserved for Kalamazoo ANY Store Reserved for Kalamazoo-to- Baltimore WAN connection HTTP/TCP = 80 than 10 minutes to table above (Task 3). first inbound and outbound rules is the basis to create the ACL entries. You may use credit for anything you download presentation. Each member of the team may any from risk because there is a You feel it is necessary Traffic = 80 Action Allow Deny Allow as described. You may fill them out on this a new document. Deny that describes implement a DMZ on not understand Action Allow Deny Allow Deny flat that you the results this what a media you wish in the the internet. must present part of the MicroComputers (MC) Lab: Firewall ACLs Introduction In this simulated lab assignment, you are going to research and write up firewall policy and implement the policy by translating it into firewall rules based on the scenario detailed below. At the end, you must present your results to your customer. The scenario is multipart, and you must read repeatedly the information given, to understand the tasks and execute carefully as required. Scenario Micro Computers (MC), is a small computer retail shop that sells computers and computer accessories to its customers in the Balitmore area. You are employed by MC, and your group is the team selected to create the company's security policy. The primary purpose of the security policy is to create a firewall-based network security solution for MC's network. There are 80 employees working in different roles ranging from sales to senior manager. MC has the following departments: Sales/Marketing, Store, Management where the accounting department is also hosted. The departments communicate internally within MC network and with the outside world via the internet regarding the operations and transactions related to the business processes. 7 Mgmt & Accounts Sales/Mkting Store MS Windows 2016 Active Directory/File 192.168.12.11/27 Subnet0 Subnet1 Subnet2 Subnet3 Subnet4 Subnet Name Subnet5 Subnet6 Subnet7 Switch 2 SW2 www.bo Switch 3 SW3 Technical Environment 1. The company has a Microsoft Active Directory environment (Windows 2016+ servers, Windows 10 workstations & laptops, MS Office applications). Internal servers include Microsoft Active Directory Services (File/Print/DNS as part of AD), MS Terminal Services, MS Exchange (email), MS SQL (database) server, and MS IIS (Internet Information Services) for a Webserver. 2. There is an external e-mail spam filter appliance as the public point of presence provided by ISP, which forwards mail to the internal mail server. Outside e-mail users can't send e-mail messages directly to the different departments and must go via spam filter. Switch 4 SW4 3. All employees are authorized telecommuters (mobile workers), who access the Terminal Server from their homes as well as company provided laptops when traveling. Remote workers include system administrators who work remotely and can connect to the internal network critical services via the internet, but this doesn't include remote access to the MS SQL Server. Inbound 4. The sales and customer service departments use a CRM (customer relations management) application through a web portal which uses data on the MS SQL server. Internally, the Sales' associates have no direct access to the SQL Server, but only the database manager can do so. Inbound 5. Data related to computers and peripherals is stored on the MS SQL Server that interfaces with the MS IIS (Web Server). This means that customers can only search products via the Web Server using their local browsers. 6. The Webserver hosts a public website for searches and viewing products as well as a "business to business" and regular customer's e-commerce site, meaning it allows customers to securely log in, place orders, and review their account. The e-commerce site, running from the Webserver, accesses (interfaces with) the SQL server for customer, inventory, and pricing information. 7. The company operates a "flat" network, meaning all internal devices share the same LAN with the same subnet mask. 8. All switches are configured and operational, and don't have to be concerned about them. This applies also to all servers as they are configured and fully functional. 9. The placement of the firewall in the topology follows the "Bastion Host" model. 10. The firewall is not configured and must be configured at the start with device initial/base configuration plan which is going to be one of your first steps in deployment stage. 11. The firewall that is used in the topology is Dell SonicWall TZ-300 model which has three types of link interfaces LAN (4 ports), WAN, and DMZ. Direction Summary of your team's tasks Your team will provide inputs to the MC management in three phases; each phase will take 1 week. At the end of each week, you will submit your results to the MC management. 6. The e-mail Outbound MS Windows 2016 Exchange Server 3. For each This exercise will be worth 100 total points to your lab de. All members of your team must contribute to the work; your instructor may ask any member of the team to explain part of the work to verify their participation. Inbound Inbound Phase 0 is to set up your teams. You will work in teams of 2-3. Phase 1 will be a firewall policy. Explore and research the operations that relate to MC's business process and based on your finding create a firewall policy that is going to serves as the basis for creating the firewall rule sets. The policy must be at least 2 pages long and should have a title, overview, purpose, scope and policy statements that articulates and details the firewall configuration settings and Audit and Controls of the firewall policy. The firewall policy should also capture enforcement and measures in the case of policy violations. It must be formatted in a professional manner using a word-processor such as Word or Google Docs. Please include page numbering and the version of the document e.g. policy version history. You can use a template from the internet but must adapt it to the needs/context and business processes of Micro Computer (MC) retail shop. 1. You 2. Further to this, you must acknowledge where you got the template from by providing the source of the template. 192.168.12.12/27 A link is given below, and you can download a document to give you an idea of what a firewall policy looks like: https://www.cde.state.co.us/dataprivacyandsecurity/networkfirewallpolicy. Keep in mind that this document is model and is not specific to the MC organization. Item to turn in: firewall policy document. Task 1: Complete the IPv4 addressing plan for the 4 subnets in the diagram Task 2: Create Firewall Rules using descriptive terms Task 3: Create Firewall Rules using IP addresses and port numbers Direction Outbound Phase 2 will be a subnetting table and the needed firewall rules. Phase 3 will be a presentation (using Voice Thread) describing your solution and any recommendations you may have. Task 1: IPv4 Addressing Plan (Scheme) for MC As part of your task to implement a secure network, you must have a plan for your IP addressing scheme and apply the IP addressing in a professional manner. For this purpose, you are given a base IP address of 192.168.12.0/24 that you must subnet for the network segments layer 3 switches though the switches currently operate as layer 2. These can be configured potentially as layer 3 in the future with VLANs and VLAN switch trunking to increase separated by network efficiency. Don't worry about VLANs for now. and you don't Outbound Subnetting Requirements: 1. The base IP address given, 192.168.12.0/24, must be subnetted to allow a maximum of Network Address 192.168.12.0/27 192.168.12.32/27 192.168.12.64/27 192.168.12.96/27 only 30 useable host addresses per network segment separated by the switches. 2. The first subnet (subnet0) must be used by the critical devices: the IP address assignments for the servers are shown in the topology. This has been done for you already. 3. The next available subnet (Subnet1) is assigned to the management subnet, the third subnet (subnet 2) to Sales and the fourth (subnet3) to the Store department. The rest of the IP address assignments are shown on the table below, but you must complete the remaining of the table. 4. Except for those devices/servers for which IP assignment is shown, the first available address in each subnet is kept aside for an intermediary or a critical device such as routers, firewall or even servers. Though the switches currently are used as layer 2 devices, reserve the first available and useable address in each subnet for the switch's administrative/default VLAN. 5. A table is given to help you plan the addressing scheme and you must complete the table to create the inventory of your IP addresses. You may use a subnetting calculator or other tool to verify your table. Table 3: ACL Item to turn document MS Windows 2016 Terminal Services must To show the provided in the subnet1 subnet2 Outbound ANY Table 2: Firewall Rules (descriptive) DMZ is, so VoiceThread, subnet3 ANY you Customers Subneto 192.168.12.224/27 192.168.12.225 - 192.168.12.254 Item to turn in: Voice Thread to *** E It is time to turn (translate) the firewall devices understand better. Take them into an ACL using IP addresses and Table 1: Subnet Note: MC is planning to open a branch office in Kalamazoo, MI next year, so subnets 4-7 are reserved for the new office. They are not needed for this exercise but you need to leave the IP addresses for those subnets available for the new office. create way 192.168.12.13/27 gateway (spam filter) is provided by the ISP and is assigned a Public IP address as shown on the topology. Firewall internal (LAN) interface is assigned available IP of subnet5 address 7. The the first and the external/outer (WAN) interface is assigned the first available address of the Public IP address of the ext_subnet0 of 220.51.79.0/28 as shown in the topology Webserver (IIS) ANY diagram. This assignment is shown on not appear on this table. 8. Customers and Mobile workers have no specific IP addresses, could be anything. ANY ANY a VoiceThread Task 2 Using the information provided and the IP addresses as a lead, create firewall rule sets using the table provided below. This table uses descriptive terms rather than IP addresses and port numbers. firewall 1. The first inbound given as an example. 2. Add four more rules for reference to determine in: Tables 1, 2 and and upload MS Windows 2016 SQL Server Switch 1 SW1 Task 3: Translate the firewall rules into an ACL 192.168.12.15 192.168.12.14/27 Source it, After completing Phase 2, you network and no demilitarized or Prepare from phases 1 and 2 network (additional hardware, Phase 1 (30 points) you Voice Thread get credit. subnet0 and what Phase 2 (40 points) Useable IP Address Range firewall Inbound and outbound rules. Use the business process as a the protocols needed to create the rules. direction, cleanup rule is added at the table have to do anything on those. Source realize zone MS Windows 2016-IIS Webserver presentation will need to explain but you must give a corresponding ACL on how to do it the table below. Note: the Firewall changes new 192.168.12.15/27 ANY that (DMZ) irewall Ext. Interface 220.51.79.1/28 ACLs, why it ANY rule as well as the corresponding reciprocal outbound rule are Customers 3 completed may create for ACL ANY lasting you Email Gateway Spam Filter 220.51.79.15/28 ANY Destination Type of Traffic Webserver (IIS) HTTP/TCP ANY above is the firewall outer interface. Ext_subnet0 does the for the Destination 192.168.12.15 Broadcast Address 192.168.12.31 192.168.12.255 Phase 3 (30 points) Telecommuter Mobile Worker rows in table Customers Users Design by Ma valuable. rules into ACL that the SonicWall or any of the other the firewall rules from the table above and translate port numbers. the MC is putting itself at inside the network. no more would recommend etc). Your customers ANY HTTP/TCP ANY at the end of the rules' list rows Address Assignment All Servers Management ANY Sales Store Reserved for Kalamazoo Management Reserved for Kalamazoo Sales Type of HTTP/TCP Reserved for Kalamazoo ANY Store Reserved for Kalamazoo-to- Baltimore WAN connection HTTP/TCP = 80 than 10 minutes to table above (Task 3). first inbound and outbound rules is the basis to create the ACL entries. You may use credit for anything you download presentation. Each member of the team may any from risk because there is a You feel it is necessary Traffic = 80 Action Allow Deny Allow as described. You may fill them out on this a new document. Deny that describes implement a DMZ on not understand Action Allow Deny Allow Deny flat that you the results this what a media you wish in the the internet. must present part of the
Expert Answer:
Related Book For
Income Tax Fundamentals 2013
ISBN: 9781285586618
31st Edition
Authors: Gerald E. Whittenburg, Martha Altus Buller, Steven L Gill
Posted Date:
Students also viewed these computer network questions
-
Planning is one of the most important management functions in any business. A front office managers first step in planning should involve determine the departments goals. Planning also includes...
-
The Crazy Eddie fraud may appear smaller and gentler than the massive billion-dollar frauds exposed in recent times, such as Bernie Madoffs Ponzi scheme, frauds in the subprime mortgage market, the...
-
Consider the integral I = f(x) da where f(x) is the improper rational function (i) Use long division to rewrite f as the sum of a regular polynomial and a proper rational function. (ii) Factorise the...
-
Larkin Conglomerates plc owns a subsidiary company, Hughes Ltd, which sells office equipment. Recently, Larkin Conglomerates plc has been reconsidering its future strategy and has decided that Hughes...
-
The $5.7 billion energy-drink category, in which Monster holds the No. 2 position behind industry leader Red Bull, has slowed down as copycat brands jostle for shelf space. Over the past five years...
-
Prove that the intersection of convex sets is a convex set.
-
This makes no sense at all, said Bill Sharp, president of Essex Company. We sold the same number of units this year as we did last year, yet our profits have more than doubled. Who made the goofthe...
-
After traveling 30 miles, a boat moves at a linear speed. The Time (hours) Distance (miles) 0 30.00 table shows the relationship between time and distance. 1 38.25 How far, in miles, does the 2 46:50...
-
There is an array A made of N integers. Your task is to choose as many integers from A as possible so that, when they are put in ascending order, all of the differences between all pairs of...
-
The task is to calibrate a Resistance Temperature Device [RTD]. The RTD forms one leg of a Wheatstone bridge, and the RTD has the following parameters: Coefficient of resistance a = 0.00392+0.00005 C...
-
Looking Good manufactures and sells a variety of makeup and beauty products. The new CEO has asked for information about the estimated operations of the firm for next year. The CEO is given the...
-
Catagory Year 1 Pre-Launch R&D $600,000.00 Advertising $6,380,000.00 Trade Promotions $8,150,000.00 Units $5,887,704.27 Nature Price $4.45 Cost/Unit $3.63 6. For us to have a contribution margin of...
-
A-Determine if the system described by the i/o relationship y(t) = ex(t) is stable. (Take the input as x(t) = cos(t)) B-Find out if the system described by the i/o relationship y(t) = x() is causal....
-
Fei and Wei formed the FW Ltd. general partnership. Fei contributed a building and land with a FMV of $130,000 (building $100,000 and land $30,000), nonrecourse debt of $60,000, and a tax basis of...
-
During 20X4, Bowyer Company introduced a new product carrying a two-year warranty against defects. The estimated warranty costs related to dollar sales are 2% within 12 months following the sale and...
-
An oil company has a concession agreement with a host government of an oil field. The gross revenues, capital expenditures and operating expenditures are given in Table 2. The concession fiscal terms...
-
Which of the following statements is false? a. Capital leases are not commonly reported in a Capital Projects Fund. b. A governmental entity may report a Capital Project Fund in one year but not the...
-
Sally hires a maid to work in her home for $250 per month. The maid is 25 years old and not related to Sally. During 2012, the maid worked 10 months for Sally. a. What is the amount of Social...
-
Deborah purchases a new $30,000 car in 2012 to use exclusively in her business. If Deborah does not elect to expense or take bonus depreciation in 2012 and holds the car until it is fully...
-
Kent Pham, CPA, is a 45-year-old single taxpayer living at 169 Trendie Street, La Jolla, CA 92037. His Social Security number is 865-68-9635. In 2012, Kent's W-2 as the controller of a local...
-
A home security company located in Minneapolis, Minnesota, develops a summer ad campaign with the slogan When you leave for vacation, burglars leave for work. According to the city of Minneapolis,...
-
The time-series graph in Figure 24 depicts the number of residents in the United States living in poverty. Why might this graph be considered misrepresentative? Approach Look for any characteristics...
-
A national news organization developed the graphic shown in Figure 22 to illustrate the change in the highest marginal tax rate effective January 1, 2013. Why might this graph be considered...
Study smarter with the SolutionInn App