Micro Computers (MC), is a small computer retail shop that sells computers and computer accessories to its customers in the Balitmore area. I am employed by MC, the company's security policy. The primary purpose of the securitypolicy is to develop a firewall-based network security solution for MC's network. There are 80employees working in different roles ranging from sales to senior manager. MC has thefollowing departments: Sales/Marketing, Store, Management where the accountingdepartment is also hosted. The departments communicate internally within MC network andwith the outside world via the internet regarding the operations and transactions related to thebusiness processes.

Technical Environment 1. The company has a Microsoft Active Directory environment (Windows 2016+ servers, Windows 10 workstations & laptops, MS Office applications). Internal servers include Microsoft Active Directory Services (File/Print/DNS as part of AD), MS Terminal Services, MS Exchange (email), MS SQL (database) server, and MS IIS (Internet Information Services) for a Webserver. 2. There is an external e-mail spam filter appliance as the public point of presence provided by ISP, which forwards mail to the internal mail server. Outside e-mail users can't send e-mail messages directly to the different departments and must go via spam filter. 3. All employees are authorized telecommuters (mobile workers), who access the Terminal Server from their homes as well as company provided laptops when traveling. Remote workers include system administrators who work remotely and can connect to the internal network critical services via the internet, but this doesn't include remote access to the MS SQL Server. 4. The sales and customer service departments use a CRM (customer relations management) application through a web portal which uses data on the MS SQL server. Internally, the Sales' associates have no direct access to the SQL Server, but only the database manager can do so.

5. Data related to computers and peripherals is stored on the MS SQL Server that interfaces with the MS IIS (Web Server). This means that customers can only search products via the Web Server using their local browsers. 6. The Webserver hosts a public website for searches and viewing products as well as a "business to business" and regular customer's e-commerce site, meaning it allows customers to securely log in, place orders, and review their account. The e-commerce site, running from the Webserver, accesses (interfaces with) the SQL server for customer, inventory, and pricing information. 7. The company operates a "flat" network, meaning all internal devices share the same LAN with the same subnet mask. 8. All switches are configured and operational, and don't have to be concerned about them. This applies also to all servers as they are configured and fully functional. 9. The placement of the firewall in the topology follows the "Bastion Host" model. 10. The firewall is not configured and must be configured at the start with device initial/base configuration plan which is going to be one of your first steps in deployment stage. 11. The firewall that is used in the topology is Dell SonicWall TZ-300 model which has three types of link interfaces LAN (4 ports), WAN, and DMZ. Summary of your team's tasks Your team will provide inputs to the MC management in three phases; each phase will take 1 week. At the end of each week, I am to submit my results to the MC management. Phase 0 is to set up your teams. I will work in teams of 2-3. Phase 1 will be a firewall policy. Phase 2 will be a subnetting table and the needed firewall rules. Phase 3 will be a presentation (using VoiceThread) describing your solution and any recommendations you may have. Explore and research the operations that relate to MC's business process and based on your finding develop a firewall policy that is going to serves as the basis for creating the firewall rule sets. The firewall policy should also capture enforcement andmeasures in the case of policy violations.

please provide the source of the template. Task 1: Complete the IPv4 addressing plan for the 4 subnets in the diagram Task 2: Create Firewall Rules using descriptive terms Task 3: Create Firewall Rules using IP addresses and port numbers Task 1: IPv4 Addressing Plan (Scheme) for MC

As part of your task to implement a secure network, you must have a plan for your IP addressing scheme and apply the IP addressing in a professional manner. For this purpose, you are given a base IP address of 192.168.12.0/24 that you must subnet for the network segments separated by layer 3 switches though the switches currently operate as layer

2. These can beconfigured potentially as layer 3 in the future with VLANs and VLAN switch trunking to increasenetwork efficiency. Don't worry about VLANs for now. Subnetting Requirements: 1. The base IP address given, 192.168.12.0/24, must be subnetted to allow a maximum of only 30 useable host addresses per network segment separated by the switches. 2. The first subnet (subnet0) must be used by the critical devices: the IP address assignments for the servers are shown in the topology. This has been done for you already. 3. The next available subnet (Subnet1) is assigned to the management subnet, the third subnet (subnet 2) to Sales and the fourth (subnet3) to the Store department. The rest of

the IP address assignments are shown on the table below, but you must complete the remaining of the table. 4. Except for those devices/servers for which IP assignment is shown, the first available address in each subnet is kept aside for an intermediary or a critical device such as routers, firewall or even servers. Though the switches currently are used as layer 2 devices, reserve the first available and useable address in each subnet for the switch's administrative/default VLAN. 5. A table is given to help you plan the addressing scheme and you must complete the table to create the inventory of your IP addresses. You may use a subnetting calculator or other tool to verify your table

Note: MC is planning to open a branch office in Kalamazoo, MI next year, so subnets 4-7 are reserved for the new office. They are not needed for this exercise but you need to leave the IP addresses for those subnets available for the new office. 6. The e-mail gateway (spam filter) is provided by the ISP and is assigned a Public IP address as shown on the topology. 7. The Firewall internal (LAN) interface is assigned the first available IP of subnet5 address and the external/outer (WAN) interface is assigned the first available address of the Public IP address of the ext_subnet0 of 220.51.79.0/28 as shown in the topology diagram. This assignment is shown on the firewall outer interface. Ext_subnet0 does not appear on this table.

8. Customers and Mobile workers have no specific IP addresses, could be anything. Task 2 Using the information provided and the IP addresses as a lead, create firewall rule sets using the table provided below. This table uses descriptive terms rather than IP addresses and port numbers. 1. The first inbound firewall rule as well as the corresponding reciprocal outbound rule are given as an example. 2. Add four more rules for Inbound and outbound rules. Use the business process as a reference to determine the protocols needed to create the rules. 3. For each direction, cleanup rule is added at the table at the end of the rules' list rows and you don't have to do anything on those. Direction Source Destination Type of Traffic Action Inbound Customers Webserver (IIS) HTTP/TCP Allow Inbound ANY ANY ANY Deny Outbound Webserver (IIS) Customers HTTP/TCP Allow Outbound ANY ANY ANY Deny Table 2: Firewall Rules (descriptive) Task 3: Translate the firewall rules into an ACL It is time to turn (translate) the firewall rules into ACL that the SonicWall or any of the other firewall devices understand better. Take the firewall rules from the table above and translate them into an ACL using IP addresses and port numbers. 1. provide a corresponding ACL for the rows in the table above (Task 3). 2. To show the way on how to do it the ACL for the first inbound and outbound rules is provided in the table below.

Inbound ANY 192.168.12.15 HTTP/TCP = 80 Allow Inbound ANY ANY ANY Deny Outbound 192.168.12.15 ANY HTTP/TCP = 80 Allow Outbound ANY ANY ANY Deny