Problem 2 (75 ) ACL Configuration For this assignment, you are asked to implement a security policy, utilizing Cisco ACLs (Stateless packet filters), for a mid size company Consider the network topology and the security policy shown below to answer the following questions You are not required to implement the policy in GNS3 Only provide the access lists in a PDF document similar to what we have done in the AC case studies Security Policy P1 The company runs the following services web ( HTTP, HTTPS ), domain name service ( DNS ), mail exchange ( SMTP and IMAP ), file transfer ( FTP ), MySQL , and Print services The services are distributed as shown in the figure above P2 The web, DNS , and mail exchange services in DMZ can be accessed by local and external users (from the internet) P3 The Web and mail services in the DMZ will need to access MySQL DB in Utility to operate properly P4 SSH , Rlogin , and Network News Transfer ( NNTP ) protocols are commonly used by attackers to gain remote access They should be prohibited from outside the company or from DMZ to any of the internal subnets P5 Local users (in any of the internal subnets DMZ , R D , Development , and Utility ) can always access the internet freely P6 MySQL and FTP services in Utility can be accessed from local subnets , including the DMZ , but not from the internet P7 The MySQL service in Development is limited to Development use only (no one should be able to access it from outside Development) P8 SSH connections to Utility, DMZ , and the R D subnets are permitted only from local subnets, except DMZ as indicated in P3 P9 The ports 5950 6000 in the R D subnet can be accessed from one of the companys collaborators on the internet The collaborator IP address range is 65 5 113 0 24 (i e , connections to these ports should only be allowed if the source belongs to this range) b Define the access control lists (ACLs) required to enforce the security policy Again, no implementation in GNS3 is required I only need the ACLs in a PDF document Make sure you clearly specify the router, interface, and the direction (similar to what we have done in the case studies) You can use the following template You are not required to use Cisco syntax, but feel free to do so You can use the subnet name (e g , DMZ, R D, Dev, Utility, Internet) instead of the exact IP address wildcard mask of subnets Similarly, you can use the service name (HTTP, DNS, Rlogin, etc ) instead of the exact port number

The Answer is in the image, click to view ...

Question: Problem 2 (75%): ACL Configuration For this assignment, you are asked to implement a security policy, utilizing Cisco ACLs (Stateless packet filters), for a mid-size

Problem 2 (75%): ACL Configuration

For this assignment, you are asked to implement a security policy, utilizing Cisco ACLs (Stateless packet filters), for a mid-size company. Consider the network topology and the security policy shown below to answer the following questions.

You are not required to implement the policy in GNS3. Only provide the access lists in a PDF document similar to what we have done in the AC case studies.

Security Policy

P1.	The company runs the following services: web (HTTP, HTTPS), domain name service (DNS), mail exchange (SMTP and IMAP), file transfer (FTP), MySQL, and Print services. The services are distributed as shown in the figure above.
P2.	The web, DNS, and mail exchange services in DMZ can be accessed by local and external users (from the internet).
P3.	The Web and mail services in the DMZ will need to access MySQL DB in Utility to operate properly.
P4.	SSH, Rlogin, and Network News Transfer (NNTP) protocols are commonly used by attackers to gain remote access. They should be prohibited from outside the company or from DMZ to any of the internal subnets.
P5.	Local users (in any of the internal subnets: DMZ, R&D, Development, and Utility) can always access the internet freely.
P6.	MySQL and FTP services in Utility can be accessed from local subnets, including the DMZ, but not from the internet.
P7.	The MySQL service in Development is limited to Development use only (no one should be able to access it from outside Development).

P8.

SSH connections to Utility, DMZ, and the R&D subnets are permitted only from local subnets,

except DMZ as indicated in P3.

P9.

The ports 5950-6000 in the R&D subnet can be accessed from one of the companys collaborators

on the internet. The collaborator IP address range is 65.5.113.0/24 (i.e., connections to these ports should only be allowed if the source belongs to this range).

b. Define the access control lists (ACLs) required to enforce the security policy.

Again, no implementation in GNS3 is required. I only need the ACLs in a PDF document.
Make sure you clearly specify the router, interface, and the direction (similar to what we have done in the case-studies). You can use the following template. You are not required to use Cisco syntax, but feel free to do so.

You can use the subnet name (e.g., DMZ, R&D, Dev, Utility, Internet) instead of the exact IP

address/wildcard mask of subnets. Similarly, you can use the service name (HTTP, DNS, Rlogin, etc.)

instead of the exact port number.

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

For this problem, you are asked to implement a security policy, utilizing Cisco ACLs (Stateless packet filters), for a mid-size company. Consider the network topology and the security policy shown...

Please i need help with this network security question It should be done on cisco packet tracer Consider the following topology diagram: IN-SERVER-Zone OUT-Zone 192.168.20.0/24 Intranet SERVER .254...

COMPLETE ALL THE QUESTIONS 1) Make a version of X.32[7] where the element type is a template argument. [10] ( 2.5) Given an Itor class like the one in X.32[8], consider how to provide iterators for...

Lab Task 4: Configure R1 for Inter-VLAN Roliting Configure the router on the Office 1 network to allow multiple VLANs to communicate on the network. Perform steps 14 on R1. 1 Enable GigabitEthernet...

I will like step by step solution to chapters 3 problems , chapter 4 problems, chapter 5 problems of the attached document. Thanks ACL Assignments The ACL software bundled with the textbook comes...

I will like answers to problems 3 , problem 4, problem 5 of the attached document. Thanks ACL Assignments The ACL software bundled with the textbook comes with a tutorial, which is a PDF file...

The following bubble-point, organic-liquid mixture at 1.4 atm is distilled by extractive distillation with the following phenol-rich solvent at 1.4 atm and at the same temperature as the main feed:...

A vehicle stream is interrupted and stopped by a flag-person. The traffic volume for the vehicle stream before the interruption is 1200veh/hr and the concentration is 100 veh/mi. Assume that the jam...

BE3.7 (LO 2, 3) Finley plc had income from continuing operations of 10,600,000 in 2025. During 2025, it disposed of its restaurant division at an after-tax loss of 189,000. Prior to disposal, the...

Changed conditions at the site may be used as an excuse for delay of performance, and the extension of time is recorded by issuing which one of the following documents?

b. How do they influence communication between U.S. Americans and people from other countries?

8. Explain the relationship among identity, stereotyping, and prejudice.

2. Stereotypes in Prime-Time TV. Watch four hours of television during the next week, preferably during evening hours when there are more commercials. Record the number of representatives of...