mod 4

profilepaupol2004
N306CNT3003_Mod_4.docx.pdf
Home>Computer Science homework help>mod 4

Module 04 Course Project Template

Process

Using the latest version of your Network Diagram from your previous project submission, identify the security devices which are configured to support the business end user community, the backbone, and the data center. Find each of these security devices and for each device identify the optimal inspection role the device should be configured to use given its location within the network and the data that flows through it. Save the updated Network Diagram as a Visio Document.

Now that you have identified the suggested roles for the various security devices, concentrate on the security device that is on the perimeter of the end-user community.

Using the following Cisco CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide as a reference, create the commands necessary to configure this device with the following characteristics:

 A hostname of user-asa

 A domain name of userasa.local

 An enable password of P@ssw0rd with aes encryption

 A timezone setting to central timezone

 An automatic time update

 dns servers set to 8.8.8.8, 8.8.4.4

 Configure 3 Access Lists (Zones)

o - Inside (100)

o - Outside (0)

o - DMZ-SERVERS (50)  Management Access via SSH/VPN

Record all your commands in notepad. Once you have created the CLI commands to implement Firewall Security , launch PacketTracer (PT-2) in the ISOT Sandbox.

In PT-2 Add an “ASA 5505 Security Devices” into the display. Paste your CLI code into the command window for the ASA security device to test your configuration. Be sure to capture screen shots of the results.

This study source was downloaded by 100000762646252 from CourseHero.com on 10-29-2021 15:03:03 GMT -05:00

https://www.coursehero.com/file/59318262/N306CNT3003-Mod-4docx/

Th is

stu dy

re so

ur ce

w as

sh ar

ed v

ia C

ou rs

eH er

o. co

m

Body

1. Attach your updated Network Diagram.

This study source was downloaded by 100000762646252 from CourseHero.com on 10-29-2021 15:03:03 GMT -05:00

https://www.coursehero.com/file/59318262/N306CNT3003-Mod-4docx/

Th is

stu dy

re so

ur ce

w as

sh ar

ed v

ia C

ou rs

eH er

o. co

m

2. Provide your CLI configuration code.

enable config terminal hostname RT4 domain-name userasa.local enable password p@ssw0rd service password-encryption AES key config-key password-encryption old key: p#ssw0rd new key: P@ssw0rd Confirm Key: P@ssw0rd clock timezone CST -6 dns domain-look-up inside ethernet 0/0 dns server=group DefaultDMS name server 8.8.8.8 8.8.4.4 object network 172.16.0.0_24 subnet 172.16.0.0 255.255.255.0 object network 172.16.1.0_24 subnet 172.16.1.0 255.255.255.0 access-list 100 inside permit ip object 172.16.0.0_24 object 172.16.1.0_24 object network 172.16.2.0_24 subnet 172.16.2.0 255.255.255.0 object network 172.16.3.0_24 subnet 172.16.3.0 255.255.255.0 access-list 0 outside permit ip object 172.16.2.0_24 object 172.16.3.0_24 access-list inside_100 standard permit any any access-list OUTSIDE_INBOUND permit tcp any host 172.16.2.1 eq 23 access-group OUTSIDE_INBOUND in interface OUTSIDE access-list outside_0 permit any any access-list DMZ_50 permit www.testVPN.com crypto key generate rsa modulus 1024 write memory ssh 172.16.2.1 255.255.255.o inside ssh timeout 30 username rharrell password P@ssw0rd end

This study source was downloaded by 100000762646252 from CourseHero.com on 10-29-2021 15:03:03 GMT -05:00

https://www.coursehero.com/file/59318262/N306CNT3003-Mod-4docx/

Th is

stu dy

re so

ur ce

w as

sh ar

ed v

ia C

ou rs

eH er

o. co

m

3. Provide screenshots of your Packet-tracer results.

Executive Summary

The design that was implemented this week ensures unwanted traffic doesn’t get access into the company network. The only traffic coming into the network is from trusted sources. Setting up the ASA gave us the option to set up a hostname and password. Setting up the time zone and auto update for the clock will help in the case if a threat gains access you will have accurate time and date of the intrusion. The access list helps with allowing the correct people to access the network to be able to get to the information they seek. The SSH/VPN allows employees to access the network when away from the office.

This study source was downloaded by 100000762646252 from CourseHero.com on 10-29-2021 15:03:03 GMT -05:00

https://www.coursehero.com/file/59318262/N306CNT3003-Mod-4docx/

Th is

stu dy

re so

ur ce

w as

sh ar

ed v

ia C

ou rs

eH er

o. co

m

For this week, the Course Project week 04 stated:

In this next part of your course project, your manager has asked you to work with the network security team to implement a zone-based firewall with a DMZ, stateful inspection, and ACL packet filtering based upon security level.

During a PCS compliance audit, it was revealed that the Application Development team was operating on a public IP address range separate from the rest of the company. (Unknown to management, the application development team had convinced the previous network administrator that the public IP range was necessary for testing reasons when in fact it was because they didn’t want the company to monitor their downloading of pirated movies.)

Your manager asked you to review the design and implementation process and asked for recommendations to be made concerning which security devices should be configured to use stateful inspection versus stateless packet inspection as well as next gen firewall technologies.

Follow the process outlined in the Module 04 Course Project Template for your project and provide a response to the Body and Executive Summary sections of the template. Note: You should be working off the latest version of your Network Diagram from your previous project submission.

The grading rubric is as follows:

Module 04 Course Project – Business Firewall Solutions

Scoring Rubric:

Criteria Points

Attached updated Visio Document reflecting the changes to Network. 15/15

Provided CLI configuration code. 15/15

Provided screenshots of Packet-tracer results. 10/10

Executive Summary and Recommendations 10/10

This study source was downloaded by 100000762646252 from CourseHero.com on 10-29-2021 15:03:03 GMT -05:00

https://www.coursehero.com/file/59318262/N306CNT3003-Mod-4docx/

Th is

stu dy

re so

ur ce

w as

sh ar

ed v

ia C

ou rs

eH er

o. co

m

Total 50/50

This study source was downloaded by 100000762646252 from CourseHero.com on 10-29-2021 15:03:03 GMT -05:00

https://www.coursehero.com/file/59318262/N306CNT3003-Mod-4docx/

Th is

stu dy

re so

ur ce

w as

sh ar

ed v

ia C

ou rs

eH er

o. co

m

Powered by TCPDF (www.tcpdf.org)