Skip to main content

Explain network security issues and develop a comprehensive network security policy to counter threats against information security

By

 ITNE2005

Develop a security Infrastructure for a Medium-Size Network
Assignment
Objective(s)
This assessment item relates to the unit learning outcomes as in the unit descriptor. This assessment is designed to evaluate student’s ability on working with the routers, firewalls and VPN tunnels and adopting those technologies in enterprise level networks.
The following ULOs are assessed in this assent assessment.
LO 1
Explain network security issues and develop a comprehensive network security policy to counter threats against information security
LO 2
Analyse and configure routers on the network perimeter with router software security features
LO 3
Evaluate and configure firewall protocols and features to perform basic security operations on a network
LO 4
Critically review the enterprise network requirements and configure site-to-site virtual private networks using standard router software features
LO 5
Analyse the enterprise security requirements and configure intrusion prevention systems on network routers
LO 6
Monitor network traffic and implement security policies to control access, resist attacks, and protect network devices
INSTRUCTIONS
These instructions apply to Assignment
Assignment (Weightage 20%) – The report should be uploaded on the LMS by Session 12
Demonstration: Due on Lesson 12 in class
This Assignment will focus on student’s ability to work on an enterprise level network and handle network devices. Upon the implementation of the network, student should produce a comprehensive report, which includes screenshots of entering configuration commands and brief explanation of the screenshots. The devices should be named with the respective student ID
If any third-party content is used. The citation of sources is mandatory and should follow IEEE style.
What to Submit.
Submit your report to the Moodle drop-box for Assignment. Note that incidents of plagiarism will be penalized.
Please Note: All work is due by the due date and time. Late submissions will be penalized at the rate of 10% per day including weekends.
Assignment Description:
Figure 1: Network Topology
Note: Integrated Services Routers (ISR) have Fast Ethernet interfaces instead of Gigabit Ethernet interfaces.
Addressing Table
Device Interface IP Address Subnet Mask Default Gateway Switch Port
R1-S0000 F0/0 209.165.200.225 255.255.255.248 N/A ASA G0/0
S0/0 (DCE) 10.1.1.1 255.255.255.252 N/A N/A
Loopback 1 172.20.1.1 255.255.255.0 N/A N/A
R2-S0000 S0/0 10.1.1.2 255.255.255.252 N/A N/A
S0/1 (DCE) 10.2.2.2 255.255.255.252 N/A N/A
R3-S0000 F0/1 172.16.3.1 255.255.255.0 N/A S3 G0/0
S0/0 10.2.2.1 255.255.255.252 N/A N/A
S1-S0000 VLAN 1 192.168.2.11 255.255.255.0 192.168.2.1 N/A
S2-S0000 VLAN 1 192.168.1.11 255.255.255.0 192.168.1.1 N/A
S3-S0000 VLAN 1 172.16.3.11 255.255.255.0 172.16.3.1 N/A
ASA VLAN 1 (G0/1) 192.168.1.1 255.255.255.0 N/A S2 G0/0
VLAN 2 (G0/0) 209.165.200.226 255.255.255.248 N/A R1 F0/0
VLAN 3 (G0/2) 192.168.2.1 255.255.255.0 N/A S1 G0/0
PC-A NIC 192.168.2.3 255.255.255.0 192.168.2.1 S1 G0/1
PC-B NIC 192.168.1.3 255.255.255.0 192.168.1.1 S2 G0/1
PC-C NIC 172.16.3.3 255.255.255.0 172.16.3.1 S3 G0/1
In this Assignment you are required to complete all the following parts:
Task 1: Configure Basic Device Settings:
• Configure host names as shown in the topology plus your student ID.
• Configure interface IP addresses as shown in the IP Addressing Table.
• Configure static and dynamic routing
Task 2: Configure Secure Router Administrative Access
• Configure encrypted passwords and a login banner.
• Configure the EXEC timeout value on console and VTY lines.
• Configure login failure rates and VTY login enhancements.
• Configure Secure Shell (SSH) access and disable Telnet.
• Configure local authentication, authorization, and accounting (AAA) user authentication.
• Secure the router against login attacks and secure the IOS image and the configuration file.
• Configure a router NTP server and router NTP clients.
• Configure router syslog reporting and a syslog server on a local host.
Task 3: Configure a Zone-Based Policy Firewall and Intrusion Prevention System
• Configure a Zone-Based Policy Firewall (ZPF) on an R3 using the CLI.
• Configure an intrusion prevention system (IPS) on an R3 using the CLI.
Task 4: Secure Network Switches
• Configure passwords and a login banner.
• Configure management VLAN access.
• Secure access ports.
• Protect against Spanning Tree Protocol (STP) attacks.
• Configure port security and disable unused ports.
Task 5: Configure ASA Basic Settings and Firewall
• Configure basic settings, passwords, date, and time.
• Configure the inside and outside VLAN interfaces.
• Configure port address translation (PAT) for the inside network.
• Configure a Dynamic Host Configuration Protocol (DHCP) server for the inside network.
• Configure administrative access via Telnet and SSH.
• Configure a static default route for the Adaptive Security Appliance (ASA).
• Configure Local AAA user authentication.
• Configure a DMZ with a static NAT and ACL.
• Verify address translation and firewall functionality.
Task 6: Configure a DMZ, Static NAT, and ACLs on an ASA
• Configure static NAT to the DMZ server using a network object.
• View the DMZ Access Rule (ACL) generated by ASDM.
• Test access to the DMZ server from the outside network.
Task 7: Configure ASA Clientless SSL VPN Remote Access Using ASDM
• Configure a remote access SSL VPN using the Cisco Adaptive Security Device Manager (ASDM).
• Verify SSL VPN access to the portal.
Task 8: Configure a Site-to-Site VPN between the ASA and R3
• Configure an IPsec site-to-site VPN between the ASA and R3-S0000 using ASDM and the CLI.
• Activate and verify the IPsec site-to-site VPN tunnel between the ASA and R3.
Upon Completion of the above configuration tasks, you have been asked to draft a Policy on using of VPN by telecommuters. The policy should include the following sections:
1. Objectives 3. Audience 5. Exceptions
2. Purpose 4. Policy 6. Violations
NOTE: To complete the Assignment, refer to Assignment Supplementary Document.
Marking Guide: 100 Marks
Please note that the Assignment will contribute towards 20% of the final grade.
Task Description Marks
Final Report 80
Report Layout The report style, language and structure should be appropriate. All screenshots and descriptions need to be compiled and in a single final report and any given suggestions need to be incorporated.
The report must contain
i. Cover page with Unit Code, Unit Name and Student ID
ii. Table of Contents
iii. Introduction iv. Technical Discussion
v. Policy Document on using of VPN by telecommuters
vi. Critical Analysis
vii. Conclusion 5
Introduction The introduction should include purpose of the report, sections covered which should convince the reader that the report is worth reading. Word count limit - 125 words
4
Technical
Discussion
This section should include the configurations done in the virtualized network environment. You should break down this section into eight tasks and include at least 6 screen shots from each of these tasks and a brief description
i. Task 1: Configure Basic Device Settings: ii. Task 2: Configure Secure Router Administrative Access
iii. Task 3: Configure a Zone-Based Policy Firewall and Intrusion
Prevention System iv. Task 4: Secure Network Switches
v. Task 5: Configure ASA Basic Settings and Firewall
vi. Task 6: Configure a DMZ, Static NAT, and ACLs on an ASA
vii. Task 7: Configure ASA Clientless SSL VPN Remote Access Using
ASDM
viii. Task 8: Configure a Site-to-Site VPN between the ASA and ISR 45
5
5
5
5
5
5
5
10
Policy Document on using of VPN by
telecommuters
The policy should comprehensively cover all the aspects related to connecting to an enterprise network by a telecommuter 10
Critical Analysis The students are required to provide a critical analysis of the deployed network considering:
a) Confidentiality 10
b) Integrity
c) Availability
d) Performance
e) Scalability
Conclusion Summarize your findings. Word count limit - 125 words
4
References Should follow IEEE style.
2
Demonstration
In class
demonstration – 10 mins The students are required to demonstrate in class, during Lesson 12 20

Comments

Post a Comment

Popular posts from this blog

Starting with this provided code, add the following functionality

By
1.Starting with this provided code, add the following functionality: Replace hardcoded strings “Zero”, “One”, “Two”, “Three” in the ArrayList based on user typed input (use Scanner or JOptionPane classes). The user will be prompted for the String to be stored in the ArrayList and then hit enter. The user will be able to continue to add items to the ArrayList until they just hit enter without typing anything. Once the user does this (hits enter without typing anything), the program will display all of the elements of the ArrayList, both the index and String values, in a table. It will do this via a single loop making use of an iterator method. 2. Starting with this provided code, add the following functionality: Use a Try/Catch block so that the exception is caught and the program exits a bit more gracefully. Save this file as TryCatch.java. (Be sure to rename the Public Class accordingly.) Starting with the provided code again (without the Try/Catch block), fix the code so that
2 comments
Read more

Josie Eskander

By
  Question 1: Task 1: Report Assume you are Josie Eskander. You are writing in response to techno trading P/L’s advertisement of a new laptop at 20% below normal price. You want information on brand name, availability of service and repairs, delivery times and methods of payment. Write the letter using the seven basic parts of the letter. In the opening paragraph present a clear and courteous request. Secondly write a response from techno trading giving details and proposing the sale. Provide draft of both emails in the space below. Question 2: Task 2: Report In pairs, nominate a good and a bad letter writer. Discuss the key differences. Write a good/bad letter from techno training to Alex Antonov accepting/declining his proposal to invest in the business Question 3: Task 3: Report Write a letter from techno trading p/l to a new client ‘new realities p/l’ urging them to buy techno new virtual reality software. Make a strong argument for the product. Question 4: Task 4: Report Write a l
Post a Comment
Read more

Sandra Coke is vice president for research and development at Great Lakes Foods (GLF), a large snack food company that has approximately 1,000 employees

By
Chapter 2 I Trait Approach 33 CASE 2.1 Choosing a New Director of Research Sandra Coke is vice president for research and development at Great Lakes Foods (GLF), a large snack food company that has approximately 1,000 employees. As a result of a recent reorganization, Sandra must choose the new director of research. The director will report directly to Sandra and will be responsible for developing and testing new products. The research division of GLF employs about 200 people. The choice of directors is important because Sandra is receiving pressure from the president and board of GLF to improve the company's overall growth and productivity. Sandra has identified three candidates for the position. Each candidate is at the same managerial level. She is having difficulty choosing one of them because each has very strong credentials. Alexa Smith is a longtime employee of GLF who started part-time in the mailroom while in high school. After finishing school, Alexa worked in as many as
2 comments
Read more