As a new information security practitioner at Conglom-O Corporation, the CEO sends you an e-mail:

Hey My Favorite Free Program Recommending Person:

We have a bit of a situation here that is critical to the future of the company. I just bought a subscription to a new service to stream my cable box from my house to my work desktop and it's not working. I talked to the cable company and they said that there is a fire wall that is blocking me:

----

Mr. Moneybags:

As discussed, you need to open your firewall on TCP port 8080 from your desktop to our servers on Amazon US-EAST-1 located in 18.208.0.0/13. Once this is complete your streaming service should work.

Sincerely

Cable Streaming Service Support

----

This technical mumbo jumbo makes no sense to me and when I asked our IT group, they said they needed a consultant since I laid off the firewall department. So I had the brilliant idea that you could do it since you made those crackerjack recommendations for those free programs a few weeks ago.

The IT group sent me our firewall settings and I've attached them below, please fix it so I can start catching Bruins games from the office. Also, please review those settings on there to make sure we're not doing anything that could make us lose money

Auf Wiedersehen,

Bob Moneybags, CEO

Please review the both tabs of the firewall settings attached below and complete the following tasks:

Fix Mr. Moneybags problem (Hint: Use the outbound ruleset)

Remove any dangerous rules, per Conglom-O Corporation policy dangerous rules are

Rules that allow hosts with access to all destinations on all ports

Rules that allow use of Echo (tcp/7) or telnet (tcp/23)

Rules that allow hosts from the Internet accessing the Internal LAN

Please write up a summary for Mr. Moneybags discussing:

Where you would add his rule and why?

What rules would you remove and why?

Conglom-O Corporation Outbound Firewall Ruleset Comment Rule # Source Address Source port Destination Destination Actio Address Port Allow Allow Allow 10.10.10.0/24 Desktops HTTP to Internet Desktops HTTPS to Internet Desktops SSH to DMZ DesktopS SMTP to DMZ Temp for Bob -8/17/2014 Back End HTTPS Call for Web Desktops POP3 to DMZ Remote Admin for old Avocent Deny telnet per polic Service Discovery en 2 Any 443 172.16.0.0/24 4 5 6 172.16.0.0/24 10.10.10.10 10.10.10.12 172.16.0.0/24 25 Allow Allow llky Allow 10.10.10.12 172.16.0.100 443 110 23 23 10.0/24 10.10.10.0/24 Any 10.10.10.0/24 Any Any Any 100 Allow An Conglom-O Corporation Outbound Firewall Ruleset Comment Rule # Source Address Source port Destination Destination Actio Address Port Allow Allow Allow 10.10.10.0/24 Desktops HTTP to Internet Desktops HTTPS to Internet Desktops SSH to DMZ DesktopS SMTP to DMZ Temp for Bob -8/17/2014 Back End HTTPS Call for Web Desktops POP3 to DMZ Remote Admin for old Avocent Deny telnet per polic Service Discovery en 2 Any 443 172.16.0.0/24 4 5 6 172.16.0.0/24 10.10.10.10 10.10.10.12 172.16.0.0/24 25 Allow Allow llky Allow 10.10.10.12 172.16.0.100 443 110 23 23 10.0/24 10.10.10.0/24 Any 10.10.10.0/24 Any Any Any 100 Allow An