Question
Consider the network diagram of Figure 1, and the IP addresses of specific hosts in Table 1. Figure 1: Network diagram Table 1: Host IP
Consider the network diagram of Figure 1, and the IP addresses of specific hosts in Table 1.
Figure 1: Network diagram
Table 1: Host IP addreses
| Host | IP address |
| DMZ web server | 192.168.1.2 |
| DMZ email server | 192.168.1.3 |
| DMZ DNS server | 192.168.1.4 |
| Internal MySQL server | 192.168.2.2 |
| Internal WSUS server | 192.168.2.3 |
Implement policies on the internal and external firewalls such that:
a-The PCs and printers can reach the DMZ for web (standard and https), email, and DNS services.
b-The PCs and printers can reach the Internet.
c-The internal servers can reach the DMZ for DNS services.
d-The externally accessible web server can reach the internal MySQL server
e-Hosts on the internet can reach the DMZ for web, email, and DNS services
f-Of the internal servers, only the WSUS internal server can reach the internet.
g-None of the DMZ servers should be able to reach the Internet.
h-Nothing else should be permitted
In the policy field, reference one of the policies (a-h) that you are addressing. You may need more or less rows to create the rules. You will need to look up what ports are used by services (i.e. HTTP, HTTPS, DNS, POP, IMAP, SMTP, MySQL, etc.)
Table 2: Internal Firewall rules, internal-facing port
| Source IP | Source port | Dest. IP | Dest. Port | Action | policy |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Table 3: Internal Firewall rules, DMZ-facing port.
| Source IP | Source port | Dest. IP | Dest. Port | Action | Policy |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Table 4: External Firewall rules, DMZ-facing port
| Source IP | Source port | Dest. IP | Dest. Port | Action | Policy |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Table 4: External Firewall rules, external-facing port
| Source IP | Source port | Dest. IP | Dest. Port | Action | Policy |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Imagine that the situation of question 7 had changed, and the system administrators wanted to protect the internal servers from malicious internal traffic. How could the design be altered so that internal hosts could only access CIFS, and DHCP on the internal servers?
- Imagine again the situation of question 7 had changed, and the system administrators wanted their own internal network on 192.168.4.0/24 that had full access to the DMZ machines (for remote login, remote desktop, etc). What firewall and port would need new rules? What would that rule look like?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Neo4j Data Modeling
Authors: Steve Hoberman ,David Fauth
1st Edition
1634621913, 978-1634621915
