Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Design the dual firewall system for the below-mentioned requirements. There is a DMZ network (10.10.0.0/24) running the email server (10.10.0.30/32), Web server (10.10.0.20/32), and FTP

Design the dual firewall system for the below-mentioned requirements. There is a DMZ network (10.10.0.0/24) running the email server (10.10.0.30/32), Web server (10.10.0.20/32), and FTP server (10.10.0.80/32)

The internal network has an IP in the range of 172.24.2.0/26. There is a special host in the internal network running an application that would be disastrous if it is compromised. The special system having the IP 172.24.2.25/32 would be disastrous if it was compromised.

Apart from providing NAT services and Packet Filtering, the first firewall (part of the dual configuration) acts as a Web and FTP Proxy server. This first firewall is connected to the Internet via 200.27.27.10/25 and to the DMZ via 10.10.0.10/32.

The second firewall is used to filter traffic between the internal network and the DMZ. It is connected via 10.10.0.254/24 to the DMZ and via 172.24.2.54/32 to the internal network.

The security policy requirements used to configure the firewalls are outlined as follows.

Web server contains public information that is accessible to Internet users and it also provides secure online login functionality using SSL/TLS. The internal users are also allowed to access all WWW services; however, they are allowed to access the Internet (WWW and FTP services) only via the proxy located on the first firewall via port 3129.

The special host in the internal network has a special host (172.24.2.25/32) which has complete access to any host and any services without using proxy services configured in the first firewall system. The remaining internal hosts must go via proxy on first firewall. The security policy requirements also dictate the e-mail server to receive from and send messages to hosts on the Internet and the internal users; however, these internal users are to retrieve their messages via IMAP.

Any other service which is not explicitly outlined in the security policy should be restricted from the network.

  1. Provide a network layout (network diagram) showing all the components of the network including both firewalls, the email and web servers, the DMZ, and all the internal hosts (Note that you should draw all the internal hosts. The number of internal hosts can be found from the internal network address given above). Ensure you label all hosts (servers, internal computers, and firewalls) with appropriate names and write the IP addresses for each network interface
  2. You are required to develop two sets of rules for the dual firewall. One will process traffic traveling between the Internet to the DMZ and Intranet. The other will process traffic traveling between the Intranet and the DMZ. You need to also explain what each rule does. You should complete the following four (4) tables.
    • Internet Rules (Firewall 1)
    • Internet Rules Explanations (Firewall 1)
    • Intranet / DMZ rules (Firewall 2)
    • Intranet/DMZ Rule Explanations (Firewall 2)
  3. After facing the threat you finally realize that your organization needs IDPS system. Use part A and point out at which point you deploy IDS and how (draw figure)

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Database Design Using Entity Relationship Diagrams

Authors: Sikha Saha Bagui, Richard Walsh Earp

3rd Edition

103201718X, 978-1032017181

More Books

Students also viewed these Databases questions

Question

2. What role should job descriptions play in training at Apex?

Answered: 1 week ago

Question

When is it appropriate to use a root cause analysis

Answered: 1 week ago