B 5. File Home Insert Page Layout Formulas Datal Arial 10 AA = Paste BIU- Clipboard Font 2 Alignment OA G Number Copy of generic_rules_templatehh1 [Compatibility Mode] - Excel Review View D General S-% Tell me what you want to do... Conditional Formatting Sign in Insert Delete Cell Styles Format Styles Cells Editing Format as Table- C C14 x fx A B C 19 12345678023ALLTOPA2222 1 Rule # 1 SRC IP 192.168.1/24 SRC Port any 9 11 10 23456789072 192.168.1/001 10.57.1.0/24 80,443,22 10.57.1.3 80,443,22 any 10.57.1.3 80,443 10.57.1.3 10.57.1.3 10.57.1.0/24 22 80,443,22 any D DSTIP 10.57.1.0/24 allow 10.57.1.0/24 any deny 192.168.1.200 80,443,22 allow 192.168.1.200 80,443,22 allow 192.168.1.200 80,443 allow 192.168.1.001 192.168.1.121 80,443,22 allow Y 192.168.1.121 any allow E F G H DST Port Action Log Description any N Trusted egress traff tp internet Y Trusted interface no access to the internet N Ingress internet traffic to HTTPS server Y Ingress internet traffic to HTTPS server Z> N 22 allow Y gives the internet firewall External admin connects to internal interface trusted interface access the pop3 Y access to FTP server any any any any deny N cleanup rule 10.57.1.0/24 any 10.57.1.0/24 any deny y IP addy spoof attack 11 192.168.1.0/24 any 192.168.1.255 any deny y DOS/DDOS attack vector 12 10.57.1.3 0.8 10.57.1.004 0.8 allow y Admin privlage Gel + K 2:29 2 LTE Module 05, 06 Lab creating_rul... 2. Open the Generic Rules Template in Excel: -The Action column settings are: Allow, Block, or Reject. -The Log column settings are: Yes or No 3. Using this template, answer the following questions (be sure to include your name on the Generic Rules Template): Create a rule that allows all hosts in the Private network to access any hosts in the Public network; Create a rule that prevents the firewall system from accessing the Public network; Create a rule that allows any host in the Public network to access the HTTP server in the Private network; Create a rule that allows your Firewall Admin PC (using 10.57.1.3) in the Public network to access the HTTPS server in the Private network; Create a rule that allows your Firewall Admin PC (using 10.57.1.3) in the Public network to access the firewall in the Private network via the WebGUI; Create a rule that allows your Firewall Admin PC (using 10.57.1.3) in the Public network to access the firewall in the Private network via SSH; Create a rule that allows your Firewall Admin PC (using 10.57.1.3) in the Public network to access the POP3 server in the Private network; Create a rule that allows any host in the Public network to access the FTP server in the private network; Create a cleanup rule Create a rule that prevents traffic from entering the Private network with a source IP address equal to the Private network's ID; Create a rule that prevents traffic from entering the Private network with a destination IP address equal to the Private network's broadcast address; and Create a rule that allows your Firewall Admin PC (using 10.57.1.3) in the Public network to ping the external interface on the firewall AND get a reply back. + Using the same Template, order your rules for optimal firewall performance (you must decide on what protocols you think will be most/least used in the Class and Labs networks and be able to defend your decisions). s. Examine your ruleset. Identify any rules (by number) that pose a security risk. Goal of Lab The goal of this lab is to give you practice designing a firewall ruleset. Objectives After completing this lab, you will be able to: .Create a firewall ruleset; .Describe the firewall ruleset processing logic; . Order your rules for optimal firewall performance; .Identify potential mistakes in rulesets; and Troubleshoot rulesets. Description In this assignment, you will write your own set of rules for packet filtering. Use the following network characteristics when writing your rules: Private Network ID (Lab Network): 192.168.1.0/24 Public Network ID (Class Network): 10.57.1.0/24 Internal Firewall IP: 192.168.1.xxx (where xxx = your firewall's internally assigned IP address) External Firewall IP: 10.57.1.xxx (where xxx = your firewall's externally assigned IP address) .Internal POP3 and FTP server IP: 192.168.1.xx (where xx = your Win2K3 server's internal IP address) .Internal HTTP, HTTPS and SSH server IP: 192.168.1.xx (where xx your RH9 server's internal IP address) .Internal SMTP server IP: 192.168.1.25 Internal Primary DNS Server IP: 192.168.1.253 External Primary DNS Server IP: 10.21.33.6 External Secondary DNS Server IP: 10.51.11.5 Activity 1. Download and save the Generic Rules Template (Excel) file located in Blackboard to your hard drive. 2. Open the Generic Rules Template in Excel: -The Action column settings are: Allow, Block, or Reject. -The Log column settings are: Yes or No 3. Using this template, answer the following questions (be sure to include your name on the Generic Rules Template): Create a rule that allows all hosts in the Private network to access any hosts in the Public network; b. Create a rule that prevents the firewall system from accessing the Public network; Create a rule that allows any host in the Public network to access the HTTP server in the Private network;