Objectives

In this lab, students will examine the following objectives.

Differentiate the use of IDS and IPS to detect network attacks.

Design a network with IDS/IPS.

Justify the use of IDS/IPS for a given network solution.

Scenario

A small company is using the topology shown below to secure its intranet while providing a less-secured environment to its eCommerce DMZ server. The company is concerned that firewalls are not enough to detect and prevent network attacks. Hence, deployment of sensors to intrusion detection systems (IDS) and/or intrusion prevention systems (IPS) are needed in the network. Your job is to provide recommendations, including a network design with IDS/IPS, that meet the companys requirements.

Initial Topology

Companys Requirements

Detect any malicious traffic entering the e-commerce server without performance penalty to traffic getting in the server from revenue-generating customers.

Stop any malicious traffic entering the human resources LAN (HR LAN).

Detect any malicious traffic entering the computer terminal in the marketing LAN (MKT LAN).

Stop any traffic entering the File Server in MKT LAN.

Deploy a centralized database and analysis console in the intranet to managing and monitoring both IDS and IPS sensors.

Note: RED text indicates the required questions to answer

Task 1Layout the New Network Design

#1. Paste below your new network design diagram.

Task 2IDS/IPS Recommendations

#2. Write an engineering specification document of at least 250 words (e.g., 1 page of full text, double space, and size 12) describing why your networks design meets each of the companys requirements. Justify how each recommendation addresses the companys needs.

Task 3Conclusions

#3. Describe in two paragraphs your learning experience in this lab.

Terminal HR LAN eCommerce DMZ Switch Database Internet Web ServerI Router Firewall Router Switch Firewall MKT LAN Terminal