Question
Objective(s) This assessment item relates to the unit learning outcomes as in the unit descriptor. This assessment is designed to evaluate students ability on working
Objective(s) This assessment item relates to the unit learning outcomes as in the unit descriptor. This assessment is designed to evaluate students ability on working with the routers, firewalls and VPN tunnels and adopting those technologies in enterprise level networks. The following ULOs are assessed in this assent assessment. LO 1 Explain network security issues and develop a comprehensive network security policy to counter threats against information security LO 2 Analyse and configure routers on the network perimeter with router software security features LO 3 Evaluate and configure firewall protocols and features to perform basic security operations on a network LO 4 Critically review the enterprise network requirements and configure site-to-site virtual private networks using standard router software features LO 5 Analyse the enterprise security requirements and configure intrusion prevention systems on network routers LO 6 Monitor network traffic and implement security policies to control access, resist attacks, and protect network devices INSTRUCTIONS These instructions apply to Assignment Assignment (Weightage 20%) The report should be uploaded on the LMS by Session 12 Demonstration: Due on Lesson 12 in class This Assignment will focus on students ability to work on an enterprise level network and handle network devices. Upon the implementation of the network, student should produce a comprehensive report, which includesscreenshots of entering configuration commands and brief explanation of the screenshots. The devices should be named with the respective student ID If any third-party content is used. The citation of sources is mandatory and should follow IEEE style. What to Submit. Submit your report to the Moodle drop-box for Assignment. Note that incidents of plagiarism will be penalized. Please Note: All work is due by the due date and time. Late submissions will be penalized at the rate of 10% per day including weekends. ITNE2005 Assignment Copyright 2015-2018 VIT, All Rights Reserved. 3 Assignment Description: Figure 1: Network Topology Note: Integrated Services Routers (ISR) have Fast Ethernet interfaces instead of Gigabit Ethernet interfaces. Addressing Table Device Interface IP Address Subnet Mask Default Gateway Switch Port R1-S0000 F0/0 209.165.200.225 255.255.255.248 N/A ASA G0/0 S0/0 (DCE) 10.1.1.1 255.255.255.252 N/A N/A Loopback 1 172.20.1.1 255.255.255.0 N/A N/A R2-S0000 S0/0 10.1.1.2 255.255.255.252 N/A N/A S0/1 (DCE) 10.2.2.2 255.255.255.252 N/A N/A R3-S0000 F0/1 172.16.3.1 255.255.255.0 N/A S3 G0/0 ITNE2005 Assignment Copyright 2015-2018 VIT, All Rights Reserved. 4 S0/0 10.2.2.1 255.255.255.252 N/A N/A S1-S0000 VLAN 1 192.168.2.11 255.255.255.0 192.168.2.1 N/A S2-S0000 VLAN 1 192.168.1.11 255.255.255.0 192.168.1.1 N/A S3-S0000 VLAN 1 172.16.3.11 255.255.255.0 172.16.3.1 N/A ASA VLAN 1 (G0/1) 192.168.1.1 255.255.255.0 N/A S2 G0/0 VLAN 2 (G0/0) 209.165.200.226 255.255.255.248 N/A R1 F0/0 VLAN 3 (G0/2) 192.168.2.1 255.255.255.0 N/A S1 G0/0 PC-A NIC 192.168.2.3 255.255.255.0 192.168.2.1 S1 G0/1 PC-B NIC 192.168.1.3 255.255.255.0 192.168.1.1 S2 G0/1 PC-C NIC 172.16.3.3 255.255.255.0 172.16.3.1 S3 G0/1 In this Assignment you are required to complete all the following parts: Task 1: Configure Basic Device Settings: Configure host names as shown in the topology plus your studentID. Configure interface IP addresses as shown in the IP Addressing Table. Configure static and dynamic routing Task 2: Configure Secure Router Administrative Access Configure encrypted passwords and a login banner. Configure the EXEC timeout value on console and VTY lines. Configure login failure rates and VTY login enhancements. Configure Secure Shell (SSH) access and disable Telnet. Configure local authentication, authorization, and accounting (AAA) user authentication. Secure the router against login attacks and secure the IOS image and the configuration file. Configure a router NTP server and router NTP clients. Configure router syslog reporting and a syslog server on a local host. Task 3: Configure a Zone-Based Policy Firewall and Intrusion PreventionSystem Configure a Zone-Based Policy Firewall (ZPF) on an R3 using the CLI. Configure an intrusion prevention system (IPS) on an R3 using the CLI. ITNE2005 Assignment Copyright 2015-2018 VIT, All Rights Reserved. 5 Task 4: Secure Network Switches Configure passwords and a login banner. Configure management VLAN access. Secure access ports. Protect against Spanning Tree Protocol (STP) attacks. Configure port security and disable unused ports. Task 5: Configure ASA Basic Settings and Firewall Configure basic settings, passwords, date, and time. Configure the inside and outside VLAN interfaces. Configure port address translation (PAT) for the inside network. Configure a Dynamic Host Configuration Protocol (DHCP) server for the inside network. Configure administrative access via Telnet and SSH. Configure a static default route for the Adaptive Security Appliance (ASA). Configure Local AAA user authentication. Configure a DMZ with a static NAT and ACL. Verify address translation and firewall functionality. Upon Completion of the above configuration tasks, you have been asked to draft a Policy on using of VPN by telecommuters. The policy should include the following sections: 1. Objectives 3. Audience 5. Exceptions 2. Purpose 4. Policy 6. Violations
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started